Trust me, I’m a marketer

Def: Trust. noun: firm belief in the reliability, truth, or ability of someone or something.

Building trust is an explicit objective of Art. 1 GDPR Recital (7), which explains that technological innovations: “require a strong and more coherent data protection framework, given the importance of creating the trust that will allow the digital economy to develop.”

Between the dictionary definition and the GDPR definition is the space where companies concerned with building and benefiting from trust must find their path.

The complexity of defining trust

Trust is an inherent emotion that we as humans either feel or don’t. Trust can be lost but never found. It can be built or earned, but not bought.

Ask someone to describe why they do or don’t trust something or someone and the answer will likely either be complex or be relevant largely to that person alone. But loss of trust will often center on being let down by explicit behaviours against implicit expectations.

At The Privacy Experience Agency (PEA) we are fans of the concept of the psychological contract to explain how an individual measures whether they are able to trust the person or company they are interacting with.

They may accept the terms of service, or click to consent to data use on the cookie banner, which, generally speaking, are legal contracts. But it does not reflect the psychological contract that the user thinks they have entered into.

Trust exists in three situational contexts:

• The World
• Our World
• My World

Generalised trust vs. relational trust

Trust mutates and changes across these contexts as the relationship becomes more personal. For company executives who wish to profit (quite literally) from trust, the chameleon nature of it represents a challenge.

How brands move from abstract relationships of The World to being part of my community — Our World — to the relationship with me — My World — is key. Often, the industry is too preoccupied with generalised trust when relational trust is more potent.

The World

It is not hyperbole to say that we are in an international crisis of trust. As a global population, we are trusting everything less than ever before.

From the rise of fake news and “alternative facts,” to conspiracy theories going mainstream and AI-generated images. Not to mention the words and actions of our politicians and the intentions behind corporations’ actions.

Trust is fast becoming a very rare, sought after, and highly valuable commodity. Of course, the more companies chase it, the harder it is to achieve.

Yet trust is thrown around by those in the privacy and data protection industry, regulators, stakeholders, and brand and marketing professionals like it’s as common as sand on a beach. So let’s unpack the business of trust.

The trust landscape

First, let’s set in general terms where the world is with trust. The Edelmen Trust Barometer Global Report 2025 is not a happy read. The world is less trustworthy, and boy, do we have a lot of grievances.

In Western democracies, trust in our governments, companies, media and non-governmental organisations has collapsed. Less than 50 percent of the population says they trust those entities. Unsurprisingly, populations in what we might call more restrictive countries record far greater trust in the same entities.

Belief vs. reality for trust in business

Worryingly for businesses, 68 percent of those surveyed believe that business leaders lie to them, a rise of 12 percent since 2021. This is at odds with the PwC Trust In Business survey, which says that 93 percent of executives claim that building and maintaining trust improves the bottom line.

Oddly, employees generally trust that their company will “do the right thing,” which points to cognitive dissonance when the same people generally think the opposite about other companies.

This is what PEA calls the trust chasm. This chasm only gets wider when we add in cultural factors. When we look specifically at the social media giants, trust is nosediving.

The Statista Misinformation on social media study points out that trust declines with age on those platforms. 46 percent of UK respondents believe that the platforms do a bad job of handling misinformation. This is a problem when so many companies now rely on social media as one of the most common places they show up for their customers.

A further worry for executives is the yawning gap between the generations. Only 28 percent of Gen Z consumers (approx. ages 13–28) trust the brands they buy from, rising to 57 percent for Boomers (approx. ages 61–79) according to the Deloitte Insights Connected Consumer Survey.

This is proof positive that many business executives are being somewhat overly optimistic about the state of trust for their business.

Trust is an output, not a demand

PEA believes that one of the key mistakes that marketers and their businesses make is that, much like the first rule of Fight Club, they shouldn’t be talking about trust.

Trust is not a state that can be demanded. Or even politely requested. When a brand asks, “Do you trust me?” the answer can only be “it depends.” Simply, trust is an outcome of a series inputs that the brand can control. We sum these up as respect.

Respect is a behaviour that a brand can actively display, control, and promote through actions and communications.

Being respectful of:

• People’s time
• People’s intelligence
• The psychological contract
• Marketing frequencies
• Practical privacy experiences (no one is reading the privacy notice)
• Data protection

Respect is the foundation on which trust can be built. Companies run by humans will make mistakes that can damage perceptions that affect trust. After all, trust is nothing more than feelings or decisions based on an individual’s perceptions.

If the overall brand experience over time is based on respect, it will help to insulate the damage of any trust-eroding mistakes.

A brand cannot demonstrate trust, but it can demonstrate respect.

Measuring trust: An exercise in trust itself

One of the key executive challenges for measuring trust is that it is often handed to a single manager, when in fact trust is a multi-stakeholder challenge that should sit across the executive team. There should be clear objectives, metrics, and shared incentives.

Ultimately, CFOs want to know if money being spent on trust initiatives is hitting the bottom line. There is an acceptance that at the broadest level, trust is good for business.

However, that is far too woolly to satisfy the modern obsession with measuring everything inside a business. So businesses — and, most often, marketers — are tasked with putting in trust measurement frameworks.

Surveys that basically ask “Do you trust us? …Well, yeah, that’s one approach. The HX TrustID Survey goes into a few categories, but is still at the abstract level. Then we have the indirect models, such as Net Promoter Score (NPS), customer satisfaction, and customer retention — all proxies for trust.

We then get to sentiment analysis (including ratings and reviews analysis), behavioral indicators, and all the way to integrated, multi-modal analysis.

But all of these are operating at the My World level. They are not situational, contextual, or relational to My World. And that’s before we get specific about privacy, digital, and data trust.

Privacy and trust become a marketing challenge

Per Usercentrics’ excellent The State of Digital Trust Report published recently, 77 percent of global consumers don’t fully understand how their data is being collected and used.

PEA research for our clients tells us that users are smarter than brands give them credit for on the business models of data use — especially children, which is a whole subcategory on its own. Where there is a lack of understanding, then transparency is often cited as the answer.

However, transparency is often interpreted as having very comprehensive privacy policies. A lot of time goes into the structure of policies to make them more navigable.

Unfortunately, transparency and understanding are two very different things. More often than not, Legal tells the teams responsible for the website and emails that specifically “This wording must go out.” On a sliding scale of legal compliance to brand-infused customer communications, they are usually firmly anchored at the legal end.

Is it transparent? Sure. Is it understood? Not so much.

For too long, marketing has ceded the ground around privacy and data protection to legal teams. This is a trend that will be reversed.

Here’s why.

Two of the biggest growth levers many companies have at their disposal now and for the foreseeable future are AI and data sharing.

Use of AI obviously poses a great opportunity for companies that are thoughtful about its use. But we know at a The World level, AI is deeply untrusted.

Again, from the Usercentrics report, 48 percent of people say they trust AI less than they trust humans with their personal data. Which is worrying considering how little humans trust humans with their personal data.

Data sharing is a huge commercial opportunity where companies share data to improve products and services for customers. But this is a minefield of consent, permissions, and, overall, accountability.

These are two areas that PEA specialises in, with how companies build bridges from mere compliance to growth, via AI and data sharing. The foundation of that bridge is trust.

Making trust tangible

It’s clear that trust is the go-to answer for privacy professionals asked about business enablement. But despite all the attention on trust at the abstract level, there is little evidence of data protection activities with a formal goal of designing, communicating, and marketing trustworthy privacy experiences.

We hear too much about general trust and too little about situational trust. From a privacy and data protection point of view, to earn trust, a brand’s privacy experience must be designed with its specific trust situation in mind.

We have outlined the critical business input of respect as being the start of the road to trust being granted. However, designing to build situational trust starts with a deep understanding of how consumers give their trust. There is a combination of factors.

The consumer

Data subjects’ disposition makes them more or less likely to trust.

Segmentation is the key tool. The Westin Privacy Index is effective for baseline consumer propensities to trust. PEA speaks to many marketers and we are always surprised that they have not segmented their current customer database — and modelled prospective customer segments — on the Westin Privacy Index.

For companies operating across different countries, this is critical due to cultural differences in attitude. Your consent strategy in the UK is not necessarily the one you will see work in Germany.

The brand

Data controllers’ attributes make them more or less trustworthy to the consumer.

The right tools are service design and strategic communications.

Brand conduct and messaging must create perceptions of warmth/benevolence, competence/ability, and morality/integrity. A privacy comms strategy must build on existing brand expectations. Consistency is key.

Let’s take a classic marketing activity: sending emails out to the database. Having a contact strategy that is Westin segmentation-aware, so that brands are not sending too many emails to the wrong segment, will lower the opt-out rates. Because once consent is declined or revoked, it is unlikely to be given again.

The consumer/brand trust relationship parameters

The tool here is proposition development. The data and privacy proposition must capture the exchange of value, but also the psychological contract, which sets the consumer’s expectations about the terms of the exchange: transparency, control, and fairness.

Over the 100+ years of trust research, the definition of trust has been refined. Business has not kept up. Trust has six baseline characteristics, and all must be present in the mind of the consumer and define the experience.

1. Familiarity: The consumer must be aware of the brand. Without even “mere exposure” we have faith, not trust.
2. Choice: The consumer must not feel compelled. Without autonomy we have submission, not trust.
3. Value: The consumer must want what is on offer. Without demand we have rejection, not trust.
4. Cost: The consumer must pay or invest something. Without some price — financial or nonmonetary — we have indifference, not trust.
5. Uncertainty: The consumer must be unable to predict the outcome of their choice. Without unpredictability you have confidence, not trust.
6. Vulnerability: The consumers must experience jeopardy. Without potential loss we have security, not trust.

From a consumer perspective, any of those six characteristics can be more or less discernable depending on the way the brand’s processing activities — the purposes, the legal basis, and the personal data itself — is communicated. One consumer might be unable to perceive the value of the activity, another might not believe they are vulnerable or feel they have little choice.

KEY TAKEAWAYS

1. Trust has never lost its top spot in the privacy hype cycle.
2. Trust is critical to generating sustainable privacy and meeting data protection goals.
3. The ability of a brand to earn more or less trust is a function of how it chooses to communicate and conduct itself.
4. If a brand believes trust has business value, then it needs to get serious about designing and delivering trustworthy privacy experiences.
5. Trust is complex due to its situational nature. Defining trust factors and characteristics is key.
6. There are four core tools for building trust: insight from a segmentation, designing services, strategic communications, and privacy proposition development.