Facebook Facebook icon Twitter Twitter icon LinkedIn LinkedIn icon Email
Why CMOs should be listening to the consumer on data

CEO Circle

Why CMOs should be listening to the consumer on data

Published 3 March 2023 in CEO Circle • 6 min read

Changes to data-privacy regulations require CMOs to rethink their strategies, warns Öykü Işık, Professor of Digital Strategy and Cybersecurity at IMD.

A cold wind is blowing for chief marketing officers (CMOs) who have built their customer acquisition and retention strategies around data. The flow of that data is set to slow to a trickle as regulators and the world’s largest technology companies respond to growing concerns about consumer privacy. CMOs will need to rethink the way in which they engage with consumers online. 

Impetus to put more consumer data off limits is growing. In Europe, regulators are taking a tougher line on interpretation and enforcement of the landmark General Data Protection Regulation (GDPR) and the Digital Services Act and the Digital Markets Act are raising the stakes. The US is catching up: five states have already enacted comprehensive consumer-data privacy laws. Asia is moving this way too, led by China’s new Personal Information Protection Law. 

Big tech, meanwhile, is following their lead. Apple has updated its hardware so that users can decide whether to let apps track them online and serve up ads accordingly. Google has pledged that, by the end of 2024, its Chrome browser will no longer support third-party cookies, which enable advertisers to track people’s movements online in order to target them with personalized ads. 

A new data era  

This does not, of course, mean the end of data. New regulation will continue to allow CMOs to collect, store and analyze customer data, provided they comply with legal requirements. And the advertising industry has plenty of workarounds up its sleeve to counter the disappearance of third-party cookies, even if they involve a bit more legwork.

Nevertheless, this is a moment for CMOs to rethink seriously their approach to consumer data. Now is the time to consider more deeply what data you really need, how it’s collected, and whether your strategy is aligned with consumer  preferences.

On that final point, too few companies have a detailed idea of what their customers – actual and potential – really think about data privacy. Some of the strategies once routinely used for gauging customers’ views on new initiatives or policies – consumer panels, for example – are less often used, and in particular in relation to data collection and data use policies. Having failed to ask their customers what they think about a new product idea or a change of approach, companies should not be surprised when those customers are angry or disappointed. 

The presumption is that consumers inevitably want more data privacy; at first glance, that seems to be the case. In the US, for example, 94% of users opted out of data collection when Apple gave them the option.

Different views on data  

The reality, however, is rather more nuanced. My own research, both in the past and most recently (see here and here), suggests there is very little consensus or consistency; preferences are highly individual and vary enormously.

In part, that is because people’s views on data privacy are highly dependent on context. Many consumers dislike the idea of being tracked by online retailers from whom they’ve never bought a product, simply so those retailers can serve them advertising. But, conversely, many will feel reassured that their bank is collecting data on them to help them manage their finances more effectively, or that their medical provider is using data to help them achieve better health outcomes. 

Why CMOs should be listening to the consumer on data

Multiple factors feed into consumers’ views. Those who have suffered some sort of data breach or invasion of privacy naturally tend to feel disproportionately strongly about protecting their privacy going forward. Those who are generally optimistic about the advance of technology are more relaxed. The type of data matters, too: the research suggests people feel more comfortable sharing demographic details than, say, geo-location data.

Given these complexities, CMOs that fail to ascertain and consider what their customers really think about data privacy leave themselves vulnerable to grave repercussions. External intelligence is not enough; CMOs must do their own research, assessing customers’ views in the context of the business’s unique characteristics, its products and services, and its customer base. And that research needs to be robust, with a sample that is deep and broad enough to provide meaningful insights.

CMOs must recognize, moreover, that many of those customers will define data privacy more widely than simply in terms of what information the organization wants. Ultimately, most consumers are looking for two key components in the way organizations handle their data: they want transparency about which data an organization hopes to collect and how this data will be used; and they want control over which data organizations have access to (and the right to extend or revoke permissions at will).

Time for CMOs to step up 

Meeting these demands should not be beyond CMOs; maintaining this kind of safe environment for consumer data is, after all, the essence of GDPR. It requires organizations to offer transparency and flexibility, setting out clearly how they are using consumer data currently and allowing the consumer to call the shots about how it is used in future.

Communication is vital. Simpler data policies, articulated more effectively, will afford customers control; build trust in the organization; and, ultimately, secure access to greater volumes of data. Some customers will inevitably continue blindly to opt in or out of the data policy, but finding ways to engage with those who want to think more deeply about the issue will bring rewards.

CMOs now need to focus on data policies and communication methods that deliver the transparency and control that consumers may crave. That may require additional resources; growing numbers of businesses, for example, are hiring data-privacy engineers to adjust their marketing activities to the new regulations, across the board. 

What CMOs really need now is to become familiar with and learn how to apply Privacy by Design (PbD). This approach is not really new, the concept has been around since the ‘90s. But it is now getting easier to apply thanks to the plethora of tools and techniques enabling privacy preservation. 

New opportunities ‒ for some  

However, some organizations threaten to alienate customers with their approach to securing permissions, so-called dark patterns. When a customer has to click through three screens to opt out of a data-collection process, for example, but only one to opt in, they will notice. Less obvious – but still sneaky – strategies such as careful use of color (to encourage users to click on a specific option) or other user interface features also risk inciting a backlash. 

In practice, many CMOs may discover that they require far less data than they currently source. Too few have a clear idea of what is going on inside the black boxes of their analytics engines – if they can get to grips with those formulas, CMOs will be able to communicate more honestly with customers, walking them through the most important data points and what they are used for. If they are able to whittle them down in number, all the better.

In this context, perfect really can be the enemy of good. Very often, adding new data to the model brings only incremental gains in terms of the outcomes that CMOs seek, while increasing the risk of customer discomfort. Accepting a model that is marginally less predictive could bring significant gains in terms of brand trust and customer acceptance. 

The race to position brands as trusted advocates for increased data privacy has begun. Look, for example, at the way in which Apple CEO Tim Cook has deliberately sought to position his company on the side of the angels, contrasting its privacy features with the approach taken by companies such as Meta.  

CMOs can’t take a cookie-cutter (pardon the pun) approach to data privacy; their businesses are too diverse – and their customers too divided – for that to be possible. It is important to recognize, moreover, that this debate is only just getting under way. As practices change, and attitudes evolve, today’s acceptable compromises may no longer be condoned.

Nevertheless, doing nothing is not an option; the passive will be left in the dust by more eager competitors. Regulators are mandating change and customers want a world in which they decide which data to share and when – and what they get in return.


Oyku Isik IMD

Öykü Işık

Professor of Digital Strategy and Cybersecurity at IMD

Öykü Işık is Professor of Digital Strategy and Cybersecurity at IMD, where she leads the Cybersecurity Risk and Strategy program. She is an expert on digital resilience and the ways in which disruptive technologies challenge our society and organizations. Named on the Thinkers50 Radar 2022 list of up-and-coming global thought leaders, she helps businesses to tackle cybersecurity, data privacy, and digital ethics challenges, and enables CEOs and other executives to understand these issues.


Learn Brain Circuits

Join us for daily exercises focusing on issues from team building to developing an actionable sustainability plan to personal development. Go on - they only take five minutes.
Read more 

Explore Leadership

What makes a great leader? Do you need charisma? How do you inspire your team? Our experts offer actionable insights through first-person narratives, behind-the-scenes interviews and The Help Desk.
Read more

Join Membership

Log in here to join in the conversation with the I by IMD community. Your subscription grants you access to the quarterly magazine plus daily articles, videos, podcasts and learning exercises.
Sign up

Log in or register to enjoy the full experience

Explore first person business intelligence from top minds curated for a global executive audience