After a 5am start to get down to London and set up our stand, we had a great day at the Data & Marketing Association's Data 2020 event.
It was good to catch up with our guests at the event;
- Helen de Saxe, a former client and valued Marketing expert,
- Nick Crawford PG Dip DigM (B2B) of Twist Consultancy, and
- Andrew Menniss of PrivSec/Data Protection World Forum.
We also extend our gratitude to the DMA for inviting us to be a part of this event for the third year running and their support in launching and running the 2019 SME GDPR Readiness Survey.
There was a lot of useful and informative information throughout the day, far too much to digest in one post so here are the potted highlights. We'll post more on some of the subjects over the coming weeks.
Key take-away's for the day;
- Do not underestimate complacency. It is far too easy to think that just because we've always done something the way we've done it, that it's fine to continue doing it going forward.
- Transparency and honesty should always prevail in the data value exchange
- Consumers will generally accept processing if they see and understand the need and the benefits to them. They will however fear the unknown and the things they do not understand
- Brexit is still a blank page for data, but Pret-a-Manger know their audience, Brexit Remainers! or highly affluent areas.
- Cookies are more than just files on devices, they're any tracking technology, even potentially email tracking data such as Clicks and Opens!
The day in summary . . . It was a long day!
Chris Combermale (CEO of the DMA)
Chris kicked off the day by asking "what is the difference between an ICO Code of Practice (as required by the Data Protection Act 2018) and a Code of Conduct as allowed for in the GDPR Articles 40 & 41"The answer to that question was this;
- The ICO DM Code of Practice is written by the ICO, in consultation with the industry (the DMA who represent the marketing industry)
- An Industry Code of Conduct, is written by the industry (the DMA) in consultation with the ICO
Chris went on to say that in the DMA's view (which we would tend to agree with), it ought to be the role of the DMA to draft such codes of conduct and maintain compliance with them, as this was the intention in the GDPR Articles 40 and 41, to free up the ICO to work on compliance issues rather than the simple failure to adhere to a code of practice.
We would hope that if the ICO prevail and it is a version of the ICO DM Code of Practice that is implemented, that they will choose the DMA to implement it as the industry experts in line with Article 41.
We were intrigued by suggestions that where an organisation engages a Marketing Technology provider to broadcast emails on their behalf, that both the organisation and the MarTech provider should have consent to "process" the personal data involved.
We can envisage some business relationships (where lists are rented and broadcast by the list broker) where there could feasibly be a Joint Controller relationship (Company A determining the purpose of communication and Company B determining the means of communication) however in many and most scenarios where you are the Data Controller of the recipient data, the MarTech provider would surely just be a Data Processor subject to contracts.
One suggestion for the DM Code which seems very well received is the concept of giving Data Brokers (List Brokers) a licence number and requiring this to be included on any email sent to contacts on their lists. This would enabled an auditable trail of who is sending emails from which lists and brokers and allow consumers a single registry against which they can check the legitimacy of a list.
This would mean that where an email is received without that licence, or where that licence does not resolve to the correct party, action could be much more easily taken against the company using that data unlawfully, and consumers would have a clear pathway to exercise their rights with the list brokers.
Professor Anand Menon of Kings College London
Professor Menon has to get this years award for most entertaining presenter with his engaging talk on Brexit.
In our opinion he is probably right that any negative impact felt by the UK is more likely to be spun as down to CORVID19 (Coronavirus) but the reality is, the UK is already feeling the effect of Brexit.
There is a danger that we leave without a deal and the EU stance appears to be one of all-or-nothing. The UK Government want to negotiate and agree each element of trade, fishing, data etc but the EU seem to be saying no. That means there is a risk that the EU won't grant us Adequacy which could have a major impact on the free flow of data.
Overall his statistics were interesting, showing that more people now feel that Brexit will have a negative impact on the UK, but most people if asked to vote again, would not vote differently.
Professor Menon injected a little humour into the day by showing the Brexit Vote map along side the map of Pret-a-Manger locations. It demonstrated that either Brexit Remainer's really like Pret, or Pret only place their stores in affluent areas which were more likely to vote Remain.
Simon McDougall - Technology & Innovation Executive Director at the ICO
Simon relayed to the audience that following his presentation last year on the AdTech industry being in the ICO's sights for 2019, progress was being made and that progress was positive.
He told us how initially they met resistance from AdTech businesses who were insistent that "thing's are ok, nothing needs to change!" yet now, having worked with the ICO they're more open to the opinion that some things do need to change. He also relayed how the UK's Internet Advertising Bureau are actively working with the ICO to design a set of principles that align with the ICO's concerns as well as providing industry guidance on security, data minimisation and data retention.
Overall the outlook was positive but the audience did question the ICO's decision not to go down the enforcement route.
The answer however was simple, the ICO can be more effective offering guidance and support, rather than trying to play Whack-a-Mole with countless AdTech businesses all fighting to survive.
Here in the UK we should value that our regulator would rather work with business to help them be better data custodians!
Julia Porter - Board Member for the Data Protection Network
Julia presented how the Data Protection Network were providing new guidance designed to clean up the mess of acronyms and jargon that confuse people, particularly around AdTech.
Her key message was to embrace transparency and education whilst maintaining control and consideration for consumer rights.
Julia reminded us all that if we use AdTech, we must be careful about the ads we show, particularly if they could constitute as Special Category Data, citing the 2013 case of an MP undertaking a social media "shout-out" displaying a screenshot of his own website which embarrassingly contained an advert for an Asian Dating Website, purely because he'd shown interest in Asian Dating Websites in there previously.
She finished by asking businesses to question if they can truly attribute revenue to targeted advertising of this nature. It was her view that most could not, and that in reality, using less risky un-targeted ad's could yield similar profits. We're not sure we share this view as targeted advertising does work where we've seen it done ethically.
Perhaps there is more to learn about AdTech and how to use it more effectively in a controlled and ethical manner?
Fedelma Good, Director at PwC
Fedelma bought some interesting perspectives on cookies and cookie consent.
It was reaffirmed that cookies are not just the small files placed on devices by websites and apps, but can indeed be other technologies that allow the identification of users and tracking of activity, for example device ID's (device fingerprints), tracking pixels, blank gif's and social media plugins, even email click and open tracking could be caught by cookie law and require consent.
Further, it was mentioned that analytics cookies are generally not "necessary", the same as it is not "necessary" to track whether a recipient has opened an email or clicked a link. Websites can function without Google Analytics tracking, and emails can be delivered without the click/open tracking.
Fedelma ended by touching on the subject of Cookie Walls and specifically citing the ICO's November 2018 finding against The Washington Post. In that case, The Washington Post were incentivising consent by asking readers to pay to view content without advertising.
Interestingly, The Washington Post still undertake this much frowned upon activity and other EU regulators have been quoted as frowning upon similar cases. Time will tell if the GDPR will through the European Courts be enforced globally as suggested by its scope.
In the mean time, cookie walls will remain open for future debate.
Robert Bond, Partner at Bristows LLP
Prior to the Rosemary Smith Award for Responsible Marketing, Robert introduced the finalists for this award who were;
- Scott Joslin, Senior Vice President – International Data Strategy, WarnerMedia;
- Paula Welsh, Keech Hospice Care; and
- Kristof Ruisz, Privacy Adviser – Group Legal and Data Privacy Officer, Emirates
Also joining the panel was Joe Porter, Marketing & Privacy Manager for One Trust
The panel discussed the various methods that each finalist had used to implement Privacy by Design in their Marketing processes and we were pleased to hear that all of them shared some very common controls including;
- checklists for new processes, Data Protection Impact Assessment requirements and creation of third-party processor contracts.
- bringing stakeholders from across the business together into a Privacy by Design working team to ensure privacy was considered from the ground up on every project.
- flow charts to aid the making of decisions.
Scott from WarnerMedia shared how within their brand, rather than "talk at" style training, implemented more interactive and engaging training surrounding data protection, using physical elements to make the training fun and engaging, and as a result more memorable and attracting more people from within the business to participate.
The DMA Gold Award winning “The Dynamic Blood Appointment” campaign
Tristan Cavenagh (Creative Director for 23red),
Jonathan Acton (Head of Creative Delivery for Clear Channel) and
Tom Aggett (Marketing Manager for NHS Blood and Transplant)
presented an interesting piece on the DMA Gold Award winning “The Dynamic Blood Appointment” campaign which ran in January 2019.
The project demonstrated the true power of using real-time data in an ethical way to present images and text that captured the attention of the general public, including messages such as how many free blood donation slots there were available and how far away the nearest blood donation clinic was located, along side images of real people that would resonate with the people in that specific area.
The campaign really did prove itself with a positive impact, the highest number of new blood donation registrations seen in one day for the last 5 years, and generating a 55% increase in new blood donation registrations when compared with non-dynamic advertising which was used as a control.
Read more about the award winning campaign here
Data Ethics with Rachel Aldighieri, Managing Director of the DMA
The final session of the morning touched on the subject of Data Ethics, hosted by Rachel Aldighieri, Managing Director of the DMA. Guests included
- Dean Russell, MP for Watford
- Olivia Gambelin, Founder & CEO of Ethical Intelligence
- Ben Lyons, Head of Policy Reviews, Centre for Data Ethics and Innovation
- Firas Khnaisser, Head of Decisioning for Standard Life.
Dean Russell MP was particularly concerned with smaller businesses and education around transparency and ethics, a subject which is close to our own heart.
Data Ethics wouldn't be complete without bringing Artificial Intelligence into the equation and indeed the panel all agreed that there is a place for AI, particularly where an AI could make decisions far quicker than any person could, but that we needed to control that. Most people of a certain generation will welcome AI and digital tracking with open eyes and welcome arms, but some take exception to being tracked and monitored. Not always because they fear the tracking, but because they fear the integrity and ethics of the organisation behind it. This all said, an old person laying in need somewhere, would happily embrace tracking technologies and AI if that information is transparently and ethically used to send them much needed help, when they need it and much quicker.
The clear overarching message around AI and Data Ethics seemed to be that people want to understand how their data is used.
- If we are transparent and consumers understand our use of data and and see the benefits to them, they will generally accept it.
- If we hold back, hide our intentions or make it complicated and unintelligible, they will fear it and trust us less.
We must think about the data value exchange for everything we do and make sure consumers understand and accept it willingly.
Organisations are now only custodians of data, the individual must be in control.