Over the last few years, there has been plenty of chatter about the new Safeguards Rule that took effect last year. As has been widely reported, it requires auto dealerships to obtain clear and informed consent from website visitors before collecting and using their personal data, among many other components to the legislation and new requirements.

However, there are finer details of the rule that many dealers still have yet to comply with. Worse, many dealers are still unsure how to make the proper implementations on a variety of measures. A recent webinar poll showed that more than a third of dealers, or 34%, either need to upgrade their Safeguards compliance solutions or still need to complete the website certification process.

Furthermore, the poll also revealed that 33% of dealers either want to upgrade or are still unsure how to work with their web teams to properly and effectively post the required certification and make visible on their websites that they have disabled third-party cookies.

What Are Cookies?

In today’s digital age, websites have become a crucial component of every auto dealership business. They have traditionally relied on various technologies to enhance the user experience and gather valuable data from the customer. One such technology is website cookies.

Website cookies are small pieces of data stored on a user's device when visiting a website. They serve various functions, such as remembering user preferences, tracking user behavior, and collecting information for analytics. This is most often utilized through retargeting ads, where a consumer visits the display page of a particular vehicle. Ad retargeting allows dealers to target users who have previously interacted with their websites, mobile apps or other digital properties. It works by using cookies or tracking pixels to follow users as they subsequently browse the internet, then displaying specific ads to them based on their past actions or behaviors with the dealership. They can be categorized into first-party and third-party cookies, each serving different purposes.

Auto dealerships, like many other businesses, used cookies to improve their online presences and marketing efforts to better personalize the user experience through better targeted ads.

However, with the recent passing of the Safeguards rule, along with other regulations and mandates that have eliminated the use of cookies and the collection of third-party data to protect customer data privacy, auto dealers now must make it known to their website customers that they are no longer tracking them during the online shopping experience. Noncompliance with the laws can result in fines and damage to a dealership's reputation.

Show Me – Don’t Just Tell Me

Today, auto dealerships and their web teams must instead leverage the collection of first-party data from their customers. The key differences between first-party data and third-party data are related to ownership, source, quality and intended use. First-party data is directly collected by a dealer from its own interactions with customers, is owned and controlled by the company, and is typically of higher quality for personalized marketing and customer understanding. Third-party data, on the other hand, is data collected from external sources, such as Facebook ads. It often had varying quality and is no longer allowed to protect consumer data from web tracking.

Dealerships must ensure the vendors supplying the cookies are part of their third-party assessment process. Dealers must also work with their third-party website providers to ensure any cookies they are placing on the website for tracking, or resale of information, they are safeguarding consumer privacy information. This certificate must be placed on the dealership’s website and ensure it is inclusive of ALL cookies.

Dealers must also designate individuals within the company who are trained in taking ownership of the new regulations and to ensure everyone is ready. Any educational curriculum must be designed so that each employee is trained in all facets of the new regulation, with full comprehension of each component. The designated employees must be able to work with their web teams to upload and illustrate the proper certificate of compliance and have it openly visible to consumers as they enter the “digital showroom,” aka their websites.

As it stands now, many dealers still have questions about how to work with their web teams to make the certificate visible on their websites.

Dealers can’t take this portion of the Safeguards law lightly. Yes, there can be expensive fines involved. However, what’s truly at stake is their reputations and long-term trust with customers and consumer shoppers who today are extremely knowledgeable and now look for these types of certificates to reinforce their trust with a retailer, similar to a Good Housekeeping Seal of Approval. If one of the web site vendors’ cookie providers has a data breach, your dealership is responsible and subject to audits and fines, per the Safeguards rule.

Ken Hill is managing director for 700Credit, the automotive industry's leading provider of credit reports, compliance and soft pull products.