iCrossing UK Client SummitThursday, 17th May 2012 Caroline RobertsDirector of Public Affairs
The Direct Marketing Association• Europe’s largest national trade association in the marketing and communications sector• 920 corporate members –suppliers, agencies and clients who use dm• Client members include major blue chip UK (or operating in UK) companies, e.g. Readers Digest, News International, Barclays Bank, American Airlines, Virgin Media, Save the Children, British Gas, the main political parties, Microsoft, Marks & Spencer PLC• Supplier members include list brokers, email marketers, mobile marketers, social media, mailing and fulfilment houses, creative agencies, etc.• Services include: lobbying; legal advice; events; research; self- regulatory mechanisms; business development opportunities
Two major pieces of legislation on data use• EU Draft Data Protection Regulation – A proposal from the European Commission to update EU Directive 95/46/EC now beginning its passage through EU institutions• Privacy and Electronic Communications Regulations 2011 – EU Directive 2009/136/EC – Enacted 26th May 2011 – Will be enforced from 26th May 2012
Draft EU Data Protection Regulation• Where are we now• Background to the proposal• Key points in the proposed Regulation• Influencing the legislation
Where are we now?• European Commission published draft Data Protection Regulation 25th January 2012• Consultation process since May 2009• Ministry of Justice Call for Evidence Jan-Feb 2012• Jan 2012 – 2014?? – European legislative process• ?? 2016 – New Regulation in force
Why revise the law now?1995 European Directive ( implemented into UK by 1998 Data Protection Act ) showing its age due to:1) Law doesn’t take account of new technologies – and more complex information networks: interconnected data rather than held in databases2) Lack of common European law and differences in national implementation3) Consumer concern over privacy – high profile data security breaches, etc.
Key points in the draft Regulation Opt-in and opt–out - obtaining consent• General rule for direct marketing – “explicit consent by clear statement or affirmative action” . Much more prescriptive.• Possible legitimate interests exemption ?• Legacy databases – what about data collected under current law?• At worst, if consent cannot be proved, whole databases could be scrapped.• At odds with existing rules on voice calls, email and SMS marketing• Would almost certainly lead to requirements for increased opt-in mechanisms Increased burdens on business Decrease in functionality of many consumer- friendly services
Key points in the draft RegulationIP addresses and cookies• Definition of personal data extended so could cover some IP addresses and cookies• But IP addresses identify a device not an individual + some IPs are general, e.g. in a library or internet cafe• Huge implications for digital marketers• Web analytics & profiling made much more difficult, if not impossible• Interaction with new cookie rules
Key points in the draft Regulation The right to be forgotten• Right for individuals to request organisations to delete any information held on them• Drafted with social media in mind – but goes beyond this• For dm, there is an obligation to suppress, rather than delete, i.e. “need to keep to remember to forget”.• Also problem of information which has already been passed on to third parties• Possibility of misleading consumers by raising unrealistic expectations• Need to strike more reasonable balance between consumer expectations and limiting use of data for legitimate business purposes.• A possibility that dm might be OK - but this needs to be clarified
Key points in the draft RegulationData Breach notification• Every organisation that suffers a data security breach would have to notify Information Commissioner’s Office and the individuals concerned within 24 hours• Not always obvious if there has been a breach or how extensive it is• Problem of notification fatigue, so individuals could fail to take action when it is necessary to do so.• No threshold level specified.
Key points in the draft RegulationSubject Access Requests• Data subjects to be able to request full information on data held on them free of any charge• Currently can levy a £10 fee – doesn’t cover cost but deters time-wasters, frivolous or vexatious requests.• Costs organisations £50 million p.a. now to meet SARs• Proposal that can provide data in electronic form if data subject agrees to this
Key points in the draft Regulation- Marketing to Children• General rule – parental consent required for under 18’s• Exception for online marketing to children under age of 13• No flexibility – a risk-based approach would be better.
Key points in the draft Regulation Compliance obligations• Data protection obligations now shared between agencies and clients, for example if holding client’s database• Appointment of designated Data Protection Officer for organisations with 250+ staff• Accountability/Privacy by Design/Privacy by Default• Increase in fines/sanctions – in stages, of up to 2% of global turnover or 1 million euros• International transfers of data outside EEA – law would apply to any processing of data or EU citizens. Not always possible to tell.
Key points in the draft RegulationFurther delegated legislation• Much of the detail of the Regulation will be implemented through additional delegated legislation – some 45 Delegated Acts are mentioned.• Details of this secondary legislation will not be clear until Regulation passed• These areas of secondary legislation will include: • powers to specify further procedures • technical standards for Privacy by Design/Default • specification of lawful processing condition • additional responsibilities for national data protection authorities; etc.• European Commission will be taking significant powers to itself away from the national authorities - raises serious issues of subsidiarity and accountability
EU Draft Data Protection Regulation- DMA View• DMA welcomes the Commission’s aim to reduce red tape and simplify bureaucracy – but proposals do not achieve that: overly strict, bureaucratic and unworkable• Hard to say how Commission’s estimate of 2.3 billion euros saving to businesses was calculated• Needs to be a fair balance between privacy and legitimate business interests• Current proposals will stifle innovation, add considerably to business costs and place unnecessary obstacle to e- commerce jobs growth• Will be particularly harmful to SMEs
Influencing the legislation• DMA is: – Lobbying UK Ministers in MoJ, DCMS, BIS who represent UK in EU Council of Ministers – now meeting in Working Group – Leading UK Data Industry Group response to the proposed legislation & participating in CBI Group on Data – Working with Federation of European Direct and Interactive Marketing Associations (FEDMA) in Brussels leading collective EU dm effort – Lobbying MEPs – particularly on Civil Liberties Committee, and Internal Market and Trade Committees – Working with US DMA to influence US administration, FTC,etc. – Key research on consumer attitudes to privacy and on the economic value of the dm industry
PECR – the new cookies lawThe law has been in place since 2003 • required anyone using cookies to provide clear information about them and provide opt-out if desired.• The 2011 Regulations dramatically tighten the rules • now, anyone depositing cookies is required not just to provide clear information about them but also to obtain consent from users to store a cookie on their device. • New ICO powers to issue monetary penalty notices of up to a maximum of £500,000 for serious breaches• The EUs revised PEC Directive came into force on 26 May 2011 but ICO said would not fully enforce for one year to give business time to prepare.
The law doesn’t just cover cookies• The law covers all technologies which store information in the “terminal equipment" of a user, and that includes so-called Flash cookies (Locally Stored Objects), HTML5 Local Storage, web beacons or bugs…and moreTwo exemptions from consent requirement• “use of cookie is for the sole purpose of carrying out the transmission of a communication over an electronic communications network”• “cookies that are strictly necessary for the provision of a service” e.g. internet banking, online shopping carts, website log-ins
The ICO’s advice 2 sets of Guidance on www.ico.gov.uk• “It is not enough simply to continue to comply with the2003 requirement to tell users about cookies and allow them to opt out. The law has changed and whatever solution an organisation implements has to do more than comply with the previous requirements in this area.”• “But, come 26 May…. when our 12 month grace period ends, there will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there.”
In conclusion• Issues surrounding implementation of regulation for email and mobile marketing still a grey area.• DMA Countdown to Cookie Compliance – 10 Steps – Guide for Email marketers – Guide for Mobile marketers• ICO guidance + will be issuing more in next 2 weeks• ICC Guide on cookies issued this month• Getting it wrong could result in adverse commercial impact – and regulatory intervention?• The rules of engagement online WILL change – how is up to you.
Aren’t we there already? op·por·tu·ni·ty noun, plural op·por·tu·ni·ties. 1. an appropriate or favorable time or occasion: Their meeting afforded an opportunity to exchange views. 2. a situation or condition favorable for attainment of a goal. 3. a good position, chance, or prospect, as for advancement or success.
Media buying has changed.Inventory booked far in advanced.Post campaign optimisation.Audience defined by placement.Huge wastage……and search took all the budgets.
The clearest display of intent?Users displaying intent, in real-time.Highly targeted, precisedistribution system.Only reach users who want to findyou brand.Massive efficiency.…and data became personal andreal-time.
Data is already at the heart of media buying.Technology has changed the way we buymedia.Data has changed the way we buy media.
Scale audience from your own customers. 3rd Party Data 3rd party pixels
It’s the results that matter…The Value of data lies in the improvements in ROI it canprovide but…A lack of transparency & standards.Removing the “noise” is difficult.Data is expensive and available to everybodyInsight sits with media buyers.…raises the question of “how much value does 3rd partydata bring to my business?”
But the opportunity for brands is significant The Audience Management Platform For the digital age Social campaigns Facebook SEO Social Twitter campaigns data Youtube Spot cable 3rd TV buying Intent data Device data party Direct Look-a-likes data marketing Call center systems Attribution modeling Brand Standards/ Data Security Governance Source: Forrester Research, Inc.
The Red Aril platform provides a full solution…Integrated Data Portfolio Marketing Platforms Website Data • Ad Servers • Inventory/Yield Optimizers Mobile Data • Content Management • Site Personalization Digital Data • Creative Optimization e.g. Email, Search • Ad Networks/DSPs Offline Data • Mobile Networks e.g. CRM, POS Analytic & Insight • Ad Exchanges/SSPs Social & Life Data • Data warehouses e.g. Registration, etc. Data Monetization 3rd Party Data • Data Exchange • Private Exchanges Sales Marketing Ops
Inside the sausage factory Client Application Interface Red Aril Self-Service Full-Service Audience Management Data Analysis Real–Time Processing Management Audience Development Data Data Rights Audience Verification Data Inventory Closed-Loop Optimization Audience Optimization Data Protection Event Classification System Audience Extension Browser API Batch Custom Data Integration 1st, 2nd, Data Online, Offline (CRM) 3rd – Integration
The Red Aril architecture User Interfaces, Systems, Platforms Media Execution DATA DELIVERY LAYER API Server-to-Server Browser Based REPORTING & ANALYTICS AUDIENCE DISTRIBUTION & Attribution Data Usage DECISIONING ENGINE DATA PROCESSING & AGGREGATION AUDIENCE & MEDIA MODELING Data Cleansing Data Normalization Segmentation Qualification INTELLIGENT DATA DISTRIBUTION LAYER DATA RIGHTS MANAGEMENT DATA INTEGRATION LAYER Relational DB API / Native Browser Based Server-to-Server Log Connector Connectors Connectors 1st Party Data 3rd Party Data Website Offline CRM Models Online Data Publisher Offline Data Providers Data Providers Search Email Ad Server
Functionality – Depth, Breadth, Analytics End-to-end solution: Data – Audience – Extension Complete data portfolio control – 1st, 2nd, 3rd party data – all together Real-time, user-level, audience modeling – predictive extensions
Get the right message to the right person • Demographic Markers • Psychographic Markers • Media Exposures • Search History • Site Behavior Audiences • Social Graph Context • Competitors • Brands • Devices Content • Channels • Socio-economics • Media • Categories • Semantics • Lifespan • User Generated