Trust and transparency: Mastering data privacy in loyalty and promotional strategies

With the implementation of new privacy laws in four U.S. states, the EU reviewing its GDPR enforcement, and Google rolling out its Privacy Sandbox to Chrome users in 2024, marketers will face a busy year as they strive to align both company and regulatory policies.

In this blog post, we’ll cover: 

Before jumping into the challenges, it's worth defining the different data sources businesses typically use to target and segment users. These can be split into four categories:

Brands looking to personalize their loyalty rewards and promotions face two major challenges:

Many brands still struggle to communicate clearly with their customers what data they’re collecting, and how this will benefit them. This can damage trust, create skepticism among customers, and make them less willing to share data.

Cybersecurity threats are on the rise, with the most recent IBM Data Breach Report indicating that an alarming 83% of surveyed businesses encountered more than one data breach.

Instances of data breaches not only compromise customer privacy but also inflict severe damage to a brand's reputation. If you’re working with a vendor to power your loyalty and promotions, you need to make sure they have the highest security practices in place to keep your customer data safe.

Example questions to ask prospective (and existing) vendors include: 

Loyalty programs serve as a dynamic data flywheel, encouraging both the member and brand toward mutually beneficial outcomes. The best loyalty programs not only reward customer loyalty but act as data engines, continuously refining understanding of member preferences and behaviors.

The success of the loyalty program as a data flywheel depends on being transparent with customers in how you collect and use data.  This makes members informed collaborators in this exchange, rather than mere participants, and get a better understanding of how their data contributes to a more tailored and rewarding experience. By clearly communicating what data you are collecting, and how it will better serve customers, brands foster a sense of trust that further fuels the data flywheel.

The increasing importance of information security has led to the establishment and proposal of a wide range of data protection laws across the globe. 

Implemented in the EU, the General Data Protection Regulation (GDPR) stands as a benchmark, emphasizing individual rights and privacy. All brands working across the EU need to comply with the GDPR when collecting, processing, and storing consumer data.

GDPR-compliant loyalty programs require explicit consent for data processing, emphasizing principles like data minimization, transparency, and individual control. Compliance also involves respecting the right to be forgotten, ensuring data security, and, when applicable, conducting Impact Assessments.

In the US, a patchwork of data protection regulations and proposals exist at both the federal and state levels, including:

In Canada, the Consumer Protection Privacy Act obliges businesses to be transparent about all aspects of their interactions with consumers. A notable example is Ontario’s Consumer Protection Amendment Act (Loyalty Points), which requires businesses to disclose their points expiry policies and to give customers at least two years to redeem their points.

The following best practices show how certain brands have successfully navigated and maintained the delicate balance between privacy and personalization, leveraging their loyalty programs and promotions to create trust and transparency for their customers.

Ulta Beauty, a U.S. makeup and fragrance brand, uses quizzes to make customers more loyal and gather data directly from them. 

Before starting the quiz, the brand lets users choose if they want skincare recommendations based on their concerns or specific products. Depending on the chosen category, Ulta Beauty then asks follow-up questions and provides personalized suggestions.

NPD Group, a leading global market research agency, operates a rewards program known as Snap My Eats, in the UK. Participants can sign up and download the app, earning up to £5 in credit each month by completing surveys and capturing images of their food and beverage receipts.

To redeem rewards through Snap My Eats, members need to accumulate £10 in value. This requirement encourages continuous engagement among members and, at the same time, helps in managing program costs.