The Cambridge Analytica scandal has served to remind everyone of the importance of transparency and compliance when handling consumer data.
The issue has made a clear statement to businesses that they should try to mirror best practice and use an ethical approach when it comes to collecting consumers’ personal information. Just like Facebook CEO Mark Zuckerberg, every business needs to reflect on the importance of responsibility and transparency in handling consumer data, all the way from acquisition to storage, use and sharing.
Consumers will share data – under the right conditions
It can be argued that consumers already understand the benefits of data sharing. As Zuckerberg said to the Congressional committee questioning him, “we would all rather see relevant adverts than irrelevant, random ones.”
People are willing to share data, but it is important for businesses collecting it to make clear when and why it is being collected, and how it is likely to be used. In the age of the European General Data Protection Regulation (GDPR), which is now in force, the requirement for such transparency is going to become a part of commercial life. The new rules will make businesses far more accountable for the data they use, but it is also their responsibility to highlight to consumers what they will gain from sharing their data.
Trust and transparency have to be explicit
Trust is the foundation on which all data handling must now be built and marketers will have to work hard to establish it. Recent DMA research found that 78 per cent of people in the UK believe businesses are profiting far more from data sharing than consumers, and 88 per cent are looking for more transparency about data collection.
The ICO has been emphasising the importance of transparency ever since the countdown to GDPR started. Whether they are handling data they have obtained themselves or which they have acquired from other trustworthy sources. Companies must always be open with people about how information identifying them will be processed. This is a fundamental requirement not just of the new regulatory regime, but of an emerging consensus about what is ethical best practice for organisations handling personal data.
Businesses must learn best practice for using personal data
It is clear that some businesses have prioritised monetising their data over being transparent with users about how they are doing this. It is imperative that these businesses adjust their approach, as the regulation gives consumers the power to take their personal data away from an organisation at any time. Consumers have the right to request to see what data a company has on them, and, of course, if they are unhappy, they can ask for it to be deleted.
Opportunities not obstacles
For anyone managing a marketing function, this may sound like a lot of obstacles. Admittedly, GDPR places a great deal of importance on justifying marketing activity via the six legal grounds for processing personally identifiable data. One of these is legitimate interests, which offers greater flexibility, but it will nonetheless require careful assessment. Marketers will have to weigh up the freedom to market against the subject’s right to privacy under GDPR, offering clear opt-outs.
For every organisation, being transparent about the use of personal data and giving back control to consumers is inevitable. Ultimately, data is at the heart of modern society, potentially allowing businesses and consumers to benefit invariably from sharing information. That will not change.
Facebook’s reputation may have suffered in light of the scandal, but more than two billion users continue to rely on it for social interaction. Data will continue to be marketers’ greatest asset provided they use it honestly, proportionately and in compliance with regulations.
About John Mitchison
John Mitchison is the Director of Policy and Compliance at the DMA. John has extensive in-depth knowledge of the data and marketing industries, with more than 20 years of experience in both.
In recent years, he has worked closely with industry groups like the Data Protection Network and the DMA’s Responsible Marketing Committee as well as regulators like the Information Commissioners Office, Fundraising Regulator and Ofcom to develop guidance in a changing legislative landscape. His current focus is on issues around data protection, ensuring businesses can successfully prepare themselves for the upcoming EU General Data Protection Regulations (GDPR) and ePrivacy Regulations.
John is also the DMA’s media spokespeople and can often be seen offering comment in print, online, on radio and on TV. Prior to joining the DMA, John was a Client Services Manager for Acxiom, managing large data solutions for a number of key accounts. Before that, he worked at the Daily Telegraph, where he was responsible for generating data for their subscription acquisition program and production of direct marketing campaigns.