MXO and User Privacy
How to approach consent from a Third-party and First-party perspective
The ways brands approach privacy is continuously evolving based not only on platform changes but also on user needs.
Given the recent changes introduced by Apple in iOS 14.5 and changes to be introduced by Google in Android we suggest the following approach:
- Level 1: Customer data to which you are listening is linked to third-party identifiers.
- Level 2: Customer data to which you are listening is linked to first-party known identifiers only.
- Level 3: Customer data to which you are listening is linked to first-party anonymous identifiers only.
- Level 4: Opt out of all tracking.
Level 1: Customer data to which you are listening is linked to third-party identifiers
If the data you collect about your customers is linked to third-party data sources, consider the following when prompting your users to accept or reject tracking:
- If customers accept that their data be linked to third-party data sources, you can link their data to third-party identifiers and tracking continues.
- If customers do not accept that their data be linked to third-party data sources, you cannot link their data to third-party identifiers. You can, however, continue to track them at a first-party level.
Level 2: Customer data to which you are listening is linked to first-party known identifiers only
If the data you collect about your customers is linked only to first-party known identifiers, you may need to prompt your customers for consent depending either on region-specific privacy rules or your brands own approach.
If you are going to use a prompt to seek consent, consider the following:
- If customers accept that their data be linked to first-party known identifiers, you can link their data to first-party identifiers and tracking continues.
- If customers do not accept that their data be linked to first-party known identifiers, you cannot link their data to first-party identifiers. You can, however, continue to track them at a first-party anonymous level.
Level 3: Customer data to which you are listening is linked to first-party anonymous identifiers only
Collecting data about your customers and linking it to anonymous identifiers can still be useful if you want to understand user behaviors and be able to offer those users individualized experiences based on their anonymous behavior.
If your customers do not want to have their data linked to 3rd- or first-party known identifiers, you can still link their behavior to anonymous identifiers. You may need to prompt your customers for consent depending either on region-specific privacy rules or your brands own approach.
If you are going to use a prompt to seek consent, consider the following:
- If customers accept that their data be linked to anonymous identifiers, you can link their data to one or more anonymous identifiers only and tracking continues.
- If customers do not accept that their data be linked to any anonymous identifiers, you must stop all tracking and opt them out of tracking.
Level 4: Opt out of all tracking
Before deciding to opt a user out from all tracking completely, we recommend that you consider providing your customers with an option to share data with your brand based on all of the above levels.
If your customers do want to opt out of all tracking, Medallia provides you with the ability to:
- configure channel-specific "opt out implementations" in the mobile SDKs and
- disable any tracking agents using either a tag manager or the OneTrust setup.
Configuring MXO to support consent
Ensure you think about the following deployment considerations when configuring MXO to support consent.
Overall Deployment Considerations
Deployment Considerations: Level 1
Deployment Considerations: Level 2
Deployment Considerations: Levels 3 and 4
MXO and User Privacy in iOS Apps
Apple’s Fall 2021 Privacy Changes
Apple’s new operating system updates (iOS 15), released on September 20, 2021, include changes to both what customer data you can capture and the shape of that data.
There are 2 main areas that may affect what data MXO is able to capture, depending on user consent and choices.
Mail Privacy Protection
Depending on the user’s choice, pixel tracking may stop functioning when emails are opened in native Apple mail apps.
You can continue adding our pixel to your emails; you should be aware, however, that your ‘email open’ rates will now look slightly different, given the changes introduced by Apple.
From a recognition perspective, you should reconsider your strategy around using known identifiers for both the email open pixel as well as the redirect url. If you haven’t already implemented our email redirects as part of your link strategy we strongly recommend adopting the {{}} approach to continue to support your omnichannel listening and orchestration.
In the long term, we recommend that you adopt a different engagement strategy when it comes to email, carefully crafting your email conversations with value exchange propositions that will drive your customers to open links and continue their journey with your brand on a different channel.
Private Relay
If iCloud+ customers switch on IP obfuscation through Private Relay functionality, this may lead to less accurate City and Country data being available to MXO . As an alternative, if your app has permission to capture more granular information about a user’s location, you can send this information to MXO through the SDK’s granular location sharing methods.
Unpacking Apple's Tracking Statement (as at 27th April 2021)
The information in this section is specific to the (https://developer.apple.com/app-store/app-privacy-details/#user-tracking) statement released by Apple in April 2021.
Below we refer directly to the information contained in that statement, adding details about Medallia's position regarding each point.
Tracking
You’ll need to understand whether you and/or your third-party partners use data from your app to track users and, if so, which data is used for this purpose.
“Tracking” refers to linking data collected from your app about a particular end-user or device, such as a user ID, device ID, or profile, with Third-Party Data for targeted advertising or advertising measurement purposes, or sharing data collected from your app about a particular end-user or device with a data broker.
Medallia does not link data with Third-Party Data for targeted advertising or advertising measurement purposes or share data collected from your app about a particular end-user or device with a data broker, unless you have specifically configured this in your product or app.
Medallia acts in a similar way to “another web service” that exists in your ecosystem. We receive requests with data about the customer journey and we respond back with your brand's content or send a request within your ecosystem to help understand customer journeys, to improve functional performance, and drive operational or business relevant conversations.
If you choose to somehow link this data with Third-Party Data for targeted advertising or advertising measurement purposes or share the data collected from your app about a particular end-user or device with a data broker you are required to disclose this to Apple and link to the App Transparency Framework.
“Third-Party Data” refers to any data about a particular end-user or device collected from apps, websites, or offline properties not owned by you.
Examples of tracking include:
- Displaying targeted advertisements in your app based on user data collected from apps and websites owned by other companies.
Medallia does not link data to apps or websites owned by other companies. Your data belongs to you. As mentioned above, we simply orchestrate the data on your behalf. If, however, you later on in the process use insights and data derived from Medallia to link it back to your social media data, then you are required to disclose this to Apple and link to the App Transparency Framework.
- Sharing device location data or email lists with a data broker.
Medallia does not share device location data or email lists with data brokers. If you decide to do so subsequently, based on the data we retrieve, you are required to disclose this to Apple and link to the App Transparency Framework.
- Sharing a list of emails, advertising IDs, or other IDs with a third-party advertising network that uses that information to retarget those users in other developers’ apps or to find similar users.
Medallia does not automatically link any of the app data to advertising IDs, or other IDs, from a third-party advertising network. If, however, you have manually or programmatically linked your data to advertising IDs, or other IDs with a third-party advertising network that uses that information to retarget those users in other developers’ apps or to find similar users, you are required to disclose this to Apple and link to the App Transparency Framework.
A common use case here would be linking the data collected by Medallia back to a DMP. Medallia is not a DMP, we are a first-party data platform that helps orchestrate the experience of your customers across all Touchpoints. The moment, however, that you link data held by Medallia to a system that uses a third-party advertising network that data falls under the disclosure rules.
- Placing a third-party SDK in your app that combines user data from your app with user data from other developers’ apps to target advertising or measure advertising efficiency, even if you don’t use the SDK for these purposes. For example, using a login SDK that repurposes the data it collects from your app to enable targeted advertising in other developers’ apps.
Whilst Medallia provides an SDK, that SDK, as mentioned above, does not combine user data with data from other developers’ apps to target advertising or measure advertising efficiency. Our SDK simply enables you to orchestrate your own brand’s content in a more efficient and relevant way.
Privacy Changes Introduced by Apple in iOS 14
These FAQs are specific to the privacy changes introduced by Apple in iOS 14.
How do the privacy changes introduced by Apple in iOS 14 impact Medallia’s ability to gather insights and orchestrate experiences in my mobile app?
It is important to understand that any data collected by Medallia, remains your data.
For more information, see our GDPR FAQs.
Typically, MXO bases any orchestration decisioning on 1st-party data, unless you have specifically asked MXO to use advertising IDs as part of the decisioning process or have augmented MXO to use 3rd-party data. If you have extended your implementation to make decisions based on advertising IDs or 3rd-party data, you may need to disclose this to Apple under the new privacy rules introduced in iOS 14.
By default, our Mobile SDKs don't automatically collect advertising IDs or any other unique identifiers from the device itself. We use the data you share with us, solely on your behalf.
If you believe you need to link the Medallia SDK to Apple’s Transparency Framework or to your own privacy settings in the app, consider using the opt-out methods available in the Mobile SDK's programmatic interface. Based on your end-users privacy choices, your mobile app should tell the Mobile SDK whether or not to collect insights and orchestrate that customers experience.
For more information about how to navigate these changes, see {{}}.
