Data ethics in marketing: we asked Stéphane Hamel how responsible companies should use marketing data

Marketers who take user privacy and data ethics seriously are faced with a paradox. On one hand, we all understand the benefits we can gain by tracking user behavior on and off our websites. On the other hand, we’re growing increasingly conscious of the questionable tracking and targeting practices that are plaguing the marketing industry.

Until now, the big problem has been a blatant lack of consensus on how to use data ethically. However, thanks to Stéphane Hamel, the renowned independent data privacy & ethics consultant, that’s about to change. 

In close collaboration with 30 industry experts, Stéphane is putting together a comprehensive Digital Marketing & Analytics Ethics Manifesto that will set a standard for more ethical use of marketing data.

We sat down with Stéphane to discuss how the manifesto got started and what kinds of change he wishes to see in companies’ data practices.

Taking the leap from analytics to ethics and privacy advocacy

Before dedicating his career to data privacy and ethics, Stéphane built Da Vinci Tools and worked as an independent digital marketing and analytics consultant. At the end of January 2020 when Supermetrics acquired Da Vinci Tools, Stéphane joined the Supermetrics team as an evangelist advocating for user privacy and the ethical use of data.

But how did Stéphane end up jumping from marketing analytics to ethics and privacy advocacy? He explains that he was gradually starting to feel more uneasy about the data and privacy issues he faced in his work.

“Over time, I witnessed negligence, mistakes and a general ‘laissez-faire’ with many of the consulting clients I worked with and agencies I coached with their analytics practice. Like everyone else, I was reading disturbing and scary stories about data breach and data leaks resulting, too often, from a lack of marketing governance, poor security practice, or just plain evil and stupid ideas companies thought they could get away with,” Stéphane says.

However, the final decision to focus solely on user privacy and data ethics happened quickly. First, Stéphane was invited to speak about questionable data ethics and malpractice at the Marketing Festival in Prague. At the last minute, he was also asked to interview Christopher Wylie, the Cambridge Analytica whistleblower, on stage.

Stéphane explains, “I watched hours of testimonials, read all I could in order to be prepared, and ended up spending 45 minutes with him in a backstage room. This, alone, was quite an experience.”

Little did Stéphane know that it was only the beginning. In November 2019, he discovered a serious lack of governance in the marketing trackers used by Equifax, the identity theft service recommended by Desjardins, the largest financial institution in Québec, which had recently been impacted by a massive data leak.

Stéphane recounts, “After raising the alarm to Equifax and seeing their denial and the usual PR responses such as ‘we have strong security practice’, ‘customers are important to us’, and such empty phrases, I wrote about it (in French) and it eventually got picked up in the news. It raised the alarm to our elected officials to accelerate the adoption of laws similar to GDPR, an investigation was launched by the Office de la Protection du Consommateur, and finally, Equifax made some minor changes, like removed obsolete tags and the Facebook pixel from the secured area of the site.”

After that, there was no turning back for Stéphane.

Making of the Digital Marketing & Analytics Ethics Manifesto

After the dramatic twists and turns in the Desjardins/Equifax story, Stéphane felt the need to better educate himself about ethics in marketing and analytics. What started out as a personal research project quickly turned into a collaborative document that has been viewed by hundreds of people and reviewed by 30 industry experts.

While Stéphane was surprised about the attention his pet project got, he found the resulting discussions extremely valuable. He says, “The result was beyond my wildest expectations. The comment threads alone are worth a read because they reveal so much about the state of confusion in our industry. I still have to do another round of review and work with a few, select group of co-authors to extract the few essential pin-points and turn it into a real manifesto, which should be coming out shortly.” 

Throughout the exercise, Stéphane picked up on numerous fascinating comments that exposed a wide variety of opinions about what should and shouldn’t be acceptable. 

Stéphane offers a few examples of the questions he was suddenly faced with: 

• Is it okay to track someone merely because they are visiting ‘our’ website? 
• Are we, as a company, entitled to some rights to track users even if they clearly signal that they don’t want to be tracked?
• What about the vendors in the martech industry — some of which are using shady tactics to collect more information, build pseudo profiles, enrich them, all without user knowledge, consent, right of regard or ability to be excluded?
• What about cases where what is initially anonymous becomes so enriched that it ultimately targets an audience of one?

Stéphane explains that, “From a legal standpoint, most frameworks either focus solely on the collection of personal data — and everyone has to agree what ‘personal data’ is in the first place — leaving the door open to interpretations and any other kind of anonymous and aggregated data collection. Those legal frameworks also have so many exceptions that vendors are working hard to find workarounds and marketers are caught in a maze of scenarios which are impossible to solve.”

The manifesto in a nutshell

To borrow directly from the collaborative document that Stéphane is currently shaping into a polished manifesto, the four pillars of the Digital Marketing & Analytics Ethics Manifesto are:

1. No consent means no tracking — no exceptions

We have to ask before we track and honor the result. Informed consent doesn’t come by hiding behind impenetrable Privacy Policy and User Agreement. We have to be clear, transparent and honest by revealing the what, why, how and who about the data we collect, use and share. We have to use the data for the purpose we disclosed, otherwise we simply don’t have consent.

2. Privacy by design

Defaults should be as private as possible with clear reasons given when we’re asking for more. If you don’t need to know the identity of the person, don’t ask for it! A privacy by design culture is one where there’s continued awareness of the evolving environment, innovation, learning and creativity.

3. Customer control

We’re privileged that our users want to share data with us. It’s time to give them control. We need systems to easily and clearly let users know what we’ve collected, correct it when it’s wrong and delete it if they desire. Not because the Law requires it but because it’s the right thing to do. The discipline of building systems to do this forces us to confront why we’re collecting it and whether we should.

4. Get started and never stop

If you haven’t been starting to feel uneasy about the dangers of data collection you haven’t been paying attention. It’s time for us to take control and fix it so we can feel good about what we do.

How can companies move towards more ethical data practices, then?

According to Stéphane, many of the people he consulted in the making of the manifesto seemed to think that it should be up to consumers to better educate and protect themselves. However, this approach doesn’t sit right with Stéphane who brushes these comments off as wishful thinking. 

Instead, Stéphane would start with the four pillars of the manifesto: transparency, honesty, control, and making privacy part of a brand’s value proposition. 

Stéphane explains, “It shouldn’t be a compliance checkbox. Companies are quick to claim they are customer centric, but when asked specifically what makes them say so, they often fail to point a single, very specific action they take to make it real. Privacy is this opportunity to truly and genuinely care about customers and it should be allocated the same level of attention we see when marketers work with a multidisciplinary team to continuously improve their offering — not legal on one side, IT security on the other, and marketing reigning over some magic technology happily collecting all kinds of data on the other side.”

He continues, “Companies need to play their part, but there’s also a community of practice amongst marketers and analysts. What many of us seem to be looking for are case studies and scenarios — examples where we could read about a given situation, what are the points we should consider, and a clear guidance toward the most desirable decision — both from an ethical and a legal standpoint.” 

On a more practical level, Stéphane advises that companies should start from governance and transparency. He says, “I think governance is key — and thankfully, GDPR forces companies to pay attention, but there is still a lot of room for improvement, especially when it comes to the education of marketers and analysts themselves. Transparency is also important, so simplifying privacy policies and terms of service seems essential, as well as providing tools so users can be in control.” 

As not to make the transition into more ethical data practices sound too easy, Stéphane also mentions that there are some obstacles that marketers should be wary of:

“The problem is that the tech landscape is pretty complex and we’re too often faced with obtrusive, non-standardized evasive consent popups we just want to get out of the way — so it deceives the whole purpose of having them in the first place. Things are evolving and changing quickly, so we can expect — and hope for — new innovative ways of bringing transparency, simplicity and control,” he summarizes.

“Get started and never stop”

As with any fundamental changes to the way your company operates, the important thing to remember with data ethics is that your work will never truly be done. There will always be something that you can do better.

A great way to keep track of the current best practices is to benchmark other companies. Stéphane is no exception in this area. He explains, “I’m constantly looking for more examples of companies with a very good governance process, transparency, providing user control, or offering innovative approaches.”

While he’s recently been reviewing several companies’ data practices, he’s been particularly impressed with Cookiebot, Verified Data, and Exponea. 

Stéphane says, “I had the pleasure to meet the CPO of Exponea — one of the many reviewers and contributors of the document — and I have since looked a little more closely into what they are doing. Not only do they offer a great Customer Data Platform and marketing tools, they also handle privacy elegantly, offer detailed documentation about their privacy policy and offer user control, they also published a very good e-book explaining very clearly their security features.”

Now, if you’re looking to get started with a more ethical use of marketing data in your company, the important thing is to get started — and never stop.