What the data industry can expect in the future
14 Feb 2017
Recent decisions by the Information Commissioner’s Office (ICO) show how the landscape will change for data once the GDPR is enforced from 25 May 2018 and how the ICO currently views the use of data by marketers.
In August 2015 a First-tier Tribunal adjudicated on whether Optical Express had valid consent to contact consumers during one its marketing campaigns.
The ICO came out firmly against general opt-in for third parties and so tick boxes with wording like ‘tick here to confirm that you’re happy for us to share your personal data with trusted third parties”.
A Tribunal agreed with the ICO’s interpretation, which ruled that Optical Express did not have valid consent. The ICO said that it was extremely unlikely that an individual would intend to consent to unlimited future marketing from quite possibly any company covered by the ‘trusted third parties’ umbrella.
This decision meant that brands had to be extremely careful when sourcing third party data and must be absolutely sure that the data they use has been rigorously checked and if challenged the brand has proof of consent for their marketing campaign.
The GDPR builds on this trend and requires organisations to be as specific as possible about what organisations or sector they intend to share the data with. For example, a statement along the line of ‘we will share your data with other men’s clothing retailers’ would be acceptable. The level of specificity required is greater.
More recently, charities have been under the spotlight for their fundraising practices. The British Heart Foundation (BHF) and Royal Society for the Prevention of Cruelty to Animals (RSPCA) were fined by the ICO for carrying out wealth screening.
The charities failed to state in their data collection or privacy notices that donors’ personal information would be used for wealth-screening purposes. The ICO found that the charities had gone beyond what donors would have considered fair and reasonable and therefore charities were in breach of the fair and lawful processing principle, the first principle in the Data Protection Act 1998.
This decision alarmed some marketers because of possible ramifications for other forms of generic profiling, such as targeting offers to customers/donors on a recency/frequency model.
The DMA has met and discussed these issues with the ICO in order to give marketers certainty as to what is allowed in regards profiling.
Profiling is now an integral part of marketing and key to every company’s marketing strategy. Without profiling companies would be forced to return to a one-size fits all approach, otherwise known as scatter gun marketing.
Scatter gun marketing treats all consumers the same without regard for their particular relationship with a brand or what interests they have. If consumers want to be spoken to as an individual, this requires profiling.
Consumers benefit from profiling because they receive more relevant and personalised communications. For example, a brand can send you discounts relevant to a customer based on their purchasing history.
In the charity cases the ICO was constantly asked the question ‘what would the consumer reasonably expect?’ and this guided them. In the case of wealth screening it was not obvious to a donor that a charity would profile them in this way and there was no consent to do so.
The ICO has promised the DMA that further guidance on profiling, which is GDPR ready, will be announced 6 March at the ICO’s Data Protection Practitioner Conference in Manchester.