Data privacy is a paramount concern in all areas of online marketing. Switzerland, known for its strong data and privacy protection traditions, passed a new Data Privacy Act that significantly impacts how marketers collect, store, and process personal data. In this blog post, we will delve into the five key areas of online marketing that are affected by Switzerland’s new Data Privacy Act.
1. Data Privacy Impact on Cookies
The new Data Privacy Act is clear that every website must display a cookie banner on their website so that all users can either consent or reject to being tracked. Unlike the EU-GDPR however, your cookie banner may pre-select marketing cookies as an option, obliging users to “opt-out” if they do not wish to be tracked. This is why many articles in Switzerland will argue that a cookie banner is not obligatory for Swiss users. While this is strictly true, users must still be informed that their data is being collected and have the option to opt-out, therefore a “consent-banner”, becomes an informational banner. This is only the case in Switzerland, therefore any company that operates in the EU, must have a GDPR compliant cookie consent solution for their European users.
2. Data Privacy Impact on Third-Party Data Sharing
The law also specifies new regulation for third-party data sharing, impacting businesses that rely on external data sources for ad targeting. Users must be informed through your Privacy Policy exactly which third-party tools are used marketing and which data is shared with them, for example the Facebook Ads Pixel. Each company must create a data concept which outlines how data is collected, stored and processed and have this readily available on their website. If you’re not sure what this looks like, you can see an example of how we have listed our third-party cookies in our cookie notice page
3. Data Privacy Impact on E-Mail Marketing
Email marketing is a cornerstone of digital marketing, allowing businesses to speak to their audience directly. Email marketing is very effective for nurturing the relationship between brand and customer, although it is a fine line between a constructive email marketing strategy, and spamming. Switzerland’s data privacy law touches on several elements in this domain:
Explicit Consent: Marketers must obtain explicit consent from individuals before sending marketing emails. The law mandates that consent should be freely given, informed, and specific. The most common method to obtain consent is a checkbox that specifies an email address may be stored and contacted for marketing purposes, at the stage when a user submits a form. Similarly, when a user intentionally gives their email address in order to receive a promotion or information through a website.
The user must be able to withdraw their consent, easily and quickly. For example, by clicking on ‘unsubscribe’ at the bottom of an email at any time.
Data Retention Limits: Marketers need to adhere to data retention limits, meaning they should not retain email addresses or other personal data longer than necessary for the purpose it was collected. Ultimately, this means that if you are regularly sending promotional material to a database of consented users, you can keep their data indefinitely, seeing as you are still using the data for its intended purpose.
4. Data Privacy Impact on Targeting
Lookalike or Similar lists: The very effective and popular “similar” list from Google Ads (or “Lookalike” in Facebook Ads) relies on third-party data sources to find relevant audiences for your ad campaigns by using one list of users, (this could be your existing subscribers or followers) and find users with similar interests or demographics. The law’s limitations on third-party data sharing can reduce the availability of external data and will impact the quality of these “similar” lists. In fact, Google depreciated “similar” list targeting this year among concerns that it will no longer be compliant. We have yet to find out if Facebook will do the same. To mitigate against this new change, marketers may need to pivot toward greater reliance on first-party data collection and build in-house data repositories, or turn to new solutions such as synthetic user tracking for automated audience building.
Remarketing lists: Remarketing, a tactic that serves ads to users who have visited your website, is also an integral part of online marketing. Here, the requirement for explicit user consent poses a challenge. Marketers must obtain clear consent from individuals to include them in remarketing lists. Companies will need to incorporate consent mechanisms that clearly explain the purpose and scope of remarketing efforts in the Privacy Policy. Marketers will need to restructure their remarketing campaigns to align with user consent levels. This may involve more granular segmentation and tailored ad content based on individual preferences.
5. Data Privacy Impact on User Profiling
User profiling, a practice that segments and groups audiences based on multiple data sources, in order to tailor marketing messages to individuals, faces significant limitations:
Transparency and Data Governance: Marketers must be transparent about how user data is collected, processed, and used for profiling or analytics purposes. Users have the right to know how their data is used and to control this process. This includes having an easily available cookie consent manager, clearly marked “unsubscribe” in emails and instructions on how to request “being forgotten” or deleted from a company’s database. Marketers must maintain clear and easily accessible privacy policies that detail data collection methods, the scope of profiling, and the analytics used. Data governance practices, including data security and access controls, must be robust and well-documented.
Data Minimization: The law encourages data minimization, meaning only data necessary for the profiling and analytics purpose should be collected and used. This impacts the extent and depth of data collected for these activities. Marketers should reevaluate the types of data they collect for profiling and analytics, ensuring it aligns with specific needs while avoiding the retention of unnecessary data. Marketers may need to rely more on first-party data collection strategies, such as engagement campaigns, loyalty programs, and customer feedback, to compensate for the limitation of data collection.
Conclusion
Switzerland’s new data protection act has ushered in a new era of responsibility for marketers. Emphasizing explicit user consent, transparency, and data minimization, these laws pivot the marketing landscape towards greater accountability. By focusing on responsible data handling, enhanced data security, and user rights, marketers can not only meet the legal requirements but also enhance their reputation as trustworthy and privacy-conscious entities which will improve their brand reputation in the long term. Compliance, coupled with a commitment to ethical practices, is the way forward in online marketing. Stay tuned, we will share our six actionable steps to ensure compliance in our upcoming post.
Additional Resources
For more in-depth information on how to adapt to Switzerland’s data privacy law, consider attending our webinars or exploring our other blog posts focused on data privacy compliance in the digital marketing landscape.