Does your company use mobile apps, Internet of Things, AI, health tech or other technologies to develop consumer profiles, create products or deliver targeted advertising? If so, you should be aware that the technologies used to perform these tasks are highly regulated and the subject of multiple privacy and data security laws. Specifically, it is worth asking your digital marketing department whether it is using persistent unique identifiers (or IDs) to track users. Persistent IDs are the tools that marketers use behind the scenes to connect consumers with their devices. The information gathered is used for marketing, product development and analytics.

There are three important tips to keep in mind if your team is using persistent identifiers. First, persistent IDs are considered personally identifiable information by the Federal Trade Commission, the European Union, and several states, including California. Second, companies need to provide clear notice to consumers that they are collecting persistent identifier data and how and why they are collecting it. Third, companies need to know the differences in requirements relating to persistent identifiers in the different jurisdictions that they do business in. For example, under the General Data Protection Regulation, persistent IDs are subject to data security requirements. In China, California and Vermont, this data also triggers certain notice requirements.

Make sure that your marketing team is aware of the privacy landscape when it comes to the use of digital marketing technologies.