Stop the Scaremongering and Tell the Whole Story on Data
Negative news around data misuse since May’s GDPR launch has become commonplace. David Snocken, head of data and strategy for one-to-one marketing company Clicksco, examines the situation data teams now face.
At the end of October, enforcement action was taken against French start-up, Vectaury, by the French Data Protection Authority, the Commission Nationale de l’Informatique et des Libertés (CNIL). The news, both accurately and inaccurately reported, has spread like wildfire – causing negative repercussions for many data handlers and the IAB; raising concerns over its data consent framework.
Whilst it has been reported, in some instances, that the reason the CNIL prosecuted Vectaury is because the company was registered as a Consent Management Provider (CMP), the IAB says the investigation started prior to Vectaury ever registering itself as a CMP. On many of the points, the CNIL considered Vectuary’s conduct to have violated GDPR while the IAB argued it also violated its Europe Transparency and Consent Framework’s policies (TCF).
Lack of certainty
What this latest case highlights, is there is a serious lack of certainty in the industry concerning how businesses can be compliant while remaining commercially viable and where advice should come from to ‘do the right thing’. Ambiguity around GDPR, coupled with current negativity towards the IAB and pressure from activist groups, makes for an unsettled playing field but also points to one thing – taking a more ethical stance.
Although the IAB framework isn’t yet perfect, it’s growing in popularity with big CMPs, including TrustArc and OneTrust joining the party, which brings confidence for other data companies that following this framework should hopefully keep their enterprises aligned with GDPR.
But for agencies and platforms like ours, which use data in an ethical way and has a portfolio of brands that require meaningful adtech solutions, it is difficult to overcome the negative noise and keep the focus on the consumer benefits. We strongly believe that consumers should know their rights when it comes to data handling and that there should definitely be restrictions on how data is mined and used, but it’s clear that the whole story isn’t being told.
Utter the word data to the average person and with all the recent press they think of Big Brother and their privacy being stolen. With such a raft of negative news about the issue out there, many consumers are rightly wary, but if challenged most would accept that media consumption can’t be free and would be happy to be served a well-targeted advert, that they can engage with or ignore, in order to consume their favourite content online.
Capturing consent too needs to be aligned – the variety of consent mechanisms in use currently have varying interpretations of what ‘informed’, ‘freely given’ and ‘affirmative’ means and different approaches are evident when allowing a user to change their preferences. We can see this lack of certainty has led to a lot of experimentation to discover the boundaries of acceptability; is a clear notice that continued use of a site is ‘affirmative’ or is a button click required? Does a single ‘I accept’ button before being allowed access to content actually count as freely given?
Yet, most consumers want a frictionless engagement with sites and the ad eco-system and while blatant misuse of their data is wrong, introducing too many hoops for consumers to jump through to get to their content goes against the grain for the time-poor, available now culture we live in. Would it really be appropriate to have a full-page pop-up of detailed purposes and a long list of third parties to review and accept before we can read a news article link that has been sent on to us? It’s this balance between GDPR requirements, consumer experience and advertisers’ commercial interests that the IAB, and others, are working towards facilitating.
Trustworthy and well executed personalisation should almost be transparent and enhance the customer experience; think of Amazon’s prompt ‘people who looked at X also viewed Y’ or the Spotify feature which allows users to seamlessly discover new artists. Both are uses of consumer data for personalisation which are well executed to improve the consumer experience.
In summary, it’s important the industry isn’t too knee-jerk in reaction to the IAB relating to stories like Vectaury’s. And, in my opinion, that more support is given to organisations like IAB who are trying to help the industry navigate GDPR effectively. Overall, this issue isn’t going to resolve itself in the short-term – we’ll see this balancing act continue to play out for many months to come. Hopefully, it will conclude with reaching a clear definition of ‘consent’ – one that suits both legal and commercial sensitivities by defining the rules that everyone works within; is fit for purpose and most importantly, is in the best interest of the consumer.