2. Connect with the DMA…
• The #tag for this event is: #dmalegal
• LinkedIn: DMA: Direct Marketing Association (UK)
Limited
• Twitter: @DMA_UK/ @DMANorth
• DMA Website: http://www.dma.org.uk
• Email: dma@dma.org.uk or events@dma.org.uk
• Phone: 020 7291 3300 or 0161 918 6780
3. Today’s agenda
9.00 – 09.30: Registration and Breakfast
09.30 – 09.35: Welcome and Event Introduction
- Suzanne Kay, Regional Manager, DMA North
09.35 – 10.05: Intellectual Property
- Rupert Bent, Legal Director, Pinsent Masons
10.05 – 10.35: The Draft EU Data Protection Regulation
•Key points in the draft Regulation
•Update
- Caroline Roberts, Director of Public Affairs, DMA
10.35 – 10.55: Coffee break
10.55 – 11.25: How the new Regulation will affect business
•Key areas of change
•What you should be doing now to plan for the Regulation
- James Milligan, DMA Solicitor
11.25 – 11.55: The future of Data Protection
•Other key developments in data protection
•Round upof other DMA lobbying activities
- Caroline Roberts, Director of Public Affairs, DMA
- James Milligan, DMA Solicitor
11.30 – 12.00: Q&A and Close
7. What we are going to look at today
• Price comparisons
– The position under the old rules
– The rationale behind the change
– What the new rules say
– What the new rules mean for you
8. The position under the old rules
• Old CAP Code rules stated that when comparing prices
with that of a competitor, comparisons were only allowed
between:-
“identical or substantially
equivalent” products
12. The rationale for change
• Committee of Advertising Practice (CAP) and the Broadcast
Committee of Advertising Practice (BCAP) are of the view that:-
– the old rules restricted certain price comparisons that would be
of benefit to consumers; and
– the old rules went beyond the minimum requirements of the EU
Comparative Advertising Directive (2006/114/EC).
• Industry committees are of the view that it would be useful for a
consumer to know the price of an own brand label against that of a
premium label
13. EU Comparative Advertising Directive
Article 4
Comparative advertising must:-
• not be misleading;
• compare goods or services that meet the same needs or
intended purpose; and
• objectively compare one or more verifiable feature
(e.g. the price).
14. EU Comparative Advertising Directive
and CAP Code Rules
EU Comparative Advertising Old CAP Code requirement
Directive
Article 4 “identical or substantially
Comparative advertising must:-
•not be misleading;
equivalent” products
•compare goods or services that meet the
same needs or intended purpose; and
•objectively compare one or more
verifiable feature (e.g. the price). Additional Requirement
15. What the new rules allow
“identical or substantially equivalent” products
Comparative advertising
“must compare products meeting the same need or
intended for the same purpose.” (Rule 3.34 CAP
Code)
19. Basis of the comparison must be clear
“Marketing communications that include a price comparison
must make the basis of the comparison clear.” (Rule
3.39 CAP Code)
24. Advertisements: objective comparison
• They must objectively compare one or more material,
relevant, verifiable and representative feature of those
products, which may include price. (Rule 3.35 CAP
Code)
25. What these rules changes might mean
• Headlines such as these:-
• “Sainsbury's reprimanded after Asda complaint”
– retailweek.co.uk 23 May 2012
• “Tesco censured by watchdog over "misleading"
Price Check ad” – retailweek.co.uk 16 November 2011
29. The implications for you
• Where is the balance in providing information to make
the “basis of the comparison clear”?
• Will competitors be more likely to make a complaint to
the Advertising Standards Authority?
31. Google AdWords – what are they?
• Google AdWords is Google's main advertising product
• Searches on Google using keywords appear as adverts
next to the search results
• Businesses obtain a higher placing / prominence by
bidding for AdWords
• Advertisers pay every time a users click on its sponsored
link and get directed to their website
33. Trade marks on Google AdWords
Google and others v Louis Vuitton and others
(Google France Case)
• Louis Vuitton sued Google France for allowing
advertisers to use their trade marks as Google AdWords
• Argued brand owners’ trade mark rights infringed by
allowing to buy the Google AdWord “keywords”
corresponding to registered trade marks
34. Google France Case
• Court held that Google’s use of its AdWords tool does
not infringe brand owners’ trade mark rights
However...
• Google and other search engine providers must act
quickly to remove advertisements which infringe third
party trade marks as soon as they become aware of
them
35. Is it Google’s Problem?
• Advertisers buying trade marks in AdWords may be
liable for trade mark infringement
- The European Court of Justice
• Advertisers cannot arrange for Google to display
advertisements whereby customers cannot easily
establish who the goods or services in the advertisement
originate from (the trade mark owner or the
advertiser/third party)
37. Interflora v Marks & Spencer
• Interflora – the world’s largest flower delivery network
• Owns trade mark for INTERFLORA
• M&S – selling flowers online in direct competition
• Interflora and M&S argument began in 2008 when M&S
bought the AdWords for Interflora’s trade mark
• Interflora suing for trade mark infringement
38. Interflora v Marks & Spencer – the test
• Trade mark owners entitled to prevent a competitor
from bidding for Google AdWords identical to their mark
where use liable to have an adverse effect on functions
of the mark
• Also entitled to prevent competitor from advertising on
the basis of keyword corresponding to the mark where
unfair advantage of its distinctive character taken
39. Interflora v Marks & Spencer – the test
• Adverts cannot be prevented where AdWords based on
trade mark but put forward alternative goods or services
(but not imitations)
• Trade mark’s functions must not be adversely affected
by such adverts
40. Interflora v Marks & Spencer
• ECJ referred the decision back to the UK courts – each
case to be decided on its own merits
• UK courts to decide whether the function of the trade
mark has been adversely affected
• Meanwhile, a recent decision has held that witness
evidence obtained by Interflora in the form of surveys
cannot be relied on
41. Interflora v Marks & Spencer
• The law is changing...
• To be determined at
the Court of Appeal within the
next few weeks
42. Google Policy
“If a trademark owner files a complaint with Google
about the use of their trademark in AdWords ads, Google
will investigate and may enforce certain restrictions on
the use of that trademark in AdWords ads and as
keywords”
- Google’s AdWords Trademark Policy
44. Google Policy
“Google will investigate and may restrict the use of a
trademark within ad text. Ads using restricted trademarks
in their ad text may not be allowed to run”
- Google’s AdWords Trademark Policy
45. Google Policy
“Advertisers can use a trademarked term within ad text if
they are authorised, meaning that the trademark owner
sent Google the necessary form allowing an advertiser's
particular account to use a certain term”
- Google’s AdWords Trademark Policy
47. Google Policy
“There are some cases when the policy for ad text doesn't
apply, for example, campaigns targeting the United
States, Canada, the United Kingdom or Ireland may use
a trademark in ad text if the ad is in compliance with
resellers (primarily dedicated to selling the goods or
services corresponding to a trademark term) and
informational sites policy (the primary purpose of the
ad's landing page is to provide informative details about
goods or services corresponding to the trademark term).”
- Google’s AdWords Trademark Policy
49. Google’s EU and EFTA Policy
• Same rules apply - Google does not prevent trade marks
from being used as keywords in the EU and EFTA, but...
• Google carries out only a “limited investigation” as to
whether trade mark used with particular ad text is
confusing as to the origin of the advertised goods and
services
• Where keyword combined with ad text is confusing, ads
will be disapproved so they cannot run
52. EU Draft Data
Protection Regulation
- key points
DMA North
Leeds April 15th 2013
Caroline Roberts
Director of Public Affairs
Direct Marketing Association
53. Introduction
Why now?
What is being proposed and why is it
important?
The EU decision-making process
Timing
DMA and FEDMA lobbying activity
54. Why now?
1995 European Directive (implemented into UK by
1998 Data Protection Act) showing its age…
1) New technologies and more complex
information networks
2) Lack of common European law and differences
in national implementation
3) Consumer concern over privacy
4) Data protection now fundamental right under EU
Charter of Fundamental Rights
55. Headline proposed changes
• Expanded definitions: “personal data”
and “data subject”
• Explicit consent required
• Right to be forgotten
• Greater emphasis on accountability
• Notification of data security breaches
• More onerous sanctions for breach
• Data processors directly covered
56. Consent
Consent: Current Consent: Proposed
Position Position
- Freely given, -Freely given, specific, informed
specific, informed and explicit indication of data
subject’s wishes
indication of the
data subject’s -Given either by a statement or
wishes a clear affirmative action
- Explicit consent - Data controller / data subject
relationship to be taken into
required for account
sensitive personal
data only - Burden of proof on controller to
demonstrate consent
57. Key points in the draft Regulation
IP addresses and cookies
• Definition of personal data extended so could
cover some IP addresses and cookies as
“online identifiers”
• But IP addresses identify a device not an
individual + some IPs are general
• Huge implications for digital marketers
• Web analytics & profiling made much more
difficult, if not impossible
• Interaction with new cookie rules problematic
58. Key points in the draft Regulation
The right to be forgotten
• Right for individuals to request organisations to delete
any information held on them
• Drafted with social media in mind – but goes beyond
this
• Problem of information that has already been passed
on to third parties
• Possibility of misleading consumers by raising
unrealistic expectations
• Suppression files
• Changes to current text likely
59. Key points in the draft Regulation
Data Breach notification
• Any data security breach to be notified to ICO and the
individuals concerned within 24 hours
• Report to cover:
• nature of breach
• number of data subjects
• categories of data
• proposed mitigation
• Not always obvious if there has been a breach or how
extensive it is
• Problem of notification fatigue
• No threshold level specified
60. Key points in the draft Regulation
Subject Access Requests
(SARs)
• Data subjects to be able to request full information on
data held on them free of any charge
• Currently can levy a £10 fee – doesn’t cover cost but
deters time-wasters, frivolous or vexatious requests
• Costs organisations £50 million p.a. now to meet SARs
• Proposal that can provide data in electronic form if data
subject agrees to this
• Particular problem for financial services with mis-selling
issues and claims management firms
61. Key points in the draft Regulation
Compliance obligations
• Data protection obligations now shared between
agencies and clients, for example if holding
client’s database
• Privacy by Design/Privacy by Default
• Appointment of DP officer (250+ employees)
• 2 year appointment
• Independent reporting to board
• Information and training
• Maintenance of documentation
• Data protection impact reports
• International transfers of data outside EEA – law
would apply to any processing of data or EU
citizens
62. Proposed enhanced sanctions
• Up to €500k or 1% annual worldwide turnover
intentional or negligent failure to respond to
subject access requests in accordance with
Regulation
• Up to €1m or 2% of annual worldwide turnover
for other compliance failures
• Depends on:-
• size of organisation involved
• nature and gravity of breach
• whether intentional or negligent
• technical and organisational measures
• previous breaches
• co-operation with ICO
63. Key Points in the draft Regulation
Delegated Acts
• Many details to be implemented through additional
delegated legislation – some 45 Delegated Acts
mentioned.
• Details will not be clear until Regulation is passed
• These areas of secondary legislation will include:
• powers to specify further procedures
• technical standards for Privacy by Design/Default
• specification of lawful processing condition
• additional responsibilities for national data
protection authorities; etc.
• European Commission taking significant powers to itself
away from the national authorities - raises serious issues
of subsidiarity and accountability
• National governments and Data Protection Authorities are
concerned
64. Draft Regulation - DMA View
• DMA welcomes the Commission’s aim to reduce red
tape and simplify bureaucracy – but proposals do
not achieve that: overly strict, bureaucratic and
unworkable
• Needs to be a fair balance between privacy and
legitimate business interests
• Current proposals will stifle innovation, add
considerably to business costs and place
unnecessary obstacles to e-commerce jobs growth
• Will be particularly harmful to SMEs – MoJ says
demonstrating compliance will cost £10m p.a.
• Hard to say how Commission’s estimate of 2.3 billion
euro saving to businesses was calculated
65. Impact on direct marketing
•Potential opt-in for all communication
channels – the end of dm as we know it?
•Potential ban of profiling – less targeted and
more generic communication?
•Potential ban on list trading and lead
generation
•New information requirements and rights of
the data subject, e.g Right to be Forgotten
•Increased costs - £76,000 per business to comply
+ possible £47 billion of lost sales in UK
66. The process of EU decision-making
Proposes
Legislation
Codecision
Adoption
FEDERATION OF EUROPEAN DIRECT AND INTERACTIVE MARKETING
Into National Law
67. Current position – European
Parliament
• Civil Liberties Committee (LIBE) taking lead –
Rapporteur: Jan Philipp Albrecht MEP
(German Green)
• His report published 9th January – in parts even
tougher than Commission proposals
• 4 other Committees giving Opinions – 3000+
amendments tabled
• Vote to be taken in LIBE end of May
68. Timing in the EU institutions
•Commission proposal for a Regulation in
January 2012
• Parliamentary lead committee draft report:
9 Jan 2013
•Deadline for tabling amendments: 27 Feb 2013
• Vote in leading committee: 29/30 May 2013
•Trilogue with Council: Autumn 2013
•Expected plenary vote (1st reading): End 2013
•Takes effect: 2 years after adoption – 2016?
69. Current position
– Council of Ministers
• Council of Ministers Working Group (DAPIX)
meeting monthly
• Initial indications that UK Government (and
others) taking helpful and business-friendly stance
• Many object to delegated acts; find it too
prescriptive and would prefer a more principles-
based approach
• UK pushing for a directive, rather than a
regulation – as is Germany
70. Current position
- Commission
• 4th Dec 2012 – Commissioner Viviane
Reding spoke in European Parliament
• Said Commission willing to look at:
• More risk-based approach with focus on
type of data being processed
• Less prescription – although no detail
• Some exemptions for SMEs?
• Overall principles must be same for both
public and private sectors
• Delegated and implementing acts –self-
regulation perhaps for some?
71. Ministry of Justice
• Disagrees with Commission’s 2.3bn Euro savings –
burdens imposed will far outweigh net benefits: in UK
cost @ £100-360 million
• Many unintended consequences, esp for SMEs
• Changes to consent, profiling & definition of personal
data particularly costly to industry
• Likely knock-on effects for growth in technological sector
and internet economy
• Regulatory Impact Assessment quotes DMA’s figures &
examples
• Impact on behavioural advertising
• Creates unrealistic expectations for consumers – R2BF
proposal is “unworkable”
72. Key lobbying messages
• Data is essential for economic growth
• UK has leading role in EU digital economy
• SMEs particularly affected
• Transparent and responsible use of data is a vital
business practice
• In industry’s interests to handle data with care
• Self-regulation has valid role to play
• Regulation will not stop bad players
• The proposed regulation is bad for consumers
• Would damage users’ online experience
• Danger of tick-box culture & unrealistic expectations
• Need a proportionate data regime that recognises that not
all data is the same
• Personal data, sensitive data, anonymous/pseudonymous data
• Different levels of protection required
73. Lobbying activity – in Brussels
• Meetings in Brussels with key individuals in Council,
Commission & Parliament, e.g. Council Working Group; key
MEPs & advisers; party groups
• DMA working with FEDMA & other alliances – for collective
lobbying of Council and Parliament & lobbying directly
where there is no national DMA
• FEDMA position papers on priorities for industry + draft
amendments to text
• Data Industry Platform & Industry Coalition on Data
Protection - collective lobbying
74. Lobbying activity – in UK
• Contact with key UK MEPs
• Leading UK Data Industry Group response to the
proposed legislation & participating in CBI lobbying
• Research on consumer attitudes to privacy and on
economic value of the dm industry
• Lobby UK political leaders to influence their MEPs in
EU Parliament
• Providing DMA members with toolkit for lobbying
MEPs
78. DMA North
Legal Update
How the new Regulation will affect
businesses
Monday 15 April 2013
James Milligan
79. Introduction
• What it could mean for you
• Key proposals – what you should be doing
now to prepare
• Summary
80. What could it mean for you?
Telemarketing
• Move from opt-out to opt-in
• No cold calling to prospective customers
• No profiling or segmentation without
individual consumer's consent
81. What could it mean for you?
Data industry
• Most current activities will become heavily
restricted
• Data will become impractical and expensive
both to source and keep up-to-date
• Legacy data might be required to comply with
new regulation, prospect lists could be
decimated
• List broking severely restricted
82. What could it mean for you?
Online marketing
• Analytics impossible as no tracking of IP addresses
• Profiling is very limited without the explicit
consent of the consumer
• Tailored online experiences will require explicit consent
• Ads can no longer be targeted to individuals
• Data can no longer be used to target
future marketing activity
• Debate over whether legacy data will have to comply
with the new rules
83. What could it mean for you?
Direct mail
• Move from opt-out to opt-in: explicit consent
needed to send any message to any
recipient,
with the exception of existing customers
• Existing databases may not be usable under
regulation: could decimate prospect lists
• Demographic information will have to be
wiped
84. What could it mean for you?
Email marketing
• No tracking data allowed without explicit
consent, making effectiveness extremely
difficult and
unreliable to measure
• Profiling and segmentation will become
difficult
and patchy
• Tailored content will be hard to target and
harder
still to measure
85. Introduction of opt-in/explicit
consent
• Review language used at point of data
collection to ensure that consent is explicit
/opt-in
• Consent – freely given, specific informed and
explicit
• Do people understand what they are
agreeing to? – nation of liars
• Think about how you will update legacy
databases
• Children – consent wording for under 13’s if
offering them an information society service
86. Definition of personal data
• Think about how you will deal with extension
to Include location data, IP addresses,
cookies, online identifiers
• Pseudonymous/annonymous data – will you
be able to take advantage of exceptions?
87. Individual Rights and Remedies
• New Regulation may lead to increased public
awareness of rights e.g., right to request
information ( Data Subject Access Requests,
Right to be forgotten)
• Plan ahead for increase in queries from
clients/public
• Training for client/customer service teams
• Amend wording on privacy policies/data
collection notices to take account of new rules
on profiling.
88. Data security breach notification
• Introduce breach notification detection
procedures
• Think about how you will notify data
protection authorities and affected individuals
within whatever timescale is agreed
• Develop/review your data breach response
plan
89. Compliance obligations
• Review amount of data being processed,
erasure policies and data retention policies
• Requirement to demonstrate compliance will
mean more documentation in respect of
policies and procedures
• Contact centres, mailing houses, email/SMS
broadcasters will also be subject to these new
obligations, especially in respect of data
security
• Review staff training in data protection.
• Appointment of a data protection officer?
• Risk- based approach to compliance and data
protection impact assessments
90. Enhanced sanctions/fines
• Watch out if you get it wrong!
• Increase focus on compliance – board level
issue
• Review internal policies and procedures
91. Scope of the Draft regulation
• Main establishment/ one- stop shop
provisions
• Think about which country’s national data
protection authority will be lead regulator
• Possibility of changing country where head
office is located
• Review arrangements for transfers of data
outside EEA (27 Member States of EU +
Iceland ,Liechtenstein, Norway)
• Global group – application to EU citizens’
personal data.
92. Summary
• Start preparing now
• Transparency and consumer trust and
confidence
• Review policies and procedures
• Talk to your clients/suppliers in the data
chain
• Talk to the DMA
94. DMA North
Leeds – Monday, 15th April 2013
Data Protection round-up and other
key issues
Caroline Roberts Director of Public Affairs
James Milligan Solicitor
95. Information Commissioner’s Office
• March 2013 – ICO fines company £90,000 for
making nuisance calls
• February 2013 – ICO fines Nursing &
Midwifery Council £150,000 for breaching data
protection rules
• January 2013 - ICO fines Sony £250,000 for
breaching data protection rules
96. Excuses – they just don’t wash…
• “I won’t get caught by the ICO”
• “The ICO never does anything even if people do get caught”
• “Getting caught won’t affect my business”
Really?
• March 2013 – ICO fines company £90,000 for making
nuisance calls
• February 2013 – ICO fines Nursing & Midwifery Council
£150,000 for breaching data protection rules
• January 2013 - ICO fines Sony £250,000 for breaching data
protection rules
97. Excuses – they just don’t wash…
• “I won’t get caught by the ICO”
• “The ICO never does anything even if people do get caught”
• “Getting caught won’t affect my business”
Really?
• March 2013 – ICO fines company £90,000 for making
nuisance calls
• February 2013 – ICO fines Nursing & Midwifery Council
£150,000 for breaching data protection rules
• January 2013 - ICO fines Sony £250,000 for breaching data
protection rules
98. Excuses 101
• “I won’t get caught by the ICO”
• “The ICO never does anything even if people do get caught”
• “Getting caught won’t affect my business”
Really?
• March 2013 – ICO fines company £90,000 for making
nuisance calls
• February 2013 – ICO fines Nursing & Midwifery Council
£150,000 for breaching data protection rules
• January 2013 - ICO fines Sony £250,000 for breaching data
protection rules
99. Information Commissioner’s Office
• ICO Strategy Plan 2013-16
• New website
• Modernise ICO notification system
• Simplify guidance
• Policy challenges
• Strategic review
100. New CAP rules for online
behavioural advertising (OBA)
• Notice about collection of behaviour on website
if using OBA
• Notice about collection of behaviour around
each online advertisement delivered using
OBA
• Not create interest segments for targeting OBA
to children under 12
• Explicit consent for OBA at Internet Service
Provider (ISP) level
• Exemptions
• Enforcement
101. Financial Services
• Re-architecture of financial services regulatory
environment - replacement of FSA by Financial Conduct
Authority and Prudential Regulatory Authority from 1
April 2013
• Greater focus on consumer protection and how services
and products are marketed and sold
• New power to ban products and services
• New power to ban misleading financial promotions
• Consumer credit
• OFT Payday Lending Report
• Consultation on move of consumer credit regulation
to Financial Conduct Authority from OFT
103. Other issues on legislative agenda
• Consumer Protection
• Consumer Rights Bill
• Implementation of the EU Consumer Rights Directive
• EU Commission review of Unfair Commercial Practices
Directive
• Electoral register
• Electoral Registration & Administration Bill –
introduction of individual electoral registration and
system opened up for digital application.
• Edited version of register will be kept but issue on opt-
outs.
• Postal
• Policy of “reversions” of mail not meeting product
specification – Royal Mail have announced that they will
not charge reversions in respect of envelope sealing
issues until 1 April 2013 following DMA lobbying activity
• Employment
• TUPE – Government consultation on changes
104. Other legislative issues
• Environment
• Unaddressed mail preference service - awaiting
DEFRA input
• Telemarketing
• Claims management, nuisance calls – DMA has
formed Working Party with regulators, mobile
network operators, consumers.
• Contact Centres guidance on vulnerable
consumers
• Marketing to children
• Government “stock-taking” progress after Bailey
Report
• Alcohol strategy
• Minimum pricing; plain packaging
105. Any Questions?
james.milligan@dma.org.uk caroline.roberts@dma.org.uk
020 7291 3347 020 7291 3346
DMA members can contact DMA Legal Department for free advice:
by email: legaladvice@dma.org.uk
or call: 020 7291 3360
106. Thank you…
Presentations will be emailed to you Monday
A final thank you to all of today’s speakers:
Rupert Brent, Pinsent Masons
Caroline Roberts, DMA
James Milligan, DMA
107. Please return your completed
evaluation forms and badges to the
registration desk we look forward to
seeing you again!
Editor's Notes
Ask audience who has heard of Google AdWords
Explain facts of Google France case – see PLC note on it
What is Marks and Spencer doing here? Explain litigation going on at the moment – judgment due in the next few weeks
This is the online form which trade mark owners can use to authorise a third party to use their trade mark
EFTA = European Free Trade Association
04/17/13
04/17/13
04/17/13
The ordinary legislative procedure At what stage are we now