Re: GDPR - What are you doing to prepare?

Good points Mark.  I think many are so focused on "consent" in terms of email opt-ins, and not realizing the implications of the other type of consent: the ability (or I should say "inability") to track known users online - in this case, placing the Munchkin tracking cookie on a user's browser to track ongoing behavior/engagement.  Today, many of us who have country-based sites (in addition to our global site), are able to get by with implied consent (if they click the "x" to hide the banner and continue to use the site, we can place cookies on their device):

But with GDPR, tracking users is now going to require explicit consent (including the ability to opt-out in the future) and will require a much more complex opt-in process, for example:

Not only does that add technical complexity for us (since we'll need to offer the ability to opt-in/out of each type of cookie), but negatively affects the overall visitor experience with these annoying pop-ups.  This will also significantly diminish the value that Marketo - and other marketing automation platforms - brings to marketing organizations since we'll basically have to disable this "non-essential" tracking by default.  And only enable it when someone opts-in.

All great points - i agree.

Its also the implication i am trying to understand.

How will Marketo allow website owners to manage preferences for website visitors.

What will the impact be if they opt-out of profiling

Will consent to email marketing require double opt-in to verify the address in the form submitted is the person who submitted the form (ie need to click link in email) - what happens to that data in the meantime, is it temporarily stored in Marketo until verified and then added to our account?

My understanding of the problems, leads me to beleive the answer lies in a 'preference management' page for a user, whereby they can opt-in / out to tracking (profiling) and email marketing, AND also see their registration data, and amend as they wish.

But then this changes the data model for Marketo from a one-way submission and store on a cookie, to a user management, two-way comms flow that is able to pull information from Marketo(?) and show on a page.

From my limited understanding of Marketo, thats not possible? Marketo only pushes from website to Marketo to CRM?

- so suddenly website managers will need to find a way of PULLING user profile data / preferences from the CRM to display on their websites, whilst still ensuring all values are in synch, consent is stored (and dated and noted where consent was given from (ie specific website activity))

Anyone got any data models showing the required flows for this?

I am trying to get an understanding now, but my Marketo contact doesnt seem to understand the issue (perhaps as based in USA and therefore unaware of the potential impact of GDPR).

We will address Consent in both contexts - namely consent to digital communication and consent to monitoring. In relation to monitoring we can honor DNT today and you can provide the site visitor the choice to opt out of tracking, both are standard functionality within Marketo today.

However this is broader and complex topic and you'll have many cookies performing various functions on your website, Marketo is but one of those. I'm sure your legal teams will be aware but the ePrivacy directive, which is still in draft, will offer further legal guidance on the topic and our legal team are monitoring and assessing that guidance. Proposed amendments to the draft were published this week. This is a useful summary.

Peter, will there be any enhancements made in Marketo to offer "do not track" at the user level (and coincide with some sort of preference center)?  The current implementation of DNT in Marketo is to honor this at the BROWSER level, not the user level.

Edit "Do Not Track" Browser Support Settings - Marketo Docs - Product Docs

Hi Dan,

As DNT is a browser setting (where the browser when DNT is turn on sends at HTTP heading requesting that no tracking be performed)  it is not possible to overcome the natural limitations of of shared browser use, etc.

More accurate and closer to user level is Munchkin Tracking, but we're still talking cookies and the limitations thereof. We can place a mkto_opt_out cookie on browser which tells Munchkin to no longer track the user for that website.

The simplest way to do this is to place a link on a page (typically a privacy page or similar)  that redirects them to a landing page containing the opt out parameter (can be added to a Marketo landing page or a page with Munchkin tracking on):

http://”customerpage”?marketo_opt_out=true

The same can be done via API if you're building a a more comprehensive solution to cookie behaviour on your site.

Peter

Just a quick update for everyone on this thread. We have published a formal update in our legal section on marketo.com ​

This makes many of the same points I made here last week but may be useful with your own legal teams as it is a formal statement from us.

Again we'll be publishing more as soon as possible.

Peter

Hi Peter,

You mentioned you would be creating documentation on GDPR compliance processes. Have you published/made on any headway on that?

"documenting  the functionality that will help with that that but if you know your Marketo then this is about modifying forms to include the correct consent and privacy notices and  having your programs respect the end customer preferences."

We have documented a lot of this at learn.perkuto.com/gdpr and have a whitepaper with lots of handy checklists.

Me too!