GDPR and Privacy: "anonymize person" flow step

GDPR and Privacy: "anonymize person" flow step

As part of the GDPR, we need to get consent from people in order to be able to keep their data. If someone registers to download a white paper but does not opt-in, we are supposed to delete any reference to the person. This means deleting it or anonymize it.

One very big issue with this is that when we delete the person, it is automatically deleted from all reporting.

The work around this is to anonymize the person, since it is accepted that we keep anonymous information in our systems. We can easily replace the first name, last name or email address in the database with "John Doe" or "Anonymous Person". But there are some information that cannot be manipulated from a smart campaign:

  • Cookie IDs attached to the person
  • Inferred and system data such as the IP address
  • Data value changes in the activity logs
  • Fills out form in the activity logs

Furthermore, relying on users to run data value changes is error prone.

It would be very helpful if a new "anonymize Person" flow step was created.

In the field management, we would be able to define which fields should be anonymized, and what would be the anonymous value for each of them (for instance, we would define that the anonymous value for first name would be "Anonymous" and for last name it would be "Person", and NULL for the email address).

Then, when running the "Anonymize person" flow step, Marketo would automatically replace all the fields set in the admin with their anonymous value, cleanse the system fields that could be considered as personal Ids and also cleanse all the DVC activities (either deleting them or replacing all values with their anonymous counterpart).

-Greg

56 Comments
Level 10 - Champion Alumni

Completely agree, Greg - and thanks for clarifying.  I was just offering up another data point on how "unmarketable" our databases may become as a result of this "right"; and how your idea here would possible allow us to keep the "anonymized" records intact.

Level 8 - Champion Alumni

I think this is a very interesting idea Grégoire Michel but I'm trying to better understsand value this feature would bring.

Because the person is anonymized they would of necessity not be connected to any type of opportunity information or data about sales interactions either.

So what you would preserve basically is that someone anonymous downloaded your white paper but then no additional information on outcomes beyond that.

It seems the reporting value of that information is very limited at best, which makes me question why have that record in Marketo at all. It is something you could track in web analytics if you wanted anonymous, aggregate information.

Perhaps I am missing something though.

Hi Justin,

Agreed, it would be impossible to reconcile with the opportunities.

Yet, even these are Marketing internal metrics, you still need to get the data on landing page visits, conversions, as well as program successes. Especially if you are linking your web assets with Analytics in order to track the results of you ads, banners, etc... You need to be able to reconcile the numbers, even if it's to assess the number of anonymous these campaigns are generating.

-Greg

Level 8 - Champion Alumni

Interesting, thanks for that Greg.

My two cents is I would probably still look to web analytics for the clickstream-type data points like page visits and conversions, GDPR aside, as it is a better tool for the job. But I can see why you might want the option to maintain accurate program success in Marketo.

I suppose if the anonymized records are charged at full price against your subscription limit that is also a consideration...perhaps then you warehouse the anonymous data then delete.

Hi again Justin,

  1. Not all Marketo users are downloading Marketo data into a DW. From my experience, the majority of them don't in fact
  2. I fully agree that keeping this data on the long run in Marketo makes no sense. I would recommend that the data is kept until the reporting period (quarter or Fiscal Year) is over, then be deleted.

-Greg

Plus you'd have the opportunity to analyze and try to improve your opt-in rates. E.g., if LP "A" has a high non-opt-in rate, perhaps changing the copy could help improve that. And it would be interesting to know if LP A has a higher non-opt-in rate than LP B. If the data just disappears, we won't know.

Good one Denise . It should become part of the LP performance metrics, with a way to track the non opt-in to the page.

Two thoughts here:

  1. Marketo support will be bombarded by customers asking for help in deleting data if someone exercises their right to erasure. Marketo will have to have a small team of people who do nothing but wipe out data, since we can't do it ourselves.
  2. The anonymization requirements are just that you can't reverse engineer what data is left and figure out who the person is. So, as you said, you can easily make the person record anonymous, but you can still see all of the data value changes (including name, email, etc.) in the Activity log, which is the problem.

Hi Kelly,

you can still see all of the data value changes (including name, email, etc.) in the Activity log, which is the problem

Only for 90 after these activity occurs. See Marketo Activities Data Retention Policy - Overview & FAQ

The other issue is with the cookie value.

-Greg

Greg - have you heard anything from Marketo on your idea? It has a large number of votes.

Just a thought for making this happen. What if the delete flow step was updated to give us options such as From CRM (True/False), Keep for Anonymous Reporting (True/False) and Marketo developed a manner in which to processing the delete while still maintaining overall program, landing page (etc) performance numbers?