Tags
Read time
4 min read
Last updated
December 3, 2024
🆕 2025 U.S. State Privacy Laws: what you need to know
Personalization has become a cornerstone for direct-to-consumer (DTC) and ecommerce brands. The goal? To craft experiences that make each customer feel seen, understood, and valued. But in today’s privacy-first landscape, brands need more than just great algorithms. They need explicit permissions from customers to use their data—ethically, responsibly, and in compliance with increasingly complex regulations.
During San Francisco Tech Week I had the privilege of moderating a panel with two exceptional leaders in the industry: John Dombrowski, Associate General Counsel at The RealReal, and Andrew Tweed, General Manager of Fruit Gifting at 1-800-Flowers.com brand. Together, we explored the nuances of balancing personalization with privacy and shared actionable insights on how brands can use permissioned data to drive growth, build trust, and create exceptional consumer experiences.
When you blend the perspectives of a General Counsel like John and a General Manager like Andrew, you get a powerful mix of legal insight and business creativity. This dynamic was central to our conversation, which centered around five core themes.
At its core, permissioned data offers a unique window into consumer behavior, enabling brands to craft experiences that truly resonate. 1-800-Flowers.com takes this approach seriously, for example: leveraging permissioned data in the form of customer card text messages. Andrew Tweed explained how card text messages reveal not only the "why" behind the gift but also important details about the relationships between the sender and the recipient.
“There’s a lot of insight to be gained based on why people are gifting, what they’re saying, and what they’re buying,” Andrew noted. By analyzing these patterns, they tailor marketing strategies and refine website interactions to better align with customer motivations.
However, it’s not just about gathering personal data. The real value lies in how that data is used to enhance the customer experience in a meaningful way. The RealReal follows a similar principle, focusing on first-party data—the information directly shared by customers, like browsing habits or purchase history.
This type of data not only provides valuable insights but also ensures a more transparent and trustworthy relationship with the customer. “We want to understand how often a customer is interacting with certain products and what motivates them,” John Dombrowski said, emphasizing that first-party data is essential for creating tailored, impactful experiences while respecting the customer’s preferences.
Read further: Simplified privacy compliance for retail & ecommerce
Data regulations like GDPR and CCPA have radically reshaped the marketing landscape in recent years, forcing brands to rethink how they collect, store, and use customer data. These regulations have one clear goal: to put the power back into the hands of consumers. Marketers are now required to seek explicit consent before collecting personal information, and they must offer transparency on how that data will be used.
John Dombrowski from The RealReal pointed out how dramatically the conversation around data privacy has evolved. “Pre-May of 2018, there was no GDPR, no CCPA… the pace at which we’ve had to respond and adapt is incredible,” he said. Today, every piece of collected consumer data must comply with these regulations, from consent forms to opt-out mechanisms.
Due to these changes, marketers must increasingly rely on first-party data—data that consumers voluntarily provide, such as preferences, purchase history, and behavioral insights. First-party data is often richer and more reliable, leading to more meaningful consumer insights, and it comes with a built-in layer of trust because the customer willingly shares it.
Marketers who understand these regulations and adjust their strategies accordingly can use them to their advantage. By focusing on data that’s been ethically sourced and fully permissioned, brands can foster a stronger relationship with their customers while staying compliant with privacy laws.
Gathering data responsibly isn’t just about compliance; it’s about respect. Consumers need to feel that their privacy is protected, and that they have control over their personal information. John shared how The RealReal relies heavily on direct conversations with customers to get permission and understand their preferences. “It’s not just, ‘Yes, this is what I want to buy,’” John explained. “It’s about asking, ‘How do you want to have a relationship with us as a business?’”
This human approach to data collection is key to building trust and creating more authentic brand interactions. When customers feel respected, they’re more likely to engage and share more meaningful data, which in turn allows brands to deliver better, more personalized experiences.
Let’s face it: no one wants to feel like they’re being watched. Personalization walks a fine line between relevance and intrusion. As we discussed at SF TechWeek, when done wrong, personalization can feel downright creepy.
John nailed it when he said, “In the luxury space, we want to deliver personal, unique experiences, but not creepy.” Andrew added to this by sharing how important it is at Shari’s Berries to have collaborative, healthy debate on the use of AI in personalized ad campaign creation. As Andrew put it, “There’s a line you don’t want to cross.”
Understanding the limits of personalization is crucial. Brands need to keep the experience tailored and thoughtful, without crossing into the “uncanny valley” where marketing feels more like surveillance than service.
One of the most enlightening parts of our discussion was around the collaboration between marketing and legal teams. Marketers often view legal departments as the “department of no,” a group that shuts down creative ideas in the name of compliance. But John flipped this narrative on its head. He explained that when legal provides frameworks and guardrails, it actually enables creativity.
As he put it, “You can’t make marketing wait forever to process something. By the time they’re ready, that idea has already expired.” By working closely with legal to develop flexible frameworks, marketers can stay compliant while still delivering timely, creative campaigns.
As regulations continue to evolve, one thing is clear: permissioned data isn’t a barrier to personalization. It’s the foundation for doing it well. When brands collect and use data responsibly—with transparency and respect—they build trust. And that trust translates into loyalty, engagement, and growth.
As we discussed at SF TechWeek, the brands that succeed in this new era will be those that find the right balance between personalization and privacy. By leveraging permissioned data, understanding the regulations, and working closely with legal teams, brands can create exceptional, personalized experiences that delight customers—without crossing the line into creepiness.
Permissioned data isn’t just about staying on the right side of the law. It’s about building lasting, trust-based relationships that drive sustainable growth. As we move forward, the brands that prioritize these relationships will be the ones that thrive.
Read further: Get permissioned data for more powerful, personalized campaigns
Ketch makes consent banner set-up a breeze with drag-and-drop tools that match your brand perfectly. Let us show you.
