M13h Privacy Interview: Data Protection in 2021

Privacy refers to the way in which brands and advertisers manage the collection and use of personal data relating to their customers and prospects. It refers both to legal and technological constraints and to questions of ethics and transparency. The term also encompasses issues of protection of the data collected from possible external attacks.

In order to talk to you about this topical subject, we met Mickaël Avoledo, associate director of M13h (a Labelium group consultancy), who was kind enough to answer our questions in order to explain to us how to grasp the challenges of Privacy and how to define an action plan accordingly.

1. Mickaël, can you introduce us to M13h? What does the company do?

M13h is a data and marketing technology consultancy that joined the Labelium Group in 2018. We have two areas of expertise:

• On the one hand, the Data marketing division We offer our clients the management of upstream framing projects (audits, benchmarks, strategies, use cases, etc.), the support of projects until their operational implementation (adtech/martech tools, privacy, etc.) and the monitoring of the optimisation of marketing actions.

• On the other hand, the Data Science division where we offer them data engineering (aggregation of data sources in datalakes, data flows between tools, advanced data activation, etc.), data modelling (customer segmentation, LTV, predictive analyses of purchases or churn, etc.) and data visualisation.

In simple terms, our guiding principle is to help our clients to through the various maturity gaps necessary to optimise their marketing actions thanks to data.

2. Can you tell us more about Privacy?

• What are the stakes for the GAFAs? 

The GAFAs do not all have the same privacy issues. On the one hand, we find Applewhich has understood that this subject represents a real area of differentiation and wants to gain a competitive advantage. After having reinforced the anti-tracking measures measures in its Safari web browser, it is now tackling the world of applications with a consent for the use of its mobile ID (the IDFA) which should arrive in 2021. Apple has not hesitated to highlight the subject of privacy in its advertising campaigns for several years now (the most recent campaign took place in recent weeks).

On the other hand, we have Google and Facebookwhose main challenge is to to limit the impact of regulatory and technological developments on their advertising business, their main source of revenue. After a game of cat and mouse to circumvent anti-tracking measures in browsers, these players (and especially Google) are now deciding to change their approach. We will move from one-to-one targeting and deterministic conversion metrics to targeting " one-to-few" and more and more probabilistic measures based on extrapolations.

• What are the impacts and implications for merchants?

Merchants can expect several types of impacts. The first is related to regulatory developments regulatory developments regarding the collection of consent. In France, on 1st October last, the CNIL issued new recommendations to which all companies must be aligned by 31 March 2021. For users, these recommendations make it easier to refuse the use of cookies by highlighting the refusal options on the cookie banner. The market is thus preparing for a drop in the volumes of data that can be used for advertising targeting (the most pessimistic talk of a drop of up to 80%).

The second impact is related to technological developments. Browser developments (e.g. refusal of third-party cookies) are eliminating certain use cases such as retargeting or the performance measurement post-view. This is already the case on Safari and Firefox, and will soon be the case on Chrome. In addition, Apple is continuing to make progress on the applications side, with an IDFA consent that will greatly limit cross-app retargeting on iOS (we're talking about 70% less volume) and the attribution of Apps campaigns. In addition, the "Connect with Apple" buttons, which Apple forced into Apps that already had Facebook or Google Connect, cut brands off from a valuable piece of information: users' email addresses, with an option available to hide it. Ultimately, these developments make performance measurements less accurate and limit the reach of possible targeting.

• What should be the priority on the merchant side?

Currently, and following the CNIL recommendations, all our clients are focused on updating their cookie banners. It is necessary to anticipate as much as possible in order to give ourselves time to test different versions and maximise the consent rates which are essential for the management and marketing targeting of tomorrow.

In the medium term, the subject of adapting the marketing stack whose aim is to limit the regulatory and technological impacts. We can cite quick wins, such as the implementation of the " consent mode" on Google tools to respect users' privacy choices while preserving measurement capabilities via extrapolation in the tools. Other actions, such as imports of conversions and server-side audiences, are also to be taken into consideration. They allow you to kill two birds with one stone by limiting the impact of privacy on marketing management on the one hand and, on the other, to acquire new indicators for measuring drive to storecampaigns, for example. This is a big demand from our customers at the moment.

In the longer term, the server-side tracking tracking can also be considered and will happen one day, but it requires more effort to implement. The contextual targeting is also coming back in force. And if I had to add just one more topic, it would be 1st party data. Tomorrow's targeting should be separated into people-based and aggregated cohort targeting as described in Privacy Sandbox, Google's solution for stopping third-party cookies. If merchants want to be able to enable people-based targeting on a large scale, they need to think about the customer journey and value proposition in order to capture the data needed to do so.

3. What is the next important deadline for advertisers? For what reason? 

The 31 March 2021as this date marks the end of a period of tolerance by the CNIL s tolerance period with regard to cookie consent. The cookie banners and associated data processing will then have to be in compliance. If not, the penalties to which merchants are exposed are those of the RGPD: 4% of global turnover or €20m.

4. What would be your best advice for merchants in the short term?

With the ongoing health crisis and the associated forced digitalisation, merchants already have a lot to worry about! My advice is to don't forget the subject Privacybut to remain very pragmatic in the way you approach it. It is a complex subject, which can quickly become sprawling. It is therefore advisable to take a step back and ask yourself a few simple questions: what is my level of compliance and risk? What should be my focus points for addressing this topic? What are the 'stabilised' elements in this changing environment that I need to address now, and what are the issues where the market still needs to evolve before I take more interest?

It is this perspective that we try to bring to our clients, in order to make this subject less anxiety-provoking and to progress step by step, but quickly, towards compliance, without losing the business focus.

To conclude

In the current context, privacy could be put on the back burner, but it is a key issue that concerns us all and needs to be addressed, both in the medium and long term. To do this, we advise you to consider the next steps in the following way:

1. Prepare for the new CNIL consent guidelines.
2. Follow the development of the solutions and the various initiatives of the actors.
3. Implement short-term solutions.

And if we were to make a general recommendation: don't hesitate to call on a specialist to help you with these various steps.