Data Privacy Landscape for Travel Marketers Webinar Recap

by | Jun 5, 2024

Data Privacy Landscape for Travel Marketers webinar recap
100 min read

Data Privacy Landscape for Travel Marketers Webinar Recap

Watch the video then download our Data Privacy & Cookie Deprecation Whitepaper for Travel Marketers.

Data Privacy Landscape for Travel Marketers Webinar Recap - Data Privacy and Cookie Deprecation Whitepaper for Travel Marketers


Data Privacy Landscape for Travel Marketers Webinar Transcript

Prefer to read? See the transcript for our Data Privacy Landscape for Travel Marketers webinar below.

Paul Hewett

Okay, I think, we will get started. It looks like we have a few people who have joined in the last minute or so. So welcome everyone to today’s presentation on the data privacy landscape for travel marketers.

This is the first of 3 webinars designed for digital marketers who work in the travel sector. We created this series of webinars by asking our customers in the travel sector one very simple question, which is: What’s keeping you awake at night? And there’ll be no surprises that we got 3 answers on repeat. The first one is data privacy. So that’s what we’re talking about here today.

The second topic was cookie deprecation. And we’ve got a webinar planned for cookie deprecation on the tenth of April. That’s going to be covered by our head of digital analytics who’s joining us here today, Benoit Weber and our digital director, who is Selina Gough. And then the third topic, which is a very popular topic was generative AI in marketing. So we’re covering that on the 24th of April, and that’s going to be hosted by our Chief Innovation Officer, Freddy.

So how today’s going to work is that we have gathered a load of questions from our clients and contacts in the travel industry, and we’ve grouped them into these presentations. And then we’ve organised the presentation around the questions that they were asking. And we’re responding to each one of those questions.

So let’s get started.

The webinar’s objective. So by the end of this webinar, you are going to be able to cover 4 topics. So the evolving data privacy landscape. And that’s going to be talking about the aspects of data privacy that are driven by regulation and then some of the aspects that are being driven by the platforms themselves. How to comply with regulation in Australia and globally. And we’re going to provide an overview of how these changes will affect marketing measurement. And then we’re also going to dip into technologies travel brands are using to enhance privacy.

In terms of your presenters. There’s a number of us presenting today, so we’ll do a quick introduction first up. I just want to give a thank you to Andrei, who’s behind the scenes. You can’t see him, but he’s there pushing buttons in the background to make this work. So thank you, Andrei.

I’m the host and presenter for today. So my name’s Paul Hewett. I’m the CEO of In Marketing We Trust. I oversee the agency to ensure that we’re providing the right services to our clients in the travel industry, and I also do some consulting and collaboration with some of our clients.

As you can probably tell, I’m not from Australia. I do live in Australia. I’ve been here for about 8 years, but I’m originally from Wales in the UK. And my work has mostly taken me across the UK. Europe, North America, and so on. And I’m doing a lot of work obviously here in APAC as well.

My experience is that I have 20 years in digital and direct marketing. So my expertise is across strategy marketing, technology and automation, data analysis and direct response, I cover a lot of bases there. But you can fit a lot in in 2 decades. Prior to joining In Marketing, We Trust I owned a company called RMG Response, and that was one of the largest direct response agencies for travel brands in the UK.

My experience in the travel sector, specifically my first clients that I ever worked with were travel brands. So back in Wales I worked with Visit Wales and almost all of the destination marketing organisations in Wales, around 22 of them. And I currently work with a range of businesses globally in the travel sector. So OTA’s, tour operators and destinations.

My travel brag is that, despite being severely frightened of flying, I really really hate it. I’ve travelled around the world 16 times in the past decade, mostly for work, visiting around 21 countries and 104 cities.

So that’s me. I’m gonna hand over to Ben.

Benoit Weber

Hello everyone. I’m Ben. I’m the Head of Analytics at In Marketing We Trust. I’m actually French, but I’m based in Vietnam. So in the north of Vietnam, close to China. I’ve been working in analytics for the last almost 10 years now, working especially around governance, dashboarding, reporting data, collection, conversion, optimisation, data, warehouse and privacy.

My travel brag is the I didn’t do 16 times the around the world, but I’ve seen quite a few countries, and my brag is that I lost count. I’m not even counting anymore. And then I worked in different countries. So in Spain, Poland, Switzerland, Vietnam, and France, which helped me, having a different aspect of cultures also. And then I worked with different brands, and I just put a few here. But Alitalia, Journey Beyond, so these are some of the travel brands I have been working with.
And then over to you, Marko.

Marko Mitrovic

Thank you, Ben. Just let the slide swap over.

Oh, I guess I can get started. So my name is Marko. I’m an account manager here at in Marketing We Trust. My role is centred around building, not just relationships, but partnerships with our clients from a diverse range of industries, and also travel being one of them. So my family is Serbian, and I grew up in New Zealand and recently moved over to the Gold Coast, where I’m based.

My travel brag is kind of in between pools and bins, while I haven’t lost track yet, and something I’d like to do. I have been to 28 countries, and a big achievement for me was organising a 4 month oe for 10 people, which is a very scary thing to do and challenging, but nonetheless very rewarding.

My travel, experience and focus of my career over the past few years has been really around analytics. But also focusing on performance media and SEO and working with a variety of destinations, cruises and tour operators. Some of the key brands that I work with currently are Globus family of brands as well as Destination Gold Coast.

Paul Hewett

Perfect. Thank you both. So to kick things off, I just want to take you through why we’ve got the authority to speak to travel marketers about their own industry. So In Marketing We Trust was built for travel brands. So our Chief Innovation Officer, Freddy, worked for travel brands prior to starting In Marketing We Trust, and Expedia was one of our founding clients and that was about a decade ago, and we’re still working with them.

We currently work with travel brands all over the world, and the reason they tell us they choose to work with us is because of 3 competitive advantages that we have and that we provide to them. The first is we’re a leading digital agency with digital expertise, the next is unparalleled travel and tourism experience. And the third is localised language and culture capability.

So I’ll just take you through each one of those very briefly, just to prove out the points. So they’re not big claims without any backing.

So the first being a leading digital expert. We are a data driven agency first. And that’s what we focus on. It’s really important that we’re at the cutting edge of data driven digital. And that’s something that we try to do on a global level. Our work with some of the largest websites in the world has equipped us with sophisticated tools and expertise. And we’ve managed to build proprietary tools and IP out of that. So our crawler, which is something that we’ve built, has crawled over 200 million Urls. And for one client we’ve collected around 20 billion rows of data, and that’s enabled us to optimise conversions and generate millions or tens of millions in additional revenue for that particular client. And for another client we have optimised around 50 million Urls. And again, that’s using our proprietary platform called Scalepath. That was voted one of the most innovative marketing technologies of 2023 by AFR. Something that we’re really proud of.

And then last year the big number you can see on the screen there 17,000 pieces of content. That was 17,000 or pieces of accurate brand-safe search engine-safe travel content. And again, that was built with a proprietary AI platform that’s built on top of large language models that you may have heard of and it safeguards commercial data. So we’re going to deep dive into that topic a bit more at one of our future webinars.

The second claim is unparalleled travel and tourism experience. We’ve worked with 37 travel brands across 4 continents. And they range from OTAs. We work with a lot of OTAs in our time. Tour operators, cruise companies, airlines and travel insurance brands. So really good experience in the travel industry.

And then last item is localised language and culture capability. As of today, we’ve got around 54 team members, and they’re based in strategic locations around the world that enable us to deliver global services for our clients. And those 54 team members speak a combination of 18 languages. And importantly, they understand local culture and they have active campaigns in 30 countries at the moment.

And one for anyone who’s joined us who may be interested in joining our team in the future. We do our trusted conference every year in a different country, and we’ve now done 7 countries, including Sydney, Vietnam, Cambodia. We went to Borneo one year, so we really live and breathe travel as a team. So that’s us. And why we think we’ve got the authority to speak on this topic.

Data Privacy Landscape for Travel Marketers

Paul Hewett

So what we’re going to cover today is we’re going to start by setting the scene. So why are we even talking about data privacy. Then we’re going to hop across to navigating global and Australian data privacy and then we will jump to measuring marketing performance in a world of disappearing data. And then, finally, we will look at using technology to enhance privacy. The main content is going to take us about an hour from this point.

And if you do have questions you’ll you’ll see in your in your controls. There is a QA section. Put your questions in there, and we will answer them when we get to the end. Okay, so we’re we’re not going to disrupt the flow because we’ve got a lot of good content to cover, and only an hour or so to get through that.

So before we get started, our lawyers wanted you to read this disclaimer. So I’ll leave it up for a moment. But then, essentially, it states that we are marketers. So we’re not qualified to provide compliance advice that will stand up in any court of law in Australia or anywhere else in the world.

Our lawyers, on the other hand, are qualified, and they can provide compliance advice that will stand up in a court of law. But it is important to notice where everything that we’re going to communicate here today we use in our business on a regular basis. And it’s been built through experience. We’re delivering projects for clients all over the world, across data, infrastructure and analytics. So it’s good content that’s being used in practice. If you are going to do anything, you must seek legal advice on this topic before taking any specific action for your brand. Okay so that’s the disclaimer. I’ll assume you’ve read it, and I will move on.

So the first topic we’re going to get to is the current marketing landscape, and what is changing. As I’ve mentioned, I gathered questions from our customers and contacts. So what I’ll do is I will read those questions out loud, and I will then allow a team member to respond to them.

So the first question you asked us was, what key shifts in the data privacy landscape are currently influencing digital marketing strategies, especially for those in the travel industry? And for this question, I’m going to hand things over to Marko.

Marko Mitrovic

Thank you very much, Paul.

So, firstly, to set the scene around privacy, and how it sort of evolved and the main drivers of it. Privacy has been quite a hot topic, and industry trend from just before the time of Covid, and is rapidly evolved and become very integral to marketers in terms of the impact on us and the repercussions there.

Some of the key things that play a part in this is increased privacy regulations which before didn’t fully exist or fully fleshed out. They’ve recently become quite robust and are constantly being adjusted. So things like the GDPR has been very much the sort of backbone of that.

Another key thing is the loss of third party cookies. This is something we will jump into deeper in another webinar. So stay tuned for that one. But essentially that is really impacting advertisers ability to track conversions and engage users. Shorten conversion windows so tighter timeframes for holding cookies that we might have as little as 24 hours in some cases.

Limitations in app tracking. So, for example, ios. For ios 14s release eliminated non concession, non consensual sharing of identifiers for advertisers. And then, finally, the rise of ad blockers, which is more significant than initially anticipated. To the degree that over 26% of us Internet users currently use them. And this surges when we look at younger demographics. So those aged 15 to 33 up to 45%, and they don’t only block ad display, but they can also disrupt conversion tracking through Javascript blocking.

Next slide, please.

So what does this mean? Ultimately, it means we have less data. But the question is, what’s driving? Then how much data do we actually have?

So through all of these there are some key ones that really come into effect, more so than others. So this is largely driven by data privacy by regulation. So again, as I mentioned that you, being sort of the frontrunner here in terms of what privacy reform looks like an enforcement, and then that, having a sort of knock on effect to other districts in their regulation. So in the US, The California Privacy Rights Act, for example, being very strong and prominent. And then, similarly, here in Australia, while it’s not as robust, there are coming reforms to the Privacy Act, for example. This year for that. That will change how marketers can target users, and what data we can collect and what that looks like.

And this again extends to platforms and search engines through their competition not only to adhere to these privacy regulations, but also in competition to offer the best experience and be trusted by users. So a very prominent example of this is with safari, with the release of intelligent tracking protocol or itp. When this was released it prevented cross side tracking, and by restricting the use of third-party cookies for users. There were other elements of this as well. So, for example, cookie storage limits, were would decrease. And this was a significant impact for marketers. At the time. And still continues to this day.

With privacy, with safari, now creating private browsing in 2023 is the sort of latest effort that prioritises privacy, and this extends to other platforms as well. So ios, as I mentioned before, up also Firefox and Chrome, while it’s late to the game it has as of this year, turned off cookies for one of their users, and that amounts to approximately 30 million. And the outcome of this is from our perspective is, we’ve generally observed 10 to 20% of people refusing to be tracked, and that can be as high as 40% for users in Germany, for example. So again, that highlights that culture plays a very important role here.

Next slide, please.

And now, when we’re looking at impacts, there’s 2 sort of stages to this is for general marketing in general, but then also more specifically to travel marketers.

So firstly, the 3 big ones that come to mind is trust. So users are more informed than ever around data collection and usage and brands who don’t prioritise building trust risk significant impacts to their brand sentiment, reputation, and consumer engagement and trust was something also found by Boston consulting Group. When they did a lot of analysis here to correspond with and indicate higher digital maturity.

The next one here is a bit more tangible for marketers, which is measurement gaps. So regulation and user opt out limits. The attribution and insights we have for marking activity, making more difficult to track users across touch points and understand them.

And then the last one is decreased ROAS. Now, while that is decreased ROAS, it is more perceived, but there’s an actual decrease as well, but that largely comes from constraints on the abilities to explicitly target audiences. And further, from data collection from the measurement gaps mentioned previously.

Now, when we’re looking for travel markers, specifically, 2 things come to mind as key impacts. One is that for travel marketers more so than domestic businesses, they have cross border operations. So a global customer base means that they need to collect, process and store personal data from individuals residing in multiple different regions. This is then complicated, due to some regions restricting the transfer of personal data across borders.

So, for example, GDPR doesn’t allow data from EU uses to be transferred to other countries without those countries having set levels of privacy regulation themselves. So this requires markers to adhere to data privacy regulation in every market which they operate and every market where their users are. And these considerations do extend to the platforms themselves, like Google Ads and Meta, who implement their own changes and restrictions within the platforms to adhere to those regulations.

The second point here is the complexity of the customer journey for travel consumers. They spend weeks, or even months, researching destinations, and often across multiple platforms and devices, such as smartphones, tablets, laptops and so on, reading reviews, looking at ratings and a lot of other things before making a booking.

And travelers must also account for seasonality trends and external factors not just in their destination, that they’re planning to go to, but also within their own country of residence.

And what this means ultimately is that with the restrictions in access to timely and granular data. It can often hinder travel marketers ability to identify, identify, and respond in real time to the changing trends and market dynamics. The reliance on cross device tracking again impacting their ability to understand consumer behaviour.

And what does this look like now in terms of what’s happening in the industry?

So Consent Mode V2 is a good way to sort of highlight this. So in March, Google released Consent Mode V2, which is a more advanced mode of their consent mode. And this was designed to adhere to new privacy regulation. Essentially, it tells Google what consent website users give for cookies, and it only takes into effect when a user refuses cookies giving you some insights as opposed to none, if you don’t have it. And you have users within regions where there are regulations. For example, EU and California, you won’t be able to properly use measurement, ad personalisation and remarketing features in Google Ads anymore.

So we’ve created a little flow here to sort of highlight what this looks like in terms of where different brands could be. So the first question is asking, are you collecting data from these users, and if the answer is No, you may think you’re in the clear. But it is important to consider that upcoming regulations, like the ones that are happening in Australia will likely restrict audience creation and retargeting similar to what we currently see for EU and US rules following very closely what the GDPR has. If you are collecting data, however, and you have implemented a cookie management platform, that’s one step in the right direction. And so again, if you haven’t, however, what will happen is, as I mentioned before, Google will limit and can even suspend your use of the Google product and terminate your agreement, which is a breach of the policy as of earlier this year.

And if you are using it, the next question to ask is, Are you already using consent mode. If you are, then great, if you aren’t going to again the same consideration applies.

And this is similar to sort of what happened with GA4 and implementation. There again it came out to address privacy regulation, but many organisations and brands delayed implementation. But again, what this did ultimately was, put them at larger risk of consequences, of not adhering to these policies and regulations.

And then I guess the next question is, why does this matter? Why can’t we just operate with less data?

While users are increasingly privacy conscious and informed, and the great majority believe that the risks outweigh the benefits, they also equally demand ad personalisation. And this is what is termed as the privacy personalisation paradox, which is a great challenge for marketers to address.

Now doesn’t just go one way where they want privacy, but sorry they want personalisation, but because of privacy. That’s this challenge. It does go both ways.

So a recent smart tourism study, for example, found negative effects of privacy concerns and user generated content creation were neutralised. But it’s just perceived benefits and sense of belonging. So it’s our goal as marketers to find that middle ground that allows for personalised experiences while also adhering to privacy regulation.

And one thing we can do is consider creating a value exchange something we’ll touch on later.

But the key question takeaway is, how, as travel marketers can we do that? Can we achieve this?

Paul Hewett

Great thanks, Marko. So the next section is navigating the global data privacy landscape with a focus on Australia.
So the question that we were asked was, how can travel marketers navigate the complex web of global data privacy regulation with a focus on complying with Australia’s changing privacy requirements?

So, as you can imagine, this is quite a large topic. I’m going to cover it in as much detail as possible that I’ve got in the time for this section, which is around 15-20 min. But if you do have questions, chuck them in the QA. And I will get back to you on them.

So as travel markers, our work is arguably more complex than most, because many of us do work internationally and we target customers internationally. So we’ve got the burden of complying with data privacy requirements here in Australia. But we’ve also got the burden of complying with global privacy regulations.

So in this section, we’re going to aim to answer 2 questions, what is happening globally? And then we’re going to bring it back home to Australia. What’s happening here.

So the global data privacy landscape is changing quickly. This visual that you’ve got on the screen here is from DLA Piper.

The URL is on the bottom left hand of the screen. I really recommend you go and take a look at this website. It’s very good. It covers data protection laws by country. And you can really drill down and look at what the legal requirements are for each region. You look at things like compliance, enforcement, and you can even see countries side by side. Very useful tool.

But the the key message, when you look at the site, is that almost all countries are covered by some form of regulation. So of the 94 countries, 137 have some form of regulation in data privacy regulation in place, that’s around 70%. And that actually covers around 65% of the global population. And that 65% of the global population does really correlate with consumers that have spending power to do things like travel. So again, it’s really important that you take a look at this.

So as you can see visually just looking at this map, that most countries have moderate or strict protection laws. Most of the Western economies that many of us will work in are covered by heavy regulations, so you can see the red countries here. You’ve got the US. You’ve got Canada, Mexico. You’ve got Australia. You’ve got UK, and you’ve got all of the other EU countries, Germany, Spain, France, Italy, etc. More surprisingly you can see there that China has heavy regulation, and I’ll address that in a bit more detail in a moment, as does South Korea and Japan is moderate.

Interestingly, when you look at all of these like I said, the DLA Piper data allows you to look at countries side by side. What you can actually see is that most of these countries, or many of these countries, I should say have extra territorial scope. So that means that the governments of those countries intend to enforce their laws with overseas companies. And obviously, that’s a significant risk for us as travel marketers, if we’re doing international campaigns.

So how I would use this asset? I suggest the starting point is to look over the DLA Piper data protection map yourself and explore any Territories that you might have campaigns in, or you might be collecting data from consumers in those Territories, and then I would encourage you to speak to your Dpl, your data protection officer or compliance or legal team, just to discuss your compliance measures in each of those regions.

So the global standard for data privacy is the GDPR. And I’m sure everyone has heard of the GDPR. Essentially, it sets the international benchmark for data privacy and it requires businesses to safeguard the personal data of EU citizens.

And, as I mentioned, it’s not just for European companies. It applies globally, and it does apply to Australian businesses. So anyone that’s doing work overboard is really needs to comply with this and the penalties are harsh for noncompliance, or, I should say, high rather than harsh. They’re up to 20 million euros or 4% of global turnover. And I’ll give you an overview of how that compares to noncompliance penalties here in Australia.

It is worth noting that no Australian companies have been fined under GDPR yet, however, there have been several extra territorial, ie. Non EU fines for UK and US companies, and those are actually reaching travel companies as well. I’ve got a few examples of which travel companies have fallen foul of GDPR which I’ll take you through in a moment.

So, as mentioned, GDPRr is the gold standard, and that is touted by people who are way more in the know than us. And the reason why it’s the global standard is because it’s the most comprehensive and far-reaching data protection regime globally.

Privacy regulation in the EU has been enforced regularly and to the maximum extent and it’s being tested. So some of the definitions, scopes, principles have all been tested and starting to be enforced for a number of years. And the other thing I would say about the EU. I was going to do a section on this, but I didn’t have time in today’s session is that they are moving fast on other aspects of data privacy. And so, for example, the DSA the Digital Services Act that has recently been enacted and that is going to affect the travel market. So platforms like are classed as VLOPs in the EU. What is a VLOP you say? A VLOP is a very large online platform. So I think the criteria is something like maybe 45 million users. So it covers TikTok, Meta, all of those things, but very large websites or platforms are also falling into that bucket. Some of the other platforms that you’ll all be familiar with.

And the reason this is important is because compliance requirements are different to GDPR. And penalties for noncompliance slightly differ to GDPR as well. I can’t remember the number off the top my head, but I’m sure it’s somewhere around 6% of turnover.

So other countries that are modelling their data privacy regime on GDPR. So I mentioned this in the previous slide.

Japan is interesting. They have something called the Api. And that was a major update in 2017, and it’s undergone another update in 2022. There is close alignment with GDPR, but also surprisingly, the Australian Privacy Principles. The APPs.

There was big focus on reach notifications in the update and also cross border transfer. That’s something that you’re going to hear a lot as I work my way through this cross border transfer is a really hot topic within all of these privacy updates.

Next is China, the pipl. That was introduced in 2021. And it’s heavy restriction on data privacy. It’s currently being refined further as well. So there is a significant focus on data sovereignty and Cross border transfers as well as compliance and auditing that’s coming through in the next update. And there is a strict data privacy regime that looks like it’s going to be enacted.

So for travel businesses here in Australia, I think this is a really hot topic data privacy for Australian travel brands doing business in China. So if there is enough demand for that topic, I’m happy to organise another one of these sessions where we specifically drill down on the pipl, and what that means for travel businesses you let us know, and if there’s demand we’ll organise it.

The third and final example of another country modelling privacy on the GDPR, is Brazil. They have the Lgpd. And it was widely discussed how closely it lined with GDPR when they launched it in 2020.

Initially, there was a very strong focus on cross-border transfer of data, and that’s since been wound back a bit. So I think it was last year 2023 that they relaxed that a little. I’m guessing because it was making business not as feasible as it was before.

So GDPR principles compliance is actually very simple. There are 7 core tenets of the privacy principles.Lawful fairness, and transparency being the first. So processing personal data should be lawful, fair, and transparent, and it should respect the individual. Ben’s gonna talk a bit more later on about privacy by design, and you’re gonna hear a bit of repetition when he goes over that. So he’ll stay sharp on that point.

The next is purpose limitation. So that’s about collecting data for specific, explicit and legitimate purposes. Next is data minimisation, that is only collecting and processing the data that’s required for the purpose that you’ve stated.

Accuracy. Next one. So just keeping your data up to date at all times. Storage limitation. So store the data only for as long as required for the purpose. Again, that you’ve communicated. Then where am I? I’m on integrity and confidentiality. Keep the data safe. Away from unlawful processing and away from accidental loss. And the final one in their principles is accountability. So the data controller must be able to demonstrate full compliance with GDPR.

Being marketers, we like to simplify things. So in our view, modern data privacy is all about consent.

So the framework that I encourage marketers to use is, it’s a simple one. It’s consent and accountability consent being about the consumer and accountability being about you and your organisation. So I’ll deconstruct this very quickly.

Consent. What does the consumer expect by lending you their data? And I think that term “lend” is is poignant. And you should really think about data in that context? It doesn’t belong to you. It belongs to someone else, and you’ve borrowed it to use it, and they have the power to take it away at any point, as well as tell you what to do with it.

So there are a handful of simple questions you can ask yourself, that are a basic compliance test they are:

1. Does the consumer know what data I have?
2. Does the consumer know what I’m doing with the data?
3. Can the consumer access that data if required? And
4. Can the consumer opt out of use?

So it’s best practice to gain and document explicit consent. And if you’ve just answered, probably maybe, or I don’t know, then I would suggest that’s not good enough in 2024, and you may get yourself into hot water, particularly if you’re marketing in one of those red hot markets that I showed earlier on.

The next section of making this easy consent and accountability model is accountability. So we’ve just acknowledged it’s not your data. So what are you doing to protect the data on behalf of the consumer that you’re borrowing it from? Again there are a handful of questions you can ask.

So the first is, do I have explicit and documented consent for the collection and use of the personal data? That’s basically the covering off the first item of consent. The next you can ask yourself is, Am I storing the data securely? The next you can ask yourself, is, am I storing only the data I need? Next is, am I storing the data only for the period?

Is it data that it’s needed? That can be a tricky one to answer so it needs some thought. And then the final one is, am I using the data only for the agreed purpose that goes back to the consent piece. So again, it’s best practice to document your efforts to be accountable for what you’re doing with the data. And again, if you’ve just answered probably maybe, or don’t know, that’s not good enough in 2024, and you will get yourself into hot water at some point. So you need to speak to your compliance Officer, DPO or someone in the know.

So the cost of non-compliance. I wanted to focus in on travel here and demonstrate some extra territorial scope by the EU to show that they have fined outside of the EU, and just a reminder for those of you who can see the dollars, the pound signs there. Obviously, the Uk is not EU anymore. So that’s one of the areas I’m going to focus in on in a moment.

So the brands that have been fined are Marriott, Clearview, British Airways, Amazon, Sorry Amazon, France logistics, a small Finnish travel agency group has been fined, and Ryanair has been fined as well.

So I’m only going to cover one of these in the interest of time, and that is British Airways. So British Airways was fined 20 million by the UK. Information Commissioner’s office, the Icl. In 2020. And the reason that’s interesting is because that fine actually started out as 183M, and it was wound back to 20 million. But it was a pretty big breach in 2018 they had a breach which affected around 400,000 customers globally. So a huge breach.

And I think this is a good point just to draw a bit of comparison between the EU fines and the fines in Australia. So if we take that example of 400,000 customers obviously being a big one. In Australia. We had the Optus data breach in 2020, and that was one of the country’s largest data breaches. This affected 10 million customers here in Australia, which was 40% of our population and the maximum fine that was allowed at the time was 2.2 million, which obviously, when you look at this, it doesn’t really cut it.

And Optus then went on a year later to receive another fine, where I think that was 1.5 million from CMA. And there really is a question there about whether they would have been fined a second time whether that breach would have happened a second time if the fines were as large as they were in in the EU.

So to finish this section off on GDPR. If you are targeting EU customers, we recommend you take action to ensure compliance.

Speak to your internal counsel. Whoever’s looking after data, compliance, legal, all of that kind of stuff. They’re normally clued up on this subject. If not, you could speak to us. We can point you in the right direction, or you can perform a self-assessment online using the GDPR EU tool.

So the next question you asked us was, How is Australia’s evolving data privacy landscape shaping the future of travel marketing. And what steps can companies take to navigate these changes successfully? So I’ll get to the action points at the end. First of all, I’m going to take you through what’s happening here in Australia.

So the Australian privacy act hopefully. It’s not surprise to anyone that that act is in place has been in place since 1988, and it applies to businesses and government agencies with turnover exceeding 3 million.

There have been dramatic increases in penalties since the examples that I just gave you in 2022, which really and underscore the importance of compliance.

There are 13 guiding principles called apps under the Australian Privacy Act and they can broadly be split into 6 categories that you can see on the screen here. So consent, collection, use and disclosure, data, quality, access and correction, data destruction. These actually quite closely align with the GDPR. The things that tend to differ is definitions and the scope of what’s included and the obligations.

So enforcement and penalties, what is the cost of noncompliance today? So historically, I mentioned 2.2 million was the maximum fine that was deemed insufficient on the back of the Optus and Medibank data breaches, and it needed to change. So that needed to happen ahead of the reform that we’re going through now, which is being introduced in 2024.

So the the penalties today, and I’ll take you through each of these quickly and then refer back to some of the variables in there. So it’s up to 50 million dollars, 3 times any benefit gained from the data breach, or 30% of adjusted turnover during the period of the breach. And it’s whichever is greater. So if I go back to the 3 times any benefit gained from the breach, the 50 million isn’t the maximum.

So let’s say you’ve done a breach, and it’s gained you 25 million, for example. Well, you can 3 times that to 75 million. So your fine is up straight away there from the 50 million set. The second example I gave was the 30% of turnover for the period of the breach. So let’s say you have had a bad breach going for 3 years. And your company is turning over 100 million.

Potentially. You’ve got a fine of 90 million dollars there for non-compliance. So, as you can see, they’re significant and they’re business enders, if you get caught particularly on the the last 2 examples there, your business is going to be in serious trouble.

And there are penalties for individual sole traders and partnerships as well. It’s up to 2.5 million for serious and repeated breaches. So the takeaway is, it’s serious, and it’s here and now. So you really must do everything you can to comply.

So here are the Australian privacy principles. There’s 13 of them. I am not going to go through each one of these with you. I think I’d lose some attendees if I did. These have been in place since 2014, when the national privacy principles, and the information privacy principles merged. So we’ve had 10 years.

Your organisation should be up to speed on these, and what I would say about them is that I think the the apps are likely to remain in place following the reform. That’s just my opinion, not fact at this point, because they are a sound foundation for privacy in 2024. The thing that will change will be the definitions of scopes and the obligations that fall within them.

So again, if you’re not sure about how your company is in line with apps, then speak to someone internally, or then come, speak to an expert.

In terms of how we’re doing for the changes. So the Australian privacy review: what’s changing 2024? I’m not gonna go too into detail here because we’re pushing it on time. But I’ll give you the headline. There’s expanded personal information. Has been. That’s right. There’s been an expansion of definition of personal information. So things like IP, device identifiers, location data and other identifiers are included. And that list isn’t exhausted. And it’s not necessarily data that can be used to identify someone. So the scope is quite broad.

There is a new fair and reasonable test for handling data. So even if you’ve got consent, you still need to say, is this fair and reasonable use of the data? So, for example, if you’re a travel insurance app, and you are selling insurance for European trips, it may be fair and reasonable to collect location data through your mobile app to support the delivery of these services. However, if you use the same app, then to access health information from an iphone, for example, that is likely to fall outside the category of what’s fair and reasonable. So just a tangible example for you.

Other things that are changing are restrictions and changes to definitions like direct marketing, targeting, and trading personal information. They’re all very broad and they’re ambiguous and they’re causing alarm bells in the marketing industry. Privacy breach penalties. I’ve already covered those they’re going up, and the final one is enhanced regulatory powers for the the office of Australian Information Commissioner.

So the industry has responded to this. The IAB and ADMA have been leading the way on the response. Very high view on this topic is that both ADMA and IAB in Australia, and many other private businesses actually support the modernisation of the Privacy Act. There are some concerns over clarity and definitions. I’ve already talked about those things like targeting trading. They’re too broad. They go too far. And they actually affect things like audience segmenting and standard business practice that that we all use as digital marketers.

The next is concerns out of opt out clauses and data use. The industry generally doesn’t support an unqualified right for the consumer to opt out of targeted advertising. Then there is the topic of ensuring global competitiveness. There is a fear that it’s not fully aligned with global standards, and that could put Australian’s at a disadvantage when they’re trying to comply because of the cost of it.

So the takeaway from this slide is that industry bodies and some private companies are working with the Government to strike the right balance between consumer protection and business viability.

But this is coming into play in 2024.

So what actions can you take? So there are 6 actions we’re recommending, remember, to go back to the consent and accountability model. Ensure you have full consent. Ensure that you’re accountable for the data.

But the 6 steps you can take are:

Undertake a full and comprehensive data order. So know what you’re collecting, storing and using and identifying your gaps in compliance.

The next is using privacy policies, updating them, ensuring they meet the requirements of the APA and GDPR.

The third is enhance your consent mechanism so promote clarity, transparency and ensure consent is explicit and documented. You’re going to need technology for that. We’ll talk about that later

Implement data protection measures. So treat data like it’s one of your family members data. So if your mum, dad gave you their data, one of your children, make sure you treat it like it’s your family’s data and strengthen security.

Train your staff. Many issues are human error. So ensure all of your team, understand the basics of Australian and global privacy data requirements.

And then the final one is monitor and report so put in place effective monitoring, reporting. This is something we do a lot of. Your senior executive team and board members should be asking you for this, so if not, flag it with them. Show them that you’re being proactive, and use this presentation as the the fuel for that conversation.

So that was that section. I’m going to move on to measuring marketing performance in a world of disappearing data. The question that you asked was: data sources are becoming increasingly restricted, due to privacy regulations. How can travel marketers adapt their measurement strategies to continue tracking and optimising marketing performance effectively? And I am going to go to Ben to answer that question.

Benoit Weber

Thank you.

This is something we already covered during the introduction, but just wanted to rephrase our ability to gather data is becoming more and more constrained. Due to add blockers due to cookies due to privacy, regulation, app tracking, shorter conversion windows. And as marketers, we’re gonna see less and less data. So how we are we gonna make decisions based on what we are collecting?

So I wanted to start with a timeline that I wanted to show you over the last few years. So if you can just go on the next slide, please.

So this is the summary of what happened in the last like 13 years. But I really want to start with 2011, because I think that’s one of the main milestone when GDPR Introduced the right to refuse the use of cookies. 2016 was when GDPR passed and in 2018 was when it came into full effect. But GDPR was really the precursor of all the other regulations. So Ccpa came in 2020, the Cdp in 2024. And then we have also this update of the Australian Privacy Act in 2024.

So it’s really just like the backbone of all the regulations. But all those regulations had massive impacts on browsers and also platforms. So I’m gonna start with the browsers. Everything started with safari and Mozilla. That’s responded to regulation by restricting the use of third party cookies and then ultimately remove all the third party cookies. Google is still a bit late in the game. They made the announcement in 2020. But since then they’re just being pushed till this year. Officially, it’s going to be by the end of the year.

But yeah, we’re still waiting for that. But the impact on browsers are already being seen. And then the last point is the platform. So we can see Facebook and Google ads already changed the way they were collecting data back into 2018 and 2020, they changed towards using more first party data.

And then one of the big changes, and especially for me as an analyst was universal analytics. The only reason why universal analytics was sunset was because of the privacy issue and not being able to collect data, and respecting those new regulations, which is why GA4 came into place.

Now as a marketers, what are the impacts that we’re gonna have in some of the data we’re gonna be seeing? Well, apart from not having all the data, obviously, we’re gonna also have a limited audience. So the audience that we’re gonna have in platform in Meta and Google Ads are gonna be reduced because we can’t rely anymore on the third party cookies. We have this decreasing campaign effectiveness or ROI, because we will track less and less conversions, and our conversion windows are also gonna be very much shorter. So it’s gonna be harder for us to really understand how well the campaigns are performing.

Challenging in personalisation, too, cause we used to rely a lot on cookies, in terms of the attribution. We also have to rethink everything especially in the travel industry. You have very long journey user journey, which means multiple touch points but at the moment because of the shorter conversion window and the deletion of cookies that are automatically done by you process, we just need to rethink of how we gonna do intro attribution.

If you are publisher and you have ads on your websites you will see also some of the revenue generated by those as being reduced by ad brokers and things like this. So really need to think of evaluating also the compliance risk that we have, but also starting, thinking of alternative methods.

Can you go to the next slides? This is more for practitioners, just for you to understand the impact on the direct metrics or kpis we might use on the day to day based on the user choice. So if I want or not use the cookies and based on the device and browsers that I’m using, you’re gonna be able to collect data or not.

But ultimately we will start seeing impressions going down clickthrough rate going down, conversions going down everything by the way, everything looks like really gloom and doom at the moment, but I swear there are like features and solutions. But that’s the discussions that we will have to get and have within the teams, because we see less data. And ultimately we will see decreasing performance across all our campaigns.

So what we can do about it? The hours of adapting to this new cookie world. And the first one is gonna be maximise the first party data. There is a lot we can do. And I’m gonna cover some of the strategies. You can implement some of the new technologies or even features for the platforms we are currently using. But it’s the ideas make the best use of the data we already have.

Explore alternative tracking. So you have discussions around like the server side tracking. So, for instance, one of the Facebook feature which is the conversion Api service. We also have to think shifting to conceptual targeting. So how do we serve ads based on the website where the user is rather than the user itself. We also have to rethink the attribution models, and there are tools for that. But we will always have to rethink everything starting with the privacy at the center.

So privacy by design, and making sure that the way we use the tools are always respecting, and in compliance of those regulations, and one of the hardest thing I find at the moment is to stay informed about what’s happening, which is also why we are doing that webinar today. It changes every day, and it changes fast, like the example that Marko was giving on the consent mode detail. They made the announcement, and we had a few weeks to adapt. So it’s gonna be up to every marketer to always stay alert to what’s happening and just adapt based on that.

So can you go on the next slides, please, some of the solutions. And I’m not gonna cover all of them today. This is for next time. But that’s some of the features that already are in place that have been created by the different ad platforms. So I’m just gonna focus on some of them. And just give you examples. So Google, for instance, have created what they call the consent modes. Right? So the the ability of collecting data based on the user consent, that will unlock the behaviour modelling or the conversion modelling in Google, let’s you have this new way of implementing conversion for Google ads.

You have Meta. I just touch on that which is the conversion Api. But you also have new features like so the the top left one is the Google Privacy Sandbox, where you have new Apis, new way of collecting data about the users while respecting those regulations.

And then the other one that I put is StackAdapt. It’s one of the tool that we’re using, at In Marketing We Trust that I think it’s interesting because they’re using page context, AI so based off the contents within the page, we’re gonna serve different ads, different formats based on what the user is consuming would be able to serve the right ad, and then there is this new way of identifying users, which is the derived user identity graph, which is not only relying on cookies but on different varieties that we can collect.

So there is a lot happening. And this is what’s gonna happen in on the tenth of April. So Selina and I are gonna talk about the cookie deprecation, how we implement the Cookie consent banner and what are the impact on the different tools and things, so invite everyone to join us in the next one.

Paul Hewett

Excellent. Thank you, Ben. You can sign up on our website for that by the way, and you’ll probably get an email if you’ve attended this.

So the final section is empowering performance and privacy through technology. So the question that you asked us was balancing innovation, performance and compliance is challenging. How can travel markets, harness the power of technology to protect consumer privacy and drive marketing performance?

Over to you.

Marko Mitrovic

Thank you again, Paul. So firstly, it’s considering taking its entirety. The stack that we have, and making sure it’s privacy first.

So things to consider in this is, how can we employ technology in establishing meaningful customer relationships? How can we minimise the risk of privacy infringement? And how can we construct a best practice privacy enhancing my tech stack?

The first area we’re gonna cover is using tech to build more meaningful customer relationships. So. Firstly, we’ve talked about a few things around value exchange. And it’s not all doom and gloom. There are still ways of being able to get a competitive edge, or getting data or value from users or delivering it while also maintaining privacy rights. And this comes in the balance of understanding what the consumer rights are versus the competitive opportunity there.
And so through meeting the needs and adhering to privacy standards we can maintain a position of trust, and by embracing these opportunities, what we need to do to drive a competitive differentiation.

So there’s a few examples here. I won’t go through all of them. I’ll just touch on one or 2 but, for example, looking at the right of erasure and competitive trust, so consumers have the right to erase their data, allowing them to request deletion of it, and we can leverage this to bolster consumer trust, and position our brand as a leader in privacy and customer respect building that brand sentiment, and positive reputation.

And similarly, we also have the right to data portability and personalisation. So consumers are entitled to data portability. And that means that they can obtain and reuse their personal data across different services.

So what does this mean for us? It means we can enable real time, personalisation, offering travel services that dynamically adapt to their current needs and also enhancing the satisfaction and loyalty to the brand. That ultimately won’t ever have the same amount of data. But if we offer value, trust and transparency, we can mutually benefit both as marketers and as consumers in a privacy world.

And bit of privacy is better for customers, and it’s important to be champions of both of those things, so we can address clients’ increasing desire for meaningful personalised experiences that are one to one and we can also have a better offering. Through value exchanges cause consumers feel benefits from sharing their data and encourage consent to data sharing. We can also leverage emerging technologies from the wake of privacy. And as it’s currently unfolding to enhance our offerings further.

Over to you, Ben.

Benoit Weber

And so I’m just gonna cover a few examples of technologies that we could use. So one is gonna be the customer data platform as in Cdp, reverse Etl, and then the data clean room.

So first one is going to be the customer data platform and what it is. So the Cdp is a software tool that gathers and organises the data about your customers from different sources. It creates a single and comprehensive profile of each of the user which will help you understand your customer better, and then tailor the different marketing efforts that you want based on their preferences.

So, in short, help you improve the customer experience while driving more efficient, effective, sorry marketing campaigns by having all that data in the centralised piece. Now, there are lots of different cdps that exist in the world.

You have salesforce that has that has one. You have segments, telium, adobe, and choosing a Cdp is not an easy thing, and I really invite and recommend everyone to start by defining the use cases that you want to cover. What are the things from a business perspective that you want your Cdp to help you with. And then, based on that, and with a partner, you will be able to decide which Cdp is the best for you.

The next technology is what we call the reverse Etl. So Etl stands for extract transform load. So the major difference here is that you already have sort of a data warehouse where your data is and the reverse Etl is going to be you extracting just a piece of information that you want to share with the ad platforms.

So the idea is the you only take the data that is required. You minimise it, you anonymise it, and then you pass it to the platform so you can have a better audiences or better understanding on how your marketing platform is. So when it comes to picking between Cdp and Etl. There is no typical answer to that. It really depends on once again the use case that you have, and depending on how much you want to. If you already have a data set with all your customer data, or if you don’t, and then, based on that you would be able to take one or the other, but one doesn’t necessarily replace the other, neither.

The last one is what we call the data clean room, as we prefer internally to call them data collaboration platform. So I invite everyone. There is a link here to the Iab. Call that. Explain a little bit more in detail. But here it’s sort of the you share in one place information about your customers, and you will have access also to platforms, data or publisher or ad network data. So the difference with the Cdp or Etl is once again, you are giving data and put it into the data clean room.

So you have a lot of the big players in there. So Google, Microsoft, Facebook will have data clean rooms. The difference is that you gonna give your data back into there. So then you can use it for different marketing purposes.

So now the next one is the how do we minimise the risk while maximising the rewards? So once again, not everything is gloom and doom it’s just we need to change the way we are tackling data and how we are processing it.

So there are a few strategies that we need to put in place to have the proper privacy protection. One is data minimisation, the vendor risk assessments, data protection officer, the privacy by design. Those 4. I’m gonna go into the detail. And then you have trainings and ethical data usage. But let’s start with the data minimisation. That’s something we touch on a bit earlier.

The principle is that you’re gonna collect data for stated usage and only for a limited amount of time. So you have to tell the users what you’re going to collect, how long you gonna take it for, what it is, and only use the data for that purpose. One of the perks of having that sort of data minimisation is that you’re gonna reduce the cost. You’ll have less data to store. So you’re gonna reduce. The cost is gonna be easier to manage to access the data. And you also gonna improve the customer trust.

In the past marketers had a very bad tenancy of tracking and collecting every piece of information that we could about our users. We need to go back to less is more, collect what you need for particular usage and for a particular reason, and letting the client know the user know what’s it is for.

The second thing that I wanted to show to showcase is the vendor risk assessment. So I just presented the Cdp or data clean room, or even reverse Etl, you will have a lot of vendors, and you will have in the near future more and more and more and more vendors. So the idea with that is, do you start comparing the different vendors for the use case that you have, and ranking them based on different factors that can be the security practices, the privacy policies support availability. And then it’s gonna help you selecting the right vendor for the particular need that you have.

This one, I think, is really important, too, is to designate someone as the data protection officer. It’s very important role. And the idea is that this person is gonna be responsible for ensuring the compliance with data protection laws. So Gdpr or Australian privacy act. This is the person to go to when there is anything to ask about. A privacy is owning it, and you can ask for help, and is also having all those reports around the compliance and the governance and everything. So this is one of the first thing I recommend everyone to have is designate one data protection officer to help you going through the different changes that will be required by privacy changes.

Last one is, I really like this one is privacy by design. It’s a old framework. Actually, it was created in the 1990’s. So privacy should be the key part of designing any products or systems from the start. So there are 7 main ideas, like protecting the privacy from the beginning, making the privacy the default setting or having the security all the way through.

This makes sure that privacy is built in the process from the start, rather than just added at the end.

So you may recognise some of those earlier in the talk. So Paul was showing us, like the GDPR Or even the Australian Privacy Act that we can recognise. Some of that is because those regulation have been like, put the privacy by design in the center of everything. So it’s something that I’m doing. And especially when I do data collection and basic tracking, even for GA4 is always thriftying everything around the privacy and putting in the centre from the start.

Marko Mitrovic

And then, finally, what we have here is what does a best practice martech stack look like? That’s privacy centric at at the center of it. So if we jump to the next slide.

So at a high level, we can break this down in sort of 5 different sections. The backbone being the thing that underpins everything. So this is the secure and compliant data infrastructure that supports everything else. It’s the foundation for all our marketing activities and prioritises data, privacy and security.

The next 4 sections we have discovery, decide, automate and activate. So these will correspond to various elements of the martech stack. But essentially, discovery is implementing tools and processes for analysing data and deriving insights from aggregated and anonymised user data sets.

So that’s privacy compliant communication. So it’s ensuring that all our marketing campaigns adhere to privacy regulation, the consent based and use privacy aware channels. Activation is really about leveraging 0 party and first party data to personalise experiences without compromising privacy and automation, is utilising AI and machine learning that are apearing more and more on the platforms to make up for that gap in the data that we can collect. But of course, in an ethical manner.

And also we want to automate tasks for efficiency, because every marketer is very busy at the end of the day, and we want also want to ensure transparency. And it doesn’t impact control for consumers.

And then, once we put that into practice, what it can look like is this huge slide of lots of different elements. But very simply, there are 4 key pillars here. So this unification processing and storage activation as well as marketing measurement.

So unification is our inputs and data collection processing and storage is how we securely hold as well as augment our data. Activation is our outputs or delivery to consumers, and with marketing measurement down depends everything and informs everything.

While these are the 4 key aspects of it. There are other elements there, and sections there that you can see some of them to call out that we’ve already talked about is cdps or customer data platforms to Ben’s point is centralised command centers that we aggregate our data from various sources, and including our existing customers, we also have content hubs which are libraries that comprise what our messaging is, and we also have martech orchestration, which to its name is like a conductor that coordinates everything to create a cohesive and unified marketing strategy.

And again, it’s very important to put emphasis on some of the principles that have been mentioned previously, which is things like data minimisation, anonymisation, encryption and transparency. To ensure that user privacy is prioritised throughout the process, end to end.

Paul Hewett

Great. Thank you both. So we’re gonna wrap things up now, just with a quick summary. I’m gonna ask everyone to highlight 2 or 3 things from the sections that they covered. The things that they want the audience to take away. Today I’m gonna start with you, MarKo, for setting the scene right at the start.

Marko Mitrovic

So 3 takeaways. Things are rapidly evolving in the privacy world. There’s big benefits to proactively addressing it for businesses, but there’s also big consequences that come from ignoring it.

Paul Hewett

Yeah, absolutely. And and for me, there’s going to be some repetition here. But the the key one is that data privacy is going to continue to evolve in favour of the consumer. And, as I’ve said, multiple times today, compliance is just not a choice. You will get into hot water if you ignore it.

The next is as a global industry, it makes sense to comply to the highest global standard. While paying particular attention to the nuance of local regulations. So if we put that into practice here in Australia, yes, we need to look at Australian law. But let’s look also at the gold standard of GDPR.

And then the third is as marked as I mentioned, we are not legal people. We need to use simple but effective models that are easy to understand. So consent and accountability for me is a really easy model to understand. So most people can grasp that relatively easy. So that’s a good one to use.

Benoit Weber

Yeah on the measurements well, the measurements are being limited to all the changes that happen at the moment. The second part is, gonna be the cookie. Consent is a good starting point. Just purchase a cookie management platform and just ask for user constant before you collect data, and then a lot is changing and fast, and I feel like Australia is a bit late when compared to the rest of the world. But we need to catch up very fast.

And then in some of the privacy and privacy enhancing technology, I think, starting by designating a data protection officer, to help everyone navigate all those changes is the first step and start exploring tools, like technologies like Cdp, reverse Etl, or data clean rooms and unlock new capabilities within the team, using one of those.

And then in terms of strategy, I feel like apply privacy by design on everything that you do is going to be also a key element.

Paul Hewett

Yeah. Aegree. Privacy by design. It’s a really strong framework to use. So recommend that one as well.

So next is the QA. I have got a few questions here. I’ve got 2 to start with, and we’ll see who’s going to answer those. So the first question is, I assume this is about the Australian privacy act. When does it kick in?

So the date is 2024. So there is a commitment from the Government to implement. There are no firm dates yet, and there has been back and forth on the review. So some of those points that I mentioned earlier on around the lack of clarity, on definitions, particularly the ones that have consequence around segmentation, targeting, trading. All of those require some further clarification. So the only day I can give you is sometime in 2024, is the answer.

Then I’ve got one more question. Ben. It is do you need cookie consent in Australia?

Benoit Weber


Now. So, as I was just mentioning before, we need to prepare for what’s happening. So at the moment, looking at the Privacy Act in Australia just having the banner explaining that you are using Cookies is good enough but it’s gonna change very fast because we gonna have to implement and ask the cookie consent for the user. We need also to keep track of that consent. Which means that we need to use a cookie management platform solution and all the changes that you could do now in Australia, even if then you apply a different like fall back for all users. But at least when you will have to turn on that technology, you can just turn it on. So content management is going to be one of the things I recommend everyone to do as soon as possible.

Paul Hewett

Okay, perfect. Thank you. Ben. I have. I’ve got 2 more here, and that’s all we’re gonna have time for, I’m afraid, because we are running a bit over. So for those who have stuck around to the end really appreciate your time. We’ve got 2 good questions here.

The first one is is IP really classed as personal data?

Who wants to take that one?

Benoit Weber


Don’t store IPs. No. So once again, it depends on where you store it. Right? So from a Google Analytics perspective, IP is a big no-no, it’s part of the, it’s against the policies now. Depends on the usage you want to do and why you are storing the IPs. So once again go back to the data minimisation. Why do I even want to store IPs in the first place, and just go through that journey of the do I think it’s worth having it? How long I’m gonna store it, and what I’m gonna do with it?

And I think you will get your answer of the I shouldn’t be storing IPs. That’s the the output.

Paul Hewett

Yeah, I mean, that question really, has caused a lot of debate over the years, I think, when it was first introduced many people were really surprised. The IP was actually being classed as personally identifiable information or PII, if we, as we call it, here in Australia.

So yeah. Good question. The next question. I’m not going to read your name out because, you might get in trouble for for this one. And it is that they have got email addresses within their analytics account. What is the consequences? And what can they do about it?

Benoit Weber

Gonna go back to me again. So. This is against GA4 policies. So it’s forbidden to have an email being stored. There is one feature like which is called data deletion requests. So you could ask Google Analytics to delete some of the events that have that data breach but ultimately, it’s gonna depend on the volume of data that you have stored already. Cause if we are talking hundreds or thousands usually what we recommend to our clients is to start from scratch and have a new GA4 property that is run in parallel, because, according to Google, you are against that policy. They could delete your accounts at any point and in this stage, if they wanted to.

Paul Hewett

Yeah. Great. Yeah, I think. Again, that’s another one that surprises some some of our clients that we deal with that that’s treated so seriously by Google and use the word breach there. Obviously, you’re moving it from yourself to a platform that is secure. So people necessarily don’t think that that’s a bad thing. But yeah, I can confirm it’s treated very seriously by Google.

Great. Well, that is all we have time for today. Like I said, we have run over and I do appreciate everyone sticking around. Your time is valuable, and we appreciate you giving us your time and your attention.

I’d just like to thank Marko and Ben for their efforts on the presentation today. Obviously, it takes a bit of time getting this material together for you. So thank you both for that, and also the man behind the scenes, Andrei, thank you very much for being our host and controlling things behind the scenes.

As as mentioned at the start my name is Paul Hewett. If you’ve got any questions relating to anything that we’ve covered here today, please reach out to me direct and I’ll happily answer any of your questions.

But in the meantime I hope you all have a lovely evening or lovely day, if you’re not in Australia and I hope you join us for the next webinars that are on the tenth of April on cookie deprecation, and on the 24th of April which is about generative AI, both at this time. So thank you all very much, and have a nice rest of your day.

Data Privacy Landscape for Travel Marketers Webinar Recap - Data Privacy and Cookie Deprecation Whitepaper for Travel Marketers

Kirsten Tanner

Recommended for you

Get Our Newsletter

Sign up for our newsletter and receive monthly updates on what we’ve been up to, digital marketing news and more.

Your personal information will not be shared, and we don’t like mail spam or pushy salesmen either!