The EC’s recent proposals to tighten up data protection legislation have ruffled a few feathers including the DMA’s. They’ve posted an article saying the changes would have “costly ramifications for companies involved with direct marketing, and in turn detrimental consequences for the UK economy”.
Now, I’m a relative novice in the world of direct marketing. In fact I’m only 5 weeks into a 3-month graduate training programme here at Brightsource. But it seems to me that the DMA is taking a short-term perspective here. Could it be that the EC has taken a more considered view of how to sustain the direct marketing industry in the long term, than the DMA?
Data is the new oil
Data, or rather access to it, will shape the 21st century digital economy just as oil shaped the 20th century industrial economy. This is especially true in direct marketing where we spend a significant amount of our time gathering, processing and trading this valuable commodity. But just like oil, we need a regulated and stable market – unless the DM industry wants to endure similar disruptions to the oil crises of the 1970s and 1990s.
Viviane Reding, European Justice Commissioner, used a slightly different metaphor: “Personal data is the currency of today’s digital market. And like any currency it needs stability and trust.”
In her keynote address to the DLD (Digital, Life, Design) Conference in Munich on the 22nd January, she emphasized the need to have robust data protection laws in a world where:
“We can instantly send messages to people on another continent with the tap of a finger on a screen. We can instantly update our friends and family about the birth of a child or the latest holiday pictures. We can entrust our private data to a cloud service provider without knowing where and how this personal data will be stored and processed.”
Yet current EC data protection rules date from pre-internet times. Sensibly, the EC Commissioner recognizes that “we can only imagine how technology will change our lives tomorrow … the new regulatory environment has to be future-proof, be technology-neutral”
And she’s also aware that businesses face an impossible burden, currently having to deal with 27 different data protection regulations if they want to operate across the whole of the EU.
So what changes are being proposed?
There are 5 key proposals:
- Companies will have to seek explicit consent before collecting, storing or processing personal data
- Users will have easier access to their data and the right to have it deleted unless a company can demonstrate a legitimate reason to keep it – known as ‘the right to be forgotten’
- Companies will have to report data security breaches as soon as possible, “if feasible within 24 hours”.
- Companies with 250 employees or more will have to appoint a data protection officer.
- There will be penalties for non-compliance. Serious violations could cost a company up to 2% of its global turnover.
It’s good to opt-in
One of the biggest concerns is that organisations will no longer be able to assume consent or indeed operate an opt-out policy. Consumers will have to actively opt-in to receive marketing communications. The argument goes: Direct marketing is difficult enough. This proposal would make it more so because consumers are unlikely to take the time and effort to opt in.
But actually, I think we should be willing to embrace this shift – for two reasons.
First of all, from the consumer’s point of view, there’s far too much “marketing noise” out there. From the moment they step outside their homes, they’re bombarded with marketing messages. Even the confines of their four walls offer little respite. TV, Radio and now even smartphones come laden with marketing communications and ads. When it comes to reaching consumers amidst all this noise, relevance is crucial.
Secondly, consumer behaviour is changing, with people responding and interacting with brands across multiple channels.
So there is a need for better and smarter marketing. A legal requirement for consumers to opt-in rather than opt-out may be the nudge marketers need to adjust their strategies and offer more relevant communications, to more focused segments. One potential implication is that customer databases get smaller. Maybe I’m being overly optimistic, but if we get our strategies right, these will be databases of clients that are more interested in our products. They’ll be less likely to opt-out of marketing communications and generate higher ROI.
The right to be forgotten
The other major plank of the EC proposals causing a headache for businesses is the right to be excluded from marketing communications. The key difference from the current UK situation, is that consumers will have greater access to all the information companies hold on them and could have it deleted if they desired. Again, this doesn’t have to be seen in a negative context alone. One could argue that giving users access is one way to clean up our databases and keep more accurate records. Sure we’ll lose some along the way but…that’s a topic for another day.
Trust has to prevail
These proposals will have to be approved by the European parliament and member states. It will be a long, drawn out process. I suspect that consumer behaviour, competition and technology are likely to drive marketers towards better consumer engagement well before these rules are finally implemented.
The DMA headlines its article ‘How the Data Protection Regulations could cost your business’. But I’m more convinced by Viviane Reding, who points out that “Only if consumers can ‘trust’ that their data is well protected, will they continue to entrust businesses with it, buy online, and accept new services…. The Internet economy will continue to grow exponentially under one pre-condition: trust has to prevail.”
The DMA does fantastic work a lot of the time, but on this issue I think they may be missing the big picture.