Bye-bye co-sponsor, data lists and generic third party opt-ins

With all the focus on GDPR (General Data Protection Regulation) over the last few years, it seems like some of us forgot the current regulations. In a recent ruling, the ICO (Information Commissioner’s Office) finally gave a clear answer as to how current legislation should be interpreted when it comes to third party opt ins, recommending that organisations which process data should review their consent mechanisms to make them more ‘specific, granular, clear, prominent, opt-in, documented and easily withdrawn’.

This interpretation is currently being enforced and brands are liable to be fined by the ICO for contraventions. Specifically, in its monetary penalty notice, the ICO said: "Consent must be freely given, specific and informed, and involve a positive indication signifying the individual’s agreement. Informing individuals that their details will be shared with unspecified third parties, is neither freely given nor specific and does not amount to a positive indication of consent".

The time has come for our industry to get serious about data protection and adopt appropriate privacy policies and practices. The cowboys in our midst, particularly suppliers, are harming brands, upsetting consumers and giving the industry a bad reputation. We have all seen promotions for 500 - 10,000 free leads, declined loans, flood protection, and payday loans. Therefore, it is safe to say that if you are selling customer data after it has been collected, there is literally no way for you to have a valid consent for that company under this interpretation, and if you are a brand buying data from co-sponsor sites, data lists or based on generic third-party opt ins, you should stop and think. Relying on invalid consent could harm your reputation and may even leave you open to substantial fines - that’s definitely something you don’t want. Recent events should become a lesson to everyone relying on data suppliers/third parties for their operations.

This article was originally published on Tech Essence’s website.