How an Absence of Privacy Shield Certification Could Put your Brand at Risk

NetLine is Privacy Shield Certified - learn how to select safe vendors

Marketers may recall the wave of borderline hysteria that took place in the wake of GDPR. Fear mongering through an (ironic) influx of emails and messaging left many questioning their practices and those of their vendors. And with good cause; with thousands of martech options at our fingertips, it’s naïve in today’s market to overlook adoption of user privacy controls.

As a Privacy Shield certified buyer engagement platform, we’re positioned to help marketers better understand the importance of seeking vendors that comply with global privacy protection regulations. But first, let’s get you up to speed on Privacy Shield.

What is it

In short, “Privacy Shield is an agreement between the EU and US allowing for the transfer of personal data from the EU to US.” For marketers, this dichotomy between EU/US standards has been at the core of the confusion around how to execute various forms of marketing and advertising campaigns. From form submits to cookie tracking, GDPR resulted in scrutiny around how companies are gathering, protecting, and using PII.

Privacy Shield certification ensures that participating companies are protecting data and the transfer thereof. At NetLine, we take this seriously and are encouraging marketers to get savvy around vetting their vendors. To verify if a vendor is Privacy Shield Certified, search the registration list here: Privacy Shield Framework Search and then start asking some tough questions.

Why we got certified

Lots of companies are adapting to the demand for international controls over data privacy by simply backing out of those areas or finding loopholes in the GDPR that supports their business model. In the long run, companies that take these routes are showing shortsightedness for not only the global marketplace, but for the future of data privacy in the US as well. Privacy Shield certification provides a sustainable level of certainty around compliance for vendors, and peace of mind for their customers.

June of 2018 marked the introduction of US legislation on consumer data privacy protections. The passing of the California Consumer Privacy Act (CCPA) heralds the beginning of what will surely become wider-spread standards across the US like we’ve never seen before. Marketers should see this as another step in the process to ensure brand safety and protect their audiences; whereas many vendors see this potential layer of oversight as a threat to their entire business model.

We encourage marketers, regardless of the status of US legislation, to dig deeper on their potential and existing vendors. One simple way to validate compliance and validate data acquisition methods is to see if you can subscribe to the vendor’s mailings in any way. With no external-facing subscription process, marketers should ask, “By what means did this vendor acquire the astonishing list, consisting of millions of records, they are promoting?” If you’re not able to view any live resources that point to compliant acquisition of users, there’s a strong likelihood that these were scraped from websites or acquired by other questionable means.

Even prior to taking on the significant Privacy Shield certification, NetLine has always provided transparency into the source and use of PII; as a B2B vendor premised on fully-permissioned and first-party sourced data, the move into top-level privacy certification was simple. All user data is provided at-will by users and in exchange for content. Privacy notices, and now geo-responsive GDPR verbiage/disclosures, make content syndication lead generation on our platform a secure choice for domestic or global B2B marketers.

What it says when a vendor doesn’t have it

When considering a vendor that is not Privacy Shield certified, look beneath the surface and ask why that vendor is not taking measures to participate in oversight, governance, monitoring, accountability and recourse. The Privacy Shield Framework is designed to not just add a nice badge to a website, it’s a structure of accountability that places companies, like ours, in a position to justify our measures and uphold the strict standards.

You should also quite literally ask these probing questions to validate privacy controls:

  • “Can you articulate the value prop as to why a user decided to receive emails from you and/or your clients?”
  • “Can you please show me where you’ve clearly articulated and communicated to the user what they will be receiving by opting-in?”
  • “Can I see the Privacy Center and/or Preferences center that your subscribers have access to?”
  • “Can you confirm what those users can expect to receive, down to the frequency, format, and content? Surely a business professional isn’t simply giving their work email address for unknown amounts of emails.”
  • Make note of the vendor’s Alexa ranking and compare that to their database size. There will be a high correlation between popular sites with thriving audience populations and large databases. A poorly ranked site with a massive database is a classic tell that something is very wrong. 

Overall, the infractions against GDPR to date have been the result of companies who simply did not take the proper measures to protect PII or properly inform of how PII would be used. The industry is packed with companies that are selling or re-selling user data scraped from intent signals captured via cookie tracking and other involuntary sharing of data. Marketers are inherently drawn to solutions that provide insights and competitive advantages, so vendors are always innovating to satisfy that need. Before jumping on the next shiny martech wagon, take a discerning eye to the offering and make sure your brand is protected from unsavory practices.