This is a transcript of episode 91 of the Let’s Get Data-Driven podcast.

I’m Lanie Lamarre and I’m a card-carrying member of the International Association of Privacy Professionals, and even I find it difficult to keep up with all the data privacy changes happening in the digital marketing world right now. It’s a lot, right? But here’s the REAL “gah” of it all… you’re expected to be compliant to all these new laws and regulations, which is a full-time job to keep up with and you have other things to do, boss!

So today, we’re going to talk about how you can keep your online business compliant… without having to become a privacy professional to do it.

The online world is being forced to take responsibility for how we are collecting, storing and using data, and I’ll be the first to admit that it is a LOT to keep up with. Even business owners who couldn’t care less about responsible marketing are going to have to make the effort, though, because non-compliance penalties, fines and reputational damages are today’s reality.

So what is digital marketers supposed to do? Simple – get a compliance tool.


And what exactly is a compliance tool? A compliance tool is a software or platform that helps organizations to comply with various regulatory and legal requirements. These tools typically automate compliance-related tasks like advising visitors as to what tracking they’re opening themselves to. A data compliance tool will straight up tell you and your visitors what data is being collected and stored where, and it will allow your visitors to provide consent and have some agency over they choose to share their information with you.

Undoubtedly, you’ve noticed that most website have those cookie banners now asking you if you accept the cookies to collect your data or if you’d prefer to manage your preferences before navigating the website. That’s what we’re talking about here: based on your visitor’s location, that visitor will have their laws and regulations dictating what data you can collect and store about them. It isn’t where your business is located that dictates which laws and regulations you have to abide to; it’s your visitor whose rights are being protected and therefore, it is their laws and regulations you are expected to abide by.

What’s great about a compliance tool is that these will typically account for where your visitor is coming to you from on your behalf, and the compliance tool is on top of your obligations to them based on where they’re visiting from. Unless you’re a nerd like me who finds this stuff fascinating – but frankly, even if you ARE – using a compliance tool is an increasingly necessary asset to keep in your tech stack to ensure you’re marketing responsibly and not inadvertently breaking any laws.

Their popularity is growing precisely because it is a lot for marketers to keep up with, even though they are being held responsible, and if you Google “data compliance tool” or search service like appsumo for “Privacy”, you’ll find options for tools that can help you create privacy policies, manage custom data requests, and remain compliant across any law changes with automatic updates.


In addition to keeping you on the up-and-up of all the legal stuff, there are additional benefits to using a compliance tool. A big one for me is the awareness factor.

When you use a compliance tool, part of its job is to scan your site for tracking cookies you may have installed and to inform both you and your visitors that they’re there. For instance, when you embed social media plugins on your website, you are also typically allowing that social media platform to install tracking on your website. When you use those Captcha or ReCaptcha services that protects your site from spammers or when you embed YouTube videos on your site, you’re allowing Google to collect data on your website on your behalf. When you have third-party services like chatbots on your site, these use cookies to collect data.

It’s worth nothing that not all cookies are created equal. Some cookies may be necessary for the functioning of a website, others may be used for tracking or advertising purposes, and that’s the point of a compliance tool: it gives your visitors the ability to decide for themselves to what extent they are willing to be tracked.

Meanwhile, as a website owner, you’re expected to be transparent about the types of cookies you use and obtain user consent where required by law… but it’s hard to be transparent about things you don’t know about in the first place. That’s why one of the big gold star benefits I see from using compliance tools is that not only does it help you comply to data privacy laws but it also allows you to be aware of the extent to which you are tracking your visitors and it provides you with the opportunity to revise and think about whether that’s data you want to continue collecting or not.

Because here’s the truth of the matter: most website tracking isn’t happening to serve the website owner or its visitors.

When you’re aware of what you’re tracking and on whose behalf you’re collecting that information, you’re then able to sit back and ask yourself whether that data collection serves you, or whether you’re opening yourself and your visitors up to unnecessary risks for someone else’s benefit. Using a compliance tool allows you to do that.


Of course, the main reason we all want to be data privacy compliant is because we don’t want to get sued or pay fines for disobeying the law, right? But if you listen to this podcast, chances are that you want to be a responsible marketer and you care about doing the right thing for your visitors and yourself.

I often hear people say “but what do I care about my data being collected? they already know everything about me” and it’s a fair statement because again, we’re not being made fully aware of how our information is being used after it’s collected.

You know I’m a big fan of examples so let’s use one that was kind of a big deal in the news: the Cambridge Analytica scandal.

The Cambridge Analytica scandal was a data privacy scandal involving the British political consulting firm Cambridge Analytica and Facebook. In 2018, it was revealed that Cambridge Analytica had obtained personal data of millions of Facebook users without their consent, and had used this data to create targeted political advertising during the 2016 US Presidential election.

Cambridge Analytica had created a personality quiz app called “This is Your Digital Life” which was designed to collect personal data from Facebook users. The app not only collected data from the users who took the quiz, but also collected data from their Facebook friends without their consent. This allowed Cambridge Analytica to collect data from millions of Facebook users, which they used to create detailed personality profiles and target political advertising to users.

The collection of personal data in this case was an issue because it was done without the knowledge or consent of the individuals concerned. Facebook’s data policies at the time allowed app developers to collect data from not only the users who installed the app, but also their friends’ data if the users gave permission to the app to access their information. This meant that app developers like Cambridge Analytica were able to collect large amounts of personal data without users realizing it.

Another example, taken straight from recent headlines: Major retailers in Canada like The Gap, Home Depot and Petsmart have been found to be sharing customer information with Facebook to gain marketing research. It appears that when customers chose the option to have their receipt emailed to them, that person’s information and their purchase history was being shared with Facebook, once again without the customer’s knowledge or consent. Purchases from department store giant Hudson’s Bay, athletic apparel chain Lululemon, electronics retailer Best Buy, homeware store Bed, Bath & Beyond and beauty products chain Sephora all appeared in the Facebook data seen by CBC. As the article states, “This is “a wake-up call,” said Wendy Wong, a political science professor at the University of British Columbia Okanagan who studies emerging technologies. “These revelations are showing the extent to which the public does not know how much of our activities are trackable”.”

It isn’t just your activities, either. As the Privacy Commissioner reports, there are concerns that in certain stores, purchase details could prove “highly sensitive … where they reveal, for example, information about an individual’s health or sexuality.”


While all this regulation is a bane to your existence as a digital marketer – because I get it, you want to have better ad retargeting and you want more accurate client journey reports – your existence and rights to privacy and consent as a human being matters more right now. As such you can expect to see more regulation being applied, and I’m all for it.

Let’s take an example where we’re seeing AI growing faster than anything we’ve experienced in the digital world. We’re at a place right now where you can take someone’s voice and make that voice say virtually anything you want, regardless of whether that person said that thing or not. It seems to fun and funny to have someone like Joe Rogan say you rock socks and have great hair – and that example is relatively harmless to whether he said that or not – but in the same vein, his voice can also be used to share opinions he may not agree with, to make statements he may not support, to say slurs he does not condone. This is a problem for all of us, whose personal information like our voice, can be used by others in ways we do not agree or consent to.

The European Union is working on this with the AI Act – officially known as Artificial Intelligence Act – and it is aimed at regulating the development and use of artificial intelligence (AI) systems in the EU. The proposed regulation is meant to address the potential risks posed by AI systems, such as privacy violations, discrimination, and bias.

I’ll admit that I feel a little Chicken Little about the situation because the AI Act is still in the early stages of development – and like GDPR, it’s only based in the EU – so I have my doubts as to whether this regulation and regulation like this will be put in place in time to mitigate the inevitable risks. After all, this AI train is moving forward at record speed and these types of unprecedented laws will take years to write and enforce. I suppose time will tell on this front.

Technology is great but for every great advancement is the potential for it to be used with nefarious intent, and we do need more guardrails and awareness in place.

On a much brighter side, I do think the digital landscape will catch up to the transparency and awareness I believe we all need, and it won’t be in the form of a cookie banner, either. I do believe that cookie banners and compliance tools are our very necessary placeholder for time being, but I also think that the way websites are built, the way social media and marketing take place, the way tracking is done – all of it is going to undergo an complete overhaul.

A good example in the news of this right now is what we’re seeing with TikTok: there are all these bans being enforced by government departments and educational institutions against the use of the platform on its networks because of the way data is being collected and stored by ByteDance, the Chinese company that owns TikTok. I can’t see there being an all-out federal ban against the use of the platform – it’s too big at this point, I feel – but I do think it’s going to be the last straw that created a need for better boundaries around social media tracking as a whole.

These are interesting and exciting times to be a digital marketer. Instead of being frustrated, I hope you can find a way to reframe those feelings into excitement for being THERE as all of this goes down. There’s a lot going on and a lot of changes that will impact you… and that’s exactly why you want to use a compliance tool to keep you on the up-and-up of these things, so you don’t have to bog yourself down with having to know the ins-and-outs of it all.

Talk soon – baiiieee!!