Full disclosure: Tradable Bits is a fan data platform that allows brands to collect, own and use their own fan data.
Following Cambridge Analytica’s exploitation of fan data collected through Facebook authentication, many fans and companies are justifiably concerned about data security. As a result of events like these, there has been an increase in data regulations around the world, such as the GDPR in the UK and CCPA in California. It is extremely important to understand how your fan data is collected, stored and used so you can keep your fans safe and comply with regulations in your area.
Below are six ways you can protect your fans and their personal data from exploitation, as well as five important questions to ask any fan data provider you currently employ.
1) Own Your Own Fan Data
The most important factor in a secure fan data strategy is ensuring you actually own your own fan data. Many data platforms - especially the cheap ones - promise that you can learn about your fans and target them better using their aggregate pool of fan data. This means that any fan data you import or collect on their system is repurposed by other brands (either anonymized or not) to promote their products and messages. The reason they can offer such low prices is because they are profiting hugely from reselling your fans’ personal data to other brands - often without your knowledge or consent.
“Owning” your data means that you can view, export or delete it in its entirety at any point. It is essential that your fan data is completely private to your own brand account and cannot be accessed by any other brand, either transparently or through an anonymized set. It also means that you can’t see or use any other brands’ data (or an anonymized pool) for your own targeting - because if you can do this, other brands can do it with your data. Cutting off your own access to a larger anonymized set may seem like a disadvantage because it will take longer to generate your own set of fan data, but in the long run, it’s not only more ethical, but also more effective.
Developing direct relationships with your fans through explicit exchanges of fan data will allow you to personalize your communication with them based on their own actions and not just their demographics or generalized traits.
2) Explicitly Request Fan Data
Collecting data about your fans without their knowledge or consent is the fastest way to break trust and lose customers. When collecting fan data, clearly show who you are, exactly what you are requesting from them and allow them to explicitly consent to or deny your requests. Not only is purely cookie-based data collection flawed (just because someone looked at a webpage once does not mean they want that thing), it’s widely interpreted as deceptive.
The only valuable use for cookie-based data is if you layer it on top of explicitly collected data (i.e.: a fan you already know visited a specific page of your website) and even then - treat it critically and value explicit actions over implicit ones.
Just as you wouldn’t Facebook stalk and message a potential partner as your first encounter, you should never start a fan data relationship through purely implicit means. When meeting a fan for the first time, it’s far better to outright ask if they want to be considered as a potential customer. Then, once they say yes, you know they’re truly a good lead.
It’s easy to get caught up in quantity and forget about quality, but it’s essential that you only collect recent and relevant data about fans that actively want a relationship with you. This will save you countless advertising and marketing dollars, because you’ll be sure that the only people you’re paying to reach, actually want to hear from you.
3) Store and Send Fan Data Securely
It’s easy to forget that data lives in the physical world. Do you know where and how your fan data is stored? Do you know what country your data lives in? What are the privacy laws of that country? These are essential questions you must ask any time you’re collecting fan data.
Even if you’re explicitly asking for fan data and earning consent from fans, that consent is null if that data can be easily viewed or shared with third parties (or governments). Each fan is allowing your brand to see and use their data, and if you share it with anyone else, you’ve negated that permission.
Make sure your data is not only stored on a secure server but that that server cannot be accessed by any other party without your knowledge or permission. Look into the privacy laws of the country where your data is stored, and make sure you’re happy with their policies about accessing that data with or without notification or requests for access.
This also goes for when, how and where you send fan data. If anyone ever asks you to email them files of your fans’ personal information, refuse immediately. If sent, those files will now be accessible to whatever email provider you’re using and are vulnerable to anyone with access to that email account. Always make sure you send fan data files over a secure channel or in a shared folder with managed privacy permissions.
4) Never Share Data Without Permission
Sponsorship campaigns and co-run contests are a core part of any entertainment industry’s marketing plan. But are you making sure your fans are explicitly opting into sharing their data and receiving messages from your sponsors? You may not be aware, but it’s illegal to share any fan data with sponsors that they haven’t explicitly opted in to share with your partner.
Make sure, when you’re running a contest with a sponsor, that you provide an explicit opt-in for your sponsor and your brand. This not only improves the quality of leads for your sponsor, but lets your fans choose who they want to hear from.
It’s important to state in your own privacy policy and terms and conditions how you plan to share that data with anyone but your own team. This explicit ask for permission will likely decrease the number of leads your sponsor receives, but it will vastly improve the quality and depth of data you can share with them once your campaign is over.
5) Provide an Easy Opt-Out for Fans
If at any point a fan decides they no longer want you to have access to their data, you must make sure it’s easy for them to opt-out and erase anything you’ve collected about them. Ask your provider if they are GDPR compliant (provide the “right to erasure"), and actually go through the process yourself to make sure it’s simple and effective. Many data providers actually request fans share data about themselves to remove their data, which is obviously infuriating for fans looking to remove themselves. The process should be clear and easy to complete in just a few seconds.
It’s also helpful to provide alternatives for fans that want to participate in an activation you’re offering, but don’t want to share data in the default method you’re requesting. Although ultimately contests are a useful way to collect data with the understanding that fans are sharing a part of who they are for a chance to win, it’s just good fan relationship building to provide a few alternatives.
For instance, in the absence of a Facebook social login (authentication through an app), you can allow fans to opt-out and merely fill out an extended form of the information you require. This allows you to build relationships with fans on their terms, which strengthens loyalty and mitigates any backlash you may receive for collecting fan data.
6) Hire Providers that Don’t Resell Data
Data technology companies can be confusing. It’s easy to get caught up in all the benefits and forget to ask about and fully understand the technology and its features in detail. However, if you want to protect your brand and your fans from exploitation, it’s essential that you understand the tech stack you’re using and where your data is going.
Be absolutely sure that your data is yours alone, and that your provider isn’t selling or exposing it (anonymized or not) to other brands. This is the only way you can ensure your fans are safe and that your hard-earned data isn’t being used to promote messages and products you don’t believe in.
5 Questions to Ask Your Data Tech Provider Right Now:
1) Do you use our fan data with any other clients (anonymized or not)?
2) Where is our fan data stored? Can third parties (or government) access it without explicit notification or permission?
3) Is my fan data authenticated through an app owned by me, or a general one owned by your company?
4) Are you GDPR or CCPA compliant? How can one of my fans delete our data on them?
5) How do I export all of my fan data and remove it from your platform if need be?
The best way to combat concerns about privacy and data collection is to educate your fans and empower them to make choices about how they share their data and manage their privacy. Make sure you fully understand how you’re collecting, storing, sending and repurposing your own fan data - especially if you’re working with a tech provider.
If you’re feeling ashamed of the way you collect fan data and don’t want your fans to know about it, you should stop. Not only are you putting yourself at risk of a PR nightmare by breaking your fans’ trust, you’re compromising your results. Ultimately, you only want the fan data of people who want to be your customers. Advertising or targeting people that don’t want to be your customers is expensive and ineffective.
Take the time to cultivate a clean and quality database of explicitly opted in fans, and you’ll enjoy ideal ROI and cheaper CPAs for years to come.
If you have any further questions about data security, please contact our team to learn more.