GDPR and Privacy: "anonymize person" flow step

GDPR and Privacy: "anonymize person" flow step

As part of the GDPR, we need to get consent from people in order to be able to keep their data. If someone registers to download a white paper but does not opt-in, we are supposed to delete any reference to the person. This means deleting it or anonymize it.

One very big issue with this is that when we delete the person, it is automatically deleted from all reporting.

The work around this is to anonymize the person, since it is accepted that we keep anonymous information in our systems. We can easily replace the first name, last name or email address in the database with "John Doe" or "Anonymous Person". But there are some information that cannot be manipulated from a smart campaign:

  • Cookie IDs attached to the person
  • Inferred and system data such as the IP address
  • Data value changes in the activity logs
  • Fills out form in the activity logs

Furthermore, relying on users to run data value changes is error prone.

It would be very helpful if a new "anonymize Person" flow step was created.

In the field management, we would be able to define which fields should be anonymized, and what would be the anonymous value for each of them (for instance, we would define that the anonymous value for first name would be "Anonymous" and for last name it would be "Person", and NULL for the email address).

Then, when running the "Anonymize person" flow step, Marketo would automatically replace all the fields set in the admin with their anonymous value, cleanse the system fields that could be considered as personal Ids and also cleanse all the DVC activities (either deleting them or replacing all values with their anonymous counterpart).

-Greg

57 Comments
Grégoire_Miche2
Level 10

You are guessing right my friend

Anonymous
Not applicable

I feel like we've really been heard on this one.

-_-

Justin_Norris1
Level 10 - Champion Alumni

Someone inquired about this feature during a product session at Summit and the PM team stated it is not currently on the roadmap.

Denise_Greenb12
Level 7

Justin Norris  - That was me who inquired. And that's the answer I heard as well: not currently on the roadmap. Disappointing!

Grégoire_Miche2
Level 10

I do not know if any other idea reached 4350 points in less than 4 months... This is really something we almost all need, and quick. we should take any occasion to tell Marketo about the need.

-Greg

Elsa_Man1
Level 1

In response to the original idea's note "As part of the GDPR, we need to get consent from people in order to be able to keep their data. If someone registers to download a white paper but does not opt-in, we are supposed to delete the record." Both myself and our legal team here have comb the GDPR, and no where does it say we have to delete their data just because they didn't opt-in to receiving future communications from us. If they are filling out a form and providing information to do so, then your website's updated privacy policy (that should be front and center near the form) should cover the collection of personal data; the explicit opt-in checkbox will be required to cover your company's ability to use that data in things like marketing. When a consumer voluntarily enters in their information via a form in order to receive some sort of value, they are going to accept that their data will go into a secure environment, as outlined in the Privacy Policy on the website. To collect and use the data are two separate things. That's another reason we've all likely seen a ton of emails lately from companies letting us know about their updated privacy policy

I think if you were to have any form of data collection points on your site moving forward, i.e. a whitepaper download, but you prefer to only store data from consumers that have opted in, then I would suggest not having a form in the first place. Just have a direct link to the whitepaper, with a subscription form on the side of that page (or at the end of the whitepaper) that asks them to subscribe to continue receiving more content like this. It would achieve the same thing - you only have access to email those who explicitly want you to; you'd retain metrics on the popularity of the whitepaper through page views, as well as how well that whitepaper does at converting visitors to subscribers.

Also from Marketo's perspective, they made the decision awhile ago to stop storing anonymous records and making them accessible in our smart lists, etc, in order to not burden their server's resources. The only area you'd see anonymous data now is in the Company Web Activity report. So I'm not sure how they'd feel about opening a similar function back up - my guess is that if they do this, they may just count these "anonymous" records as part of your database size in your Marketo subscription so the burden of cost is not on them; so another possible hypothetical consideration may be if you'd want to pay to keep these records that you can't do anything with, just for the sake of reporting.

Just a few of my guesses on why Marketo hasn't really responded to this idea yet, despite its popularity

SanfordWhiteman
Level 10 - Community Moderator

Read Article 17 and Recital 65 again.

In fact GDPR explicitly covers erasure of data upon withdrawal of consent.

Elsa_Man1
Level 1

Both those areas in the GDPR state that data subjects have the right to request their data be erased, basically to be forgotten. So we need to erase their data upon them asking us to. But it does not say we have to ask for their consent to just store the data. We just have to ask for explicit consent to process their data.

SanfordWhiteman
Level 10 - Community Moderator

But it does not say we have to ask for their consent to just store the data.

I wouldn't trust a lawyer who said this.  Your call, but the people on this thread have worked with hundreds of companies in total and frankly, I trust us more.

Provisions for withdrawal of consent make no sense without a companion requirement of initial consent. Some wiggle room may be possible if another explicit action can be reasonably construed as explicit consent to store. For example, a deliberate form submission may (again, I stress may) suffice to establish that the person consented to persistent storage of personal data, since their action would make no sense otherwise. But that's not the same as not requiring consent to store.

Also, you mention all the updated privacy policies you've been getting. If an opted-in PP happened to already meet GDPR requirements, then and only then can you keep doing what you were doing with someone's personal data and merely tell them to read the new PP at their leisure. If the previous agreement did not conform to GDPR (either in its internal guarantees or in the method of consent) then the agreement is void. Of course, legitimate interest applies as well, so you likely don't have to reaffirm consent as a customer. But as a marketing contact, yes. (And just because a company tried a CYA move by sending out an updated PP doesn't mean they're actually obeying the law. I know personally that some Fortune 100 companies are skirting responsibility here, alas.)

Denise_Greenb12
Level 7

Hi Elsa,

I think Sanford is correct. See the following quotation from this site: General Data Protection Regulation (GDPR) – Final text neatly arranged

I went to "Key Issues" at the top and clicked on "Consent."

"Processing personal data is generally forbidden if it is not expressly allowed by law, or the impacted persons have not consented to processing these data. The consent of those whose personal data is collected, processed and/or used puts the persons in the position to be able to dispose of their personal rights." [emphasis mine]

- Denise