COMPLIANCE: A Necessary Evil or a Million-Dollar Mistake?

COMPLIANCE: A Necessary Evil or a Million-Dollar Mistake?

Explore the complexities of digital privacy in business, including the impact of consent banners on marketing analytics and the balance between legal compliance and operational effectiveness. Learn how to navigate the risks and rewards of digital data management.

As a business owner, you spend a lot of time balancing risk and reward. For instance, your service department changes tires every day. What if a wheel comes off after the customer leaves? It does happen sometimes and could mean a lawsuit, yet you still change tires. Why? You know the risk, have taken steps to insulate against it, and accept that the upside outweighs the unlikely downside. However, digital risks and rewards are not always as well understood.

A new risk you’re probably aware of is a potential lawsuit over website cookies or your handling of customer data. You’ve probably signed up for a privacy consent banner for your website, or you’re considering it. You might be looking at this risk-reward analysis and thinking that other than some cost, there’s no downside to these solutions, and your best bet is to get a consent banner on your site ASAP.

You’re correct that you need a solution here, but there are downsides to be aware of, ranging from the inability to use retargeting ads to a complete loss of marketing measurement. The former is an inconvenience, while the latter could paralyze your marketing by leaving you with no way to measure vendors and no way for your vendors to measure their impact. The stakes are much higher than most realize, and can cost the average single-rooftop dealership over $1 million annually.

Before we get into it, we are talking about laws, lawsuits and legal risk, so I would be remiss if I didn’t clarify that I AM NOT A LAWYER. This article is not intended to be legal advice and my explanations are based on research and consultation with a range of informed professionals, but there’s no substitute for contacting your own legal counsel (particularly one specialized in data and privacy law). This topic is further complicated in California, which has a more restrictive approach to this topic than the rest of the country.

Your Vulnerability

In case you haven’t read up on this issue, let’s start by talking about why it’s in the spotlight. We’ll keep this pretty high-level, and the preamble will help make sense of the issues you’ll need to navigate.

In 1999, the Gramm-Leach-Bliley Act (GLBA) was passed in the U.S. and forced financial institutions to clearly inform customers where their personal information would be shared. This is reasonable enough, and your F&I manager has been handing customers a sheet that covers this for decades.

In 2018, the General Data Protection Regulation (GDPR) was introduced in Europe. The GDPR established a strong standard for all businesses to follow. Under it, businesses may not collect any customer information or use tracking cookies to follow customers on the web unless the customer opts IN (as opposed to agreeing by default and needing to opt OUT).

Europe’s GDPR is a heavy standard, and it’s a huge part of why Google had to deprecate Universal Analytics and introduce Google Analytics 4 (GA4) in 2020. GA4 is intended to meet restrictive EU privacy standards. This is important because GDPR created an example for privacy laws in the U.S., and also because GA4 was specifically designed to work with these restrictions (I’ll be coming back to this!).

In 2018, California introduced the California Consumer Privacy Act (CCPA) and later strengthened it with the California Privacy Rights Act (CPRA). Think of these as California’s version of the European rules with some differences. They do impact your risk, even if you’re not a California dealer.

Finally, in 2023, the Federal Trade Commission updated the 1999 GLBA to enhance consumer privacy protections on the web (more updates are forthcoming), and that’s where all this really comes into focus.

How Have These Changes Impacted Businesses?

In simple terms, businesses in most of America can follow consumers around with web cookies for retargeting and other marketing purposes. Businesses just need to give consumers a way to opt OUT if they don’t want this. Businesses also have a responsibility to securely collect personally identifiable information (PII) and know where it has gone if challenged.

Some companies specialize in these things, and a common product is now the banners for the bottom of your website that say “Accept” or “Decline” and let the consumer opt out of tracking cookies if they don’t want them. In the worst-case scenario, they opt out, and now you can’t follow them around with retargeting ads. However, that’s just one limited marketing area, and you still have all the traffic data to measure how your marketing works. So what’s all the fuss about?!

Predators Like Easy Prey or Big Prey

Say your store is located in Texas (or any state other than California) and you have a privacy consent banner that works under current U.S. federal regulations. A “consumer” in California visits your site and sees that your consent banner doesn’t conform to California’s more stringent EU-style laws. Depending on the specifics, they can sue you and might have a case.

Predatory lawsuits are happening more and more, especially to businesses that are either large enough to be a juicy target — think big settlement — or soft enough to be an easy target. The latter could be a dealership with no consent banner at all, while the former could be a large dealer group that has a banner but with an exploitable hole based on the state laws of the plaintiff.

It’s clearly in your best interest to start with a consent banner. The problem is that numerous companies offering these banners are applying a lowest common denominator approach, where you get the most restrictive possible version as a catch-all solution. It sounds like that would offer the most protection until you understand the damage this can do.

Some of the consent banners are now being offered, and strongly recommended, with the ability to block more than just third-party retargeting cookies on your site. In the interest of sweeping, maximum protection, they can also block analytics scripts — namely GA4. The claim is that this is necessary to insulate you from risk, and the more this has entered the spotlight, the more the compliance vendors are jumping on the bandwagon. This isn’t because it’s a necessary step, but seemingly because they don’t want to appear to have lesser protection than another offering. Remember, GA4 was born out of a need to comply with Europe’s laws, which are stricter than even California’s, so blocking GA4 is not necessary to reduce your risk!

“OK, so I lose some analytics data. Is it really a big deal?” Yes, it’s a huge deal. Let’s focus on this with some numbers.

Knowledge Is Power … and Profit

How much do you spend on marketing? I’m talking about costs from your website itself to SEO, SEM, social, third parties, email, even OTT and traditional marketing. $20,000 a month? $100,000 a month? Somewhere in that range is typical for a single franchised dealer, and nearly all of it culminates in traffic to your website before a consumer makes the decision to send a lead or show up at the dealership.

Measuring that website traffic and whether it converted is critical to your vendors performing as promised and to you being able to tell when they’re not. Now, imagine you have no analytics data or only a small fraction of the total picture. You spend six or seven figures on marketing annually, and if you can’t measure how it worked, you can’t hold it accountable. You can’t make decisions based on anything other than a gut feeling, and those are usually off base in the volatile and competitive market conditions we’re all readjusting to.

I perform free marketing consultations for dealers and find an average of $4,200 a month in wasted SEM spend. That’s with dealers who have complete analytics data. Imagine what would happen if the data was unavailable and there was no vendor accountability. That figure would easily double! Now, expand this to all of your marketing, and the wasted budget will skyrocket.

Google Ads (your paid search) uses website conversion data to optimize your campaigns. Without analytics data, your SEM can’t be optimized for proper performance.

SEO can be complicated to measure on a good day because you need to measure whether the traffic came in, intending to transact or just to read a blog about how far an EV can go on a charge. You and your vendor can’t measure what’s working or report accurately without analytics data, meaning your vendor can’t decide how to refine your strategy.

If you spend money on an email campaign, how will you know if the landing experience was right? You need analytics data to measure conversions, time on page and pages per visit.

All of this and more is gone without analytics data. We have now seen early cases where these new privacy consent banners are enabled and are preventing tracking of anywhere from 65% to 95% of dealers’ website traffic. Every consumer who does nothing with the banner or who clicks “Decline” can’t be measured with analytics. Do you click “Accept” on every cookie banner you encounter? No.

The Grave Cost of Security

I hope I’ve illuminated the problem with measuring your marketing when a banner blocks analytics scripts, but we haven’t even talked about the opportunity cost of all this marketing inefficiency. If $20,000 in marketing is wasted in the blind, how much gross profit are we also losing through missed sales?

The high end of typical advertising cost per sale is $500, with many dealers doing better than $400 a sale. If you’re not tracking this currently, you just take your all-in marketing expense and divide it by the number of cars sold. If $20,000 a month in the budget is now misallocated without complete analytics data, that statistically also costs you 40 sales per month (at $500 a sale), which would be north of $80,000 in gross at $2,000 front-and-back per copy. The numbers here are conservative all around. Add them together, and loss of analytics data could quickly accumulate to over $1 million per year in wasted spend and lost profit for a single rooftop with a typical marketing and digital presence spend.

Compliance vendors are claiming that the cost of losing or settling a lawsuit could be hundreds of thousands or more, and there’s likely truth to that but there are questions you need to consider as you weigh this issue.

Question: What are the odds of being sued over privacy consent issues if you have a working banner that blocks third-party cookies?

Answer: To outrun a bear, you must be faster than the other guy. That’s no guarantee, but by taking protective steps, you are less of a target for predators.

Question: Is it even necessary to block analytics?

Answer: It is not clear that there is ANY regulation in the United States that makes it a problem to collect analytics data on your website, and GA4 has settings to further restrict what it will collect if you want to play it even safer without losing your data. The legal risks revolve around third-party cookies and the sharing of consumer information, as well as not collecting first-party, anonymized activity data as GA4 does.

Question: How much extra protection do I actually get by adding analytics blocking to my existing banner?

Answer: Most experts agree that there are practically no answers for a car dealership, especially outside of California, but it seems very questionable even in California. Remember, GA4 is anonymized data, and nearly every business in every vertical uses it.

Question: What will it cost me in wasted marketing and opportunity costs if I enable a banner with analytics blocking?

Answer: Easily six figures annually and well in excess of $1 million per year for larger stores.

Question: What is the risk vs. benefit?

Answer: You do the math, but the material cost of losing 65%-95% of your marketing measurement does not pencil in the unnecessary protection gained by these overreaching and lowest common denominator consent banner versions.

Question: Why are the compliance vendors pushing this so firmly, then?

Answer: I’m sure this varies from one to the next, and there are a number of them. Some appear to be drumming up fear to generate visibility and quick adoption. Something we’ve seen with multiple compliance vendors is that they are actually licensing another company’s technology for the banner itself. As a result, they don’t have the ability to fine-tune features and are blindly defending analytics blocking rather than making analytics blocking jurisdiction-specific (such as only blocking it for visitors from California if you’re worried about that).

Misinformation is swirling, and fear is being sown to push faster adoption. OEMs are jumping on the bandwagon for their own fear of being late adopters, and the whole situation is leading to dealers like you making hasty decisions without all the facts to perform a risk-benefit analysis.

An authority on this topic recently told me, “This is a business issue, not a legal issue.” He’s right. This is being painted as a legal matter as if the FTC is coming after you if you misstep. They might if you’re careless with consumer PII, but the issue with these content banners is a civil suit risk of marginal risk severity, and a huge downside if you jump in line without understanding the consequences.

What Should I Do?

It’s easy to write articles and posts calling out the pitfalls of adopting GA4-blocking consent banners without offering any solutions other than “roll the dice.” I’ve been working hard in recent weeks to find real answers, and my recommendation is first to do your own research on what data GA4 can collect so you can speak to your CFO or internal risk manager about exactly why blocking analytics is not necessary. Next, I recommend engaging a data privacy and cybersecurity attorney if you’re really concerned and want an opinion that doesn’t profit from the decision you make.

Ultimately, I recommend you reject the use of consent banners that block analytics scripts in favor of those that do not. Consent banners are something every dealer SHOULD have, but new versions that block analytics are not in the best interest of dealers, their bottom lines or even the consumers they serve. There are compliance vendors and stand-alone consent banners that allow for jurisdiction-specific behavior, tunable blocking and even adjustments to how they appear on your site. Find a solution that can be fine-tuned or demand this from your existing compliance vendor.

If you’re being forced by your dealer group to adopt an analytics-blocking banner or you’ve made that conclusion on your own, you are either losing huge amounts of data already, or you will be as soon as the feature is enabled (some vendors are still in beta testing). Whether you’re in this boat or just trying to understand your marketing better, I implore you to take advantage of Wikimotive’s free marketing consultation, especially before you don’t have any data to consult on! Understanding what’s working and what’s not will save you thousands in marketing costs while also increasing your efficiency and the cars you’re selling per dollar spent on marketing.

With Wikimotive’s free consultation, we can review your marketing mix, analytics data and CRM stats to uncover where your spending is working and where it’s not. The consultation often uncovers over $10,000 a month in wasted marketing that you can reallocate or reduce, with no pitch or requirement to take a demo of Wikimotive’s search and social solutions. Arm yourself with knowledge. Protect yourself where it counts. Weigh the risks and rewards to avoid being blind in a data-dependent world. Reach out to Wikimotive for guidance and a trained eye.

You May Also Like

‘The Password is…’A Brief History of, and Best Practices for, Today’s Passwords

Discover actionable steps to enhance your security, such as two-factor authentication, unique and complex passwords, and comprehensive phishing training for employees.

Best Practices for Today’s Passwords

The need for consistent password review and management is more important than ever. 

Those of us of a certain age may remember a television game show called “Password.”  The goal of the game was to guess the password using a one-word clue given by a contestant. A collection of passwords would then lead the contestant to guess the puzzle affiliated with the passwords to win the game.

Stuck In Traffic: Why Quick Fixes Are Stalling Your Store’s Growth in a Competitive Market

Dealers should look closely at their long-term branding, tools and market share. They should be balancing short-term lead generation with long-term investment while, critically, avoiding shiny things.

Stuck In Traffic: Why Quick Fixes Are Stalling Your Store’s Growth in a Competitive Market
High-Tech Solutions: A New Way of Thinking About Paint Touch-Up Products

The automotive paint chip repair products’ journey from simple touch-up solutions to sophisticated repair kits reflects not only the technological progress the industry has made, but also the changing demands of today’s consumer.

Dr. ColorChip paint repair
Embracing AI: How Automotive Dealerships Can Supercharge their Operations and Reconnect with Humanity

Having a human-centric approach, augmented by AI, is the cornerstone of a dealership that not only excels in sales but also in creating lasting connections with its community.

Embracing AI: How Automotive Dealerships Can Supercharge their Operations and Reconnect with Humanity
Hybrid Intelligence: The Seamless Fusion of Human and Artificial Minds

Learn how Hybrid Intelligence hasn’t just turned this dealership around, but has set it on a path to unprecedented growth and success in a challenging market.

TECOBI, artificial intelligence, Hybrid Intelligence,

Other Posts

Proactive Dealer Solutions Achieves Multiple Compliances

Certification is part of the company’s mission to deliver exceptional service while maintaining a secure environment for all client data.

Unlocking Positive Reviews: Five Strategies to Go From a 4.0 to 4.5+ on Google

Online reviews significantly influence consumer decisions in the automotive industry, with over 80% reading Google reviews.

The Smart Shift: How Dealerships Are Slashing Processing Costs

The rising trend of dual pricing and surcharging mechanisms is proving instrumental in significantly lowering processing costs.

The Smart Shift: How Dealerships Are Slashing Processing Costs
Sorting the Latest GA4 Confusion

If you’re stumped by the new Google analytics, take some solace in that you are not alone. Here’s some help.

Sorting the Latest GA4 Confusion-Remora, Google Analytics,