Let’s Talk About Digital Marketing & Analytics Ethics

All the world is made of faith, and trust, and privacy dust.

Data has been at the heart of what I do since 1986. Even my internship in computer science involved the discovery of patterns in healthcare data. Since I installed my first web server in 1991, I have pushed the envelope on countless projects involving websites, data and marketing.

I am worried… No… I’m literally scared.

I’m worried when those I consider to be the most knowledgeable in our field confidentially open up on their own fears. I’m shocked when I see those who should know the most about privacy are uneducated even if GDPR has been in effect for nearly 2 years and CCPA is around the corner. I’m scared when I see data leaks, unethical marketing and plain and deliberate malpractice such as claiming the use of the mobile device orientation and motion library for marketing purposes is “ethical because it doesn’t need to ask user permission”…

Marketing has always been about influence. But today’s marketing is about Big Data, machine learning and media oligarchy. Today’s marketing has become a game of manipulation and deceit to the point where we have rationalized privacy and data abuse.

Spending so many years deeply involved in what is really a great and fascinating discipline also exposed me to a fair share of unfulfilled promises and the spiralling thirst for more data.

Over the years, I pioneered the 1st “in situ” analytics debugger (WASP) to help analysts improve the quality of their data collection. I published the Digital Analytics Maturity Model to help organizations become more data informed. I introduced the concept of Radical Analytics because I felt something was wrong with the way analytics was done…

We have rationalized privacy and data intrusion.

Then, I started digging into the history of data abuse and failed projects, especially failed Big Data and machine learning projects upon which so many of today’s marketing depend. I shared my findings at Superweek as “Hamel Hell” — a wonderful conference where the top minds in the digital analytics industry get together on an isolated mountain top in Hungary for five days of data nerdiness. Shortly after, I was invited to speak at the Marketing Festival in Prague — a unique conference where every presentation is a top quality keynote. Over 1500 marketers attended “The Doomsday Is Upon Us”. I asked the attendance if they used an ad blocker. When roughly 70 to 80 percent raised their hand, it further reinforced my feeling that something was wrong, seriously wrong. Some attendees said I scared the sh*t out of them…

At that same event, I met someone who had such a huge impact on me that I found myself at a crossroad in my career. In preparation for my encounter with Christopher Wylie , not only did I read all I could and watched hours of testimonials about Cambridge Analytica, I also spent 45 minutes in a small backstage room with him.

Hamel Hell was the seed, the Doomsday was the confirmation, and meeting Chris Wylie was the tipping point.

My personal data, like that of about 8,000,000 other people, was leaked by a rogue digital marketer who worked for Desjardins, the largest financial institution in Quebec. I should be reassured… my password and my PIN weren’t stolen! Only my name, birthday, social security number, address, financial details are now available on the Dark Web… To add to the insult, an “expert” said we should consider ourselves lucky because our own identity is drowned in an ocean of stolen data, so the likelihood of “winning the lottery” is lessened… 8,000,000 isn’t a small number, it’s the size of a small country. Yet, it’s literally a drop in the ocean of data which was leaked globally.

Like the sequel to a bad horror movie, Desjardins pushed all its clients toward the Equifax identity theft monitoring service. Not only did Equifax had its own data breach in the United States, let’s just say this company doesn’t have the best of track record when it comes to customer service and transparency. I discovered at least a dozen marketing trackers in the very sensitive private section of their website, they are using obsolete technologies and had a bad SSL certificate.

My efforts to reach out to Equifax Privacy Officer and further communications only led to typical canned responses: “We care about privacy,” “we have high security standards,” “customers are important to us,” “we do it to offer a better experience” and “to optimize our marketing”… Enough! In November I published “Equifax expose les membres de Desjardins à de nouveaux risques” — Equifax exposes Desjardins members to new risks. The long and detailed technical article explains how the marketing practices of Equifax, their lack of transparency and apparent negligence could be considered by millions of people as an abuse on their right to privacy and unnecessary exposure to new risks.

A month later the story was picked up by a journalist. A flurry of radio, TV and more press coverage followed. It triggered a response from our elected officials to scrutinize credit scoring companies, accelerate the path toward new legislations, and the Office de la Protection du Consommateur launched an investigation. After weeks of negation, Equifax admitted there were some old tags inadvertently left there and they removed the Facebook pixel which was tying behavioural data to specific users. I also took the time to suggest additional steps to improve Equifax digital marketing practices. Still, as of today, I see there are several marketing trackers happily collecting behavioural data and in some cases, passing on a unique customer id. Clearly, such a lack of transparency in their privacy policy and the absence of opt-in would be illegal under GDPR… yet it is perfectly fine for this American company doing business in Canada. Oh! Rest assured, their terms of service, privacy and cookie policies kind of say what they are doing… if you can decipher the verbiage and give informed consent…

The Equifax story is far from being unique. I am currently working on a project where we are scrutinizing the privacy policies of a dozen companies and contrasting what they say they do with what they actually do. This is a frustrating task and a perfect demonstration of the bad shape of the Canadian privacy laws.

Update, June 13th 2020: At last, Bill 64, An Act to modernize legislative provisions as regards the protection of personal information, has been presented to our parliament (in the province of Québec, so it doesn’t cover Canada as a whole). It is actually very close to GDPR.

While I keep an ear to the ground for what is said about privacy and ethics, it’s often too academic or incomprehensible legal jargon. Worse, despite the size and extent of my peer network, I’ve really only met a handful of people who really dedicate themselves to privacy.

While I wrapped my head around privacy and ethics in our field, I figured I could as well make the exercise open and public. This initiative came at the right time and filled a need in the industry — at least for the many marketers, analysts, and few vendors who took the time to read and contribute. I have never seen a collective effort like this in our community of marketers & analysts.

While most comments were constructive and valuable feedback, a few criticized it as being biased, negative, more philosophical than actionable… to which I can only answer this is what I could offer, without any financial compensation or expectation, and welcome others with open arms if they want to push the initiative in other directions.

I initially wanted to have a collection of typical, real-world case scenarios which would serve as a way to educate me, but also guide fellow marketers and analysts. This failed miserably during a Superweek informal chat which I expected to gather a few people for half an hour, and ended up into a fifty persons debate for over two hours! The intent wasn’t to be one-sided and present all analytics/data collection/analysis work as nefarious. But it did highlight the industry lack of understanding and the absence of “patterns” of best practices which are common in other industries.

This week, again, there was a long thread in the #Measure Slack forum debating about the legitimacy and legality of Google Analytics tracking when configured in a certain way, in a certain jurisdiction.

When the brightest in our industry can’t figure out if Google Analytics is legitimate and legal under such and such conditions, imagine how screwed everybody else is!

Let’s put aside the specifics of the legality of a given tool under a given jurisdiction… The conclusion of this whole open doc exercise came out clear and strong — at least for me. Something that goes at the heart of the issue of privacy and informed consent. Something which isn’t constrained by any actual, future or hypothetical legal framework.

No Consent, No Tracking

The statement is a strong one. The choice of those words is not a coincidence and is somewhat reminiscent of the #MeToo campaign stating, “Unless it’s yes, it’s no”… To me “explicit consent” is saying “yes,” but “informed consent” is understanding what you say “yes” to.

Of course, we cannot expect businesses to operate without data. As marketers and analysts, we see legitimate reasons for tracking. What might be deemed essential from our perspective (ex. ad conversion) might not be deemed as essential from the customer standpoint. It’s all a matter of trust, and our industry have largely lost it. A #NoConsentNoTracking approach forces you to be transparent, to be honest, to educate, and is a guarantee to abide by the law.

You can criticize this initiative from afar, or you can constructively contribute your experience and expertise so we increase our level of education and confidence first, so that we can better communicate and educate our users next.

Stéphane Hamel is a seasoned independent digital marketing and analytics consultant, innovator, teacher and speaker with a strong interest for user privacy and the ethical use of data.

If you enjoyed this article, you should connect on LinkedIn and while you’re at it, why not click the nice little clapping hands on the left and follow me on Medium!

All the world is made of faith, and trust, and pixie dust. Digital marketer & analyst with a strong interest in privacy and the ethical use of data.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store