PPC Lead Generation’s Privacy Risks

PPC_lead_generation_-_Google_Search - modified

PPC lead generation is a search-based lead generation technique which leverages search terms to surface (preferably) relevant ads in search results. When you click on those ads you are often taken to landing pages where you have the option of submitting your details to a company so it can get in touch with you about its products and services. It’s a pretty smart marketing option because it begins with the premise that you are searching for what the company offers. Here is an example:

How PPC Lead Generation Works

Let’s assume you are in the market for home insurance so you search for “home insurance”:

You’ll notice a couple ads which relate to “home insurance” and which are identified as ads. These are sponsored or paid ads which are displayed in your search results based on your search terms. The companies that purchase the ads (often an agency specialising in this sort of advertising) select key words that they believe will correspond with your search terms so when you run your search, their ads are displayed as relevant search results (Google regards these ads as something which may be valuable to you so it built an ad sales model based on this process). You click on a link in one of the ads and you are taken to a landing page which can look something like this:

Notice the form on the right? That form is an opportunity for you to submit your details to the brand behind the campaign, in this case MiWay, so its sales representatives can contact you about its products and services. Once you submit your details, you become a sales lead (hence the term “lead generation”). The “PPC” bit stands for “Pay Per Click” which is a reference to the payment model the advertiser agrees to. The advertiser pays for each click on the ad. Some advertisers will pay their agencies for leads generated. It depends on the advertiser’s preferences and the agency’s business model.

The Privacy Considerations

This form of advertising is an interesting one because it begins with a person searching for something she is interested in. In this example, “home insurance”. When she is presented with search results relevant to her search terms and she clicks on one of them (in this case the MiWay ad), she is implicitly indicating an interest in what the relevant brand has to offer. So far she is consenting to some of her personal information being collected although it is likely data such as her IP address, general location, browser and computer information and so on.

Assuming the ad takes her to a page that is relevant to her search term and the ad text which informed her decision which ad to click on, there aren’t any privacy concerns so far. If the ad is misleading then any personal information the advertiser collects so far is without her permission because she was expecting a different result and that would have informed her consent in whatever form she gave it.

Once she she loads the landing page, the situation changes somewhat. Presented with the form, the advertiser has two options:

  1. rely on the consumer’s continued implicit consent to have the personal information she submits through the form to process it as the advertiser intends processing it, or
  2. explain what personal information the advertiser will collect through its interaction with the consumer, what it will do with that personal information and under what circumstances it will share that personal information with others.

The first option is inherently risky because the consumer assumes that the brand itself, namely MiWay, will collect the consumer’s personal information and will only use it to contact the consumer. That, at least, is the impression the landing page gives. The consumer may also assume that her personal information will not be used for cross-selling, disclosure to associated companies and will be limited to what she submits through the form. This may not be the case.

Often what happens is that the agency collects leads generated through the landing page and passes them along to its client, the company behind the brand. That company may want to use that personal information to market other products and services within its group, share it with partners and so on. There is also little, if any, indication of how long the personal information will be stored, how it will be stored and at what point it will be destroyed.

All of these answers should be communicated to consumers going forward if they are to make informed decisions about who can process their personal information and under what circumstances under the expanded privacy compliance framework Protection of Personal Information Act is going to introduce shortly. One of the best ways to do this at the moment is through a clear privacy policy framework which solicits that consent from consumers arriving at the landing page. These policies should clearly identify the parties handling the personal information consumers submit and what happens to it from the time it is submitted.

Agencies have a couple options when it comes to implementing privacy policy frameworks which range from incorporating their clients’ privacy policy frameworks (assuming they are appropriate) to publishing custom policies. Whichever option, it is not a very complex process, it just needs to be done with sufficient thought about the compliance requirements marketers face.

Risk management doesn’t stop at a privacy policy. It extends to data management and ensuring that personal information is processed securely and consistently with privacy policies’ requirements. Agencies should also consider whether they have sufficiently structured their contractual relationships with their clients (and vice versa) in order to manage potential liability flowing from privacy violations which could occur and which could be remarkably costly, both in terms of reputational harm and monetary cost.


p>The potential harm is not always foreseeable and neither is its extent. A good example of this is the recent Adobe privacy breach which has had far-reaching implications not just for Adobe itself but for users who use a range of other services. This is just not something companies or their agencies can afford to ignore. They could be the next trending news item with a plummeting share price.

Published by Paul Jacobson

Enthusiast, writer, Happiness Engineer at @automattic. I take photos too. Passionate about my wife, Gina and #proudDad.

%d bloggers like this: