According to a recent survey, only 22% of South African businesses are aware of privacy laws governing their marketing activities, despite the Protection of Personal Information Act (PoPIA) set to take effect on 1 July 2021.
The survey, conducted by WorldWideWorx and commissioned by global technology company Zoho, also revealed that even though businesses are concerned about the privacy of customer’s data in the hands of third-party vendors, they are reliant on them for revenue generation, and gathering customer insights. This makes it harder for them to move away.
According to WorldWideWorx CEO, Arthur Goldstuck, the lack of awareness about the law is largely because these regulations are not part of business-critical activities like taxation and licensing. In fact, while 76% of the businesses indicated that they have well-documented policies for customer data protection, only 57% are strictly applying them. “When PoPIA comes into effect, and defaulters face severe fines and garner negative media attention, most companies will start complying fully and restructure their marketing operations,” said Goldstuck.
Third-party trackers and ad platforms
Of the 448 businesses surveyed across various industries and sizes, 42% said they allow third-party trackers on their website, mostly for sharing content on social media (55%) and gathering analytics on their website visitors (40%). There is also a heavy dependence on digital ad platforms. The respondents believe that keyword search ads (55%) and social media ads (54%) are quite effective for customer conversion. In fact, 72% of businesses said the third-party ad platforms either help them meet or are a primary factor in achieving their sales goals.
Given this reliance on third-party vendors, it is no wonder then that, even though 73% of businesses express concern over the use of their customer’s data, they are largely either ‘comfortable’ or ‘neither comfortable nor uncomfortable’ with the platforms. Even the 23% who are uncomfortable state that they cannot move away from the platforms as they are crucial to their business or that it is too complex to move away. Interestingly, 24% businesses reported that they do not completely understand how third-party trackers and ad platforms utilise the collected customer information.
“When businesses choose to use a free tracker, they are paying for it with their consumer’s data,” said Andrew Bourne, regional manager for Africa, Zoho. “At Zoho, we refer to this practice of third-party trackers collecting data without user knowledge as adjunct surveillance. Presently, South African businesses turn a blind eye to this passive data collection by trackers, most likely, because they are dependent on them for revenue. The PoPIA compliance will change this by requiring businesses to inform users beforehand and get their consent to be tracked. Even so, consumers will eventually trust companies who have transparent privacy policies that respect and protect their personal information. Businesses hoping to stay relevant for the long term will need to either rethink their reliance on third-party platforms or demand greater transparency and accountability from them.”
Zoho had removed third-party trackers from its website in 2020, and has never sold customer data to anyone or shown ads, even in their free products. Zoho also owns its data centres and the entire technology stack of its solutions. It can, therefore, assure its users of the highest standards of privacy and security.
South African businesses believe that PoPIA will either have no effect (41%) or a positive effect (40%). Their biggest concerns with the law are the increased cost of governance (34%), marketing becoming less effective ( 30%), and increased complexity (28%). As per Goldstuck, marketing will become less effective only for those who were sharing their customers’ personal information behind the scenes, and not those conducting their efforts in line with the Act. However, he does believe that the cost of governance will be a major concern for SMEs.
For context, all businesses in South Africa (regardless of size) will need to appoint a privacy/information officer to oversee the protection of customer information. Larger businesses can appoint their CIOs or IT leads in this new role, while smaller businesses may have to appoint their managing directors or business owners in the same role. For smaller businesses, in particular, this can be a daunting task as the person-in-charge can be held personally liable for data leaks or breaches, as per the law.
This study was conducted using Zoho Survey and Zoho Analytics.