Last weekend, a data company commanded the front page of the Financial Times for exploiting customer data. But it wasn’t a story about the latest Cambridge Analytica/Facebook data infringement. Or another example of Google’s virtual monopoly of search habits.
It was about Bounty, a company that has been providing information and goody bags to new mothers since 1959 that was fined by the Information Commissioner's Office for selling the data of newborns. It was a bit like turning on the 10 o’clock news to hear that a second-hand car dealer has been exposed for shady practice. Ethically questionable? Sure. Headline news? I don’t think so.
There is a valid point here about whether any brand should have access to NHS hospitals and mothers at a vulnerable time of their lives.
But anyone who was schooled in direct marketing knows this is how data has always been collected and sold. For decades, companies would offer consumers a benefit in the form of free samples or a prize draw and invite people to fill in forms and surveys to claim their rewards. In turn, those companies would rent that data to brands in order to help them target prospective customers. Some of these businesses still exist; Bounty is one example. Experian, Equifax and many others use data like this too.
The value exchange is broadly straightforward and well-understood. Sure, the data companies historically lacked transparency and punters were trading their data too cheaply (a free pen, anyone?). But there were plenty of other players that offered their customers a clear deal. In cases such as Tesco Clubcard, MyWaitrose or British Airways Executive Club, there was a clear contract and understanding of mutual benefit.
As Seth Godin wrote in 1999 in one of the defining texts of the time: "Permission marketing is the privilege (not the right) of delivering anticipated, personal and relevant messages to people who actually want to get them. It recognises the new power of the best consumers to ignore marketing. It realises that treating people with respect is the best way to earn their attention."
Twenty years on, this view of how attention is best earned seems a little quaint, although I’d endorse Godin’s philosophy. Back then, if you didn’t want to receive unsolicited direct mail, it wasn’t difficult to get your name removed from a central register.
But that was before the digital revolution ushered in companies such as Google and Facebook. Businesses like these made the data extraction and commercial exploitation techniques of Bounty and Experian look positively primitive – and in ways that most people barely understand.
There is the data we are often willing to give and have always given – such as our birthdays and home address. But what about the information we may not want known, such as our sexual preferences, political allegiances or underlying social values?
Perhaps more worrying are the signals we don’t even know we are giving out – eg mobile phone battery levels as a proxy for risk-taking in financial services, responsiveness to messages as a signal of reliability in employment. This is all data that is capable of being identified and exploited in 2019. And it is.
It’s a cruel twist, then, for Bounty to be the one under the microscope, given that it has essentially turned up to a gunfight with a penknife.
Did the ICO want to make an example of a brand in the post-GDPR era and decided that Bounty was an easy scalp, given the vulnerability of the target audience? Or is the ICO starting with some old-school offenders as warm-up for the bigger battles?
Either way, there is a bigger issue at stake here – whether people are clear about what data is being collected about them and what constitutes reasonable consent.
It’s the reason permission is so often hidden in the small print. But now the digital giants have upped the stakes, this isn’t going to wash.
You may be familiar with the maxim "if you’re not paying for the product, you are the product". But the simple truth is that in our rush to use a service – whether it’s a new phone, an app or a social platform – we’re inclined to press "yes" without bothering with the small print.
So what choices can media and data companies credibly offer that allow them to discharge their moral responsibility and empower consumers? I’d say the choices offered to consumers should broadly include:
- Provide little or no data and pay for the product
- Invest time in choosing to share some data in return for some defined benefits
- Be the product and let brands use the data as they wish and give up rights to privacy
The principles are fairly straightforward – although in each case the detail needs to be worked through. Netflix? Pay a subscription. YouTube? You can choose to see ads or pay to have an ad-free environment (although I suspect Google is profiling the hell out of you either way). But if media and app owners embrace the radical transparency I’m advocating, brands can claim with integrity that they have offered clear choices and consumer trust can be rebuilt.
As Godin suggested 20 years ago, it’s best to treat consumers with respect and earn their attention. But the battle is now so asymmetric that people often can’t tell how and when their data is being used. So if consumers don’t understand or exercise their powers of consent, governments will need to summon up the courage to take meaningful action to protect them. And that will merit a front-page story.
Marc Nohr is chief executive of Fold7 and chair of the IPA’s Commercial Leadership Group