Level 10

New

GDPR and Privacy: "anonymize person" flow step

Forum|Forum|7 years ago
March 1, 2018
23 replies
40339 views

As part of the GDPR, we need to get consent from people in order to be able to keep their data. If someone registers to download a white paper but does not opt-in, we are supposed to delete any reference to the person. This means deleting it or anonymize it.

One very big issue with this is that when we delete the person, it is automatically deleted from all reporting.

The work around this is to anonymize the person, since it is accepted that we keep anonymous information in our systems. We can easily replace the first name, last name or email address in the database with "John Doe" or "Anonymous Person". But there are some information that cannot be manipulated from a smart campaign:

Cookie IDs attached to the person
Inferred and system data such as the IP address
Data value changes in the activity logs
Fills out form in the activity logs

Furthermore, relying on users to run data value changes is error prone.

It would be very helpful if a new "anonymize Person" flow step was created.

In the field management, we would be able to define which fields should be anonymized, and what would be the anonymous value for each of them (for instance, we would define that the anonymous value for first name would be "Anonymous" and for last name it would be "Person", and NULL for the email address).

Then, when running the "Anonymize person" flow step, Marketo would automatically replace all the fields set in the admin with their anonymous value, cleanse the system fields that could be considered as personal Ids and also cleanse all the DVC activities (either deleting them or replacing all values with their anonymous counterpart).

-Greg

Marketo

Show previous replies

Grégoire_Miche2Author

Level 10

The Fills out Form activity has also to be anonymized, BtW. So much as it is kept by default 25 months...

-Greg

Grégoire_Miche2Author

Level 10

Edited to add the Fills out form activity

Michael_Langell

Level 4

Interesting idea.

Only issue I foresee with this, is depending on how the duplication settings of your instance are set up, you could have issues.

I believe out of the box > if the same cookied machine submits a form with different email addresses, two lead records are created.
- If you are anonymizng those records because of GDPR > you will not want the above to happen because you will want the tracking to stay intact across one lead record

Grégoire_Miche2Author

Level 10

Hi Michael,

AFAIK, when a second person comes on the same cooked machine as a previous one, the cookie value remains attached to the first person.

But anyway, the anonymization would apply to a person, not a cookie. And when anonymise, that person's cookie values would be discarded. And since a cookie value can only be linked to 1 person and only one, other persons with different cookie values would be untouched.

Greg

Amanda_Thomas6

Level 8

This is a great idea!!

Abaran

Level 5

Great idea. essential tool to be compliant but keep runnings stats.

gkrajeski

Level 10

Any response from Marketo yet, @Grégoire Michel ??

Guessing no as we have less than a day!

Grégoire_Miche2Author

Level 10

You are guessing right my friend

A

Anonymous

I feel like we've really been heard on this one.

-_-

Elsa_Man1

Level 2

In response to the original idea's note "As part of the GDPR, we need to get consent from people in order to be able to keep their data. If someone registers to download a white paper but does not opt-in, we are supposed to delete the record." Both myself and our legal team here have comb the GDPR, and no where does it say we have to delete their data just because they didn't opt-in to receiving future communications from us. If they are filling out a form and providing information to do so, then your website's updated privacy policy (that should be front and center near the form) should cover the collection of personal data; the explicit opt-in checkbox will be required to cover your company's ability to use that data in things like marketing. When a consumer voluntarily enters in their information via a form in order to receive some sort of value, they are going to accept that their data will go into a secure environment, as outlined in the Privacy Policy on the website. To collect and use the data are two separate things. That's another reason we've all likely seen a ton of emails lately from companies letting us know about their updated privacy policy

I think if you were to have any form of data collection points on your site moving forward, i.e. a whitepaper download, but you prefer to only store data from consumers that have opted in, then I would suggest not having a form in the first place. Just have a direct link to the whitepaper, with a subscription form on the side of that page (or at the end of the whitepaper) that asks them to subscribe to continue receiving more content like this. It would achieve the same thing - you only have access to email those who explicitly want you to; you'd retain metrics on the popularity of the whitepaper through page views, as well as how well that whitepaper does at converting visitors to subscribers.

Also from Marketo's perspective, they made the decision awhile ago to stop storing anonymous records and making them accessible in our smart lists, etc, in order to not burden their server's resources. The only area you'd see anonymous data now is in the Company Web Activity report. So I'm not sure how they'd feel about opening a similar function back up - my guess is that if they do this, they may just count these "anonymous" records as part of your database size in your Marketo subscription so the burden of cost is not on them; so another possible hypothetical consideration may be if you'd want to pay to keep these records that you can't do anything with, just for the sake of reporting.

Just a few of my guesses on why Marketo hasn't really responded to this idea yet, despite its popularity

SanfordWhiteman

Level 10

Read Article 17 and Recital 65 again.

In fact GDPR explicitly covers erasure of data upon withdrawal of consent.

Elsa_Man1

Level 2

Both those areas in the GDPR state that data subjects have the right to request their data be erased, basically to be forgotten. So we need to erase their data upon them asking us to. But it does not say we have to ask for their consent to just store the data. We just have to ask for explicit consent to process their data.