Privacy experience – just like all the other customer experiences

The topic of privacy and trust seems to be coming up more and more these days. What was once the domain of tin-foil hatted privacy wonks has moved mainstream with more and more articles being written on the subject and more legislation being considered around the world. Even brands such as Apple are throwing their hat in the ring and building their brand on trust and transparency through their products.

Yet, privacy is still very much an afterthought in so many brand experiences. In the run up to the launch of the GDPR, brands scrambled to throw up cookie banners to comply with the new law. A similar exercise is underway to comply with the California Consumer Privacy Act (CCPA). In trying to understand how customers react to various privacy interactions, and to better understand what kinds of experiences lead to the greatest amount of engagement and agreement to let a brand collect and process their data, we analyzed anonymous data from a randomized group of consumers in several countries in Europe in accordance with GDPR requirements.

Insight from 17 million experiences

Over the years, Crownpeak has delivered over 20 billion consent experiences to customers all over the world. To better understand what creates the best experiences that get the most consent, we took a subset of that data from over 400 brands, and from three of the largest countries in the EU: The United Kingdom, France, and Germany. We focused on brands that engaged in offering prior consent, and filtered out brands using cookie walls, implied consent and other types of consent experiences so we could get to the heart of what makes someone actively opt in to allowing brands to utilize their information. All in all, we looked at over 17 million experiences to see what patterns we could find. Since we didn't know what would be meaningful attributes, we let the data do the talking, and used a big data analysis technique called a decision tree to walk the data and find the most important data elements that correlated to the biggest improvements in consent rates.

Engagement: Three key elements

What we found was both surprising and yet not that surprising. As it turns out, consumers react to privacy experiences in much the same way they engage with just about any other type of experience.

They engage based on three key elements:

1. How much perceived value they think there is in the interaction
2. How comfortable are they with the experience
3. How well can they understand their choices
   
   

Let's unpack these elements.

Value exchange: The idea of value exchange in privacy isn't new, but it's never been well quantified. In our analysis, we noticed that within a given brand experience, consent rates varied from page to page. For instance, the consent rates for a given consumer could vary by up to 70% based on the page the consent experience was presented. Pages that were perceived as low value would get very low consent rates, and pages with high perceived value would get much higher consent rates. Homepages would often get a median level of consent, largely based on the anticipated value from the consumer. This tracks with normal customer experience, where consumers often expect to give to get.

Brand comfort level: The second factor we found to impact consent rates was the level of comfort a customer had with a brand. This largely translated into how on-brand an experience was. The more off-brand a consent experience was, the lower the consent rate. Examples include colors, fonts, and style mismatches from the rest of the web property. Consumers can often be alarmed or concerned when something just doesn't quite fit into the rest of the experience. This is consistent with much of the research done on why consistent branding matters.

This factor also varied largely by country. For instance, in the UK, being on-brand with your consent experience matters a great deal more, increasing the consent rates by 42% vs France and Germany, which had much less of an impact to their consent rates. This is consistent with branding approaches that can vary across various countries, adapting to the needs of local markets.

Cultural sensitivity to language clarity: The third factor we found was a consumer's level of understanding of a consent experience. The language of the consent notice matters, and its impact varied from country to country. In France and Germany, brands that used indirect language and contained legal language were 40% more likely to consent, whereas in the UK, visitors preferred more clear and concise language, and were 50% more likely to consent when they experienced that. This is consistent with how brands have been adapting to local markets for decades. The style and tone used in a local market is key to adapting to a locale, beyond just translating your brand's copy.

Privacy as part of the customer experience

What our consent data insights tells us is that brands need to start thinking about privacy as a part of the customer experience and apply what they know about designing great customer experiences to the privacy journey. We plan to dig into more data that spans more brands, across more countries, and expanding the amount of data elements we look at next. We expect to uncover more surprises along the way, as we look for better ways to engage customers on their own terms, and as brands begin to use their privacy experiences to build trust and transparency with consumers.