20. iCrossing UK
Client Summit
Thursday, 17th May 2012
Caroline Roberts
Director of Public Affairs
21. The Direct Marketing Association
⢠Europeâs largest national trade association in the marketing and
communications sector
⢠920 corporate members âsuppliers, agencies and clients who use dm
⢠Client members include major blue chip UK (or operating in UK)
companies, e.g. Readers Digest, News International, Barclays Bank,
American Airlines, Virgin Media, Save the Children, British Gas,
the main political parties, Microsoft, Marks & Spencer PLC
⢠Supplier members include list brokers, email marketers, mobile
marketers, social media, mailing and fulfilment houses, creative
agencies, etc.
⢠Services include: lobbying; legal advice; events; research; self-
regulatory mechanisms; business development opportunities
22. Two major pieces of legislation on data use
⢠EU Draft Data Protection Regulation
â A proposal from the European Commission to
update EU Directive 95/46/EC now beginning its
passage through EU institutions
⢠Privacy and Electronic Communications
Regulations 2011
â EU Directive 2009/136/EC
â Enacted 26th May 2011
â Will be enforced from 26th May 2012
23. Draft EU Data Protection Regulation
⢠Where are we now
⢠Background to the proposal
⢠Key points in the proposed Regulation
⢠Influencing the legislation
24. Where are we now?
⢠European Commission published draft Data Protection
Regulation 25th January 2012
⢠Consultation process since May 2009
⢠Ministry of Justice Call for Evidence Jan-Feb 2012
⢠Jan 2012 â 2014?? â European legislative process
⢠?? 2016 â New Regulation in force
25. Why revise the law now?
1995 European Directive ( implemented into UK by 1998 Data
Protection Act ) showing its age due to:
1) Law doesnât take account of new technologies â and more
complex information networks: interconnected data rather than
held in databases
2) Lack of common European law and differences in national
implementation
3) Consumer concern over privacy â high profile data security
breaches, etc.
26. Key points in the draft Regulation
Opt-in and optâout - obtaining consent
⢠General rule for direct marketing â âexplicit consent by clear
statement or affirmative actionâ . Much more prescriptive.
⢠Possible legitimate interests exemption ?
⢠Legacy databases â what about data collected under current
law?
⢠At worst, if consent cannot be proved, whole databases
could be scrapped.
⢠At odds with existing rules on voice calls, email and SMS
marketing
⢠Would almost certainly lead to requirements for increased
opt-in mechanisms
ď Increased burdens on business
ď Decrease in functionality of many consumer-
friendly services
27. Key points in the draft Regulation
IP addresses and cookies
⢠Definition of personal data extended so could cover
some IP addresses and cookies
⢠But IP addresses identify a device not an individual +
some IPs are general, e.g. in a library or internet cafe
⢠Huge implications for digital marketers
⢠Web analytics & profiling made much more difficult, if
not impossible
⢠Interaction with new cookie rules
28. Key points in the draft Regulation
The right to be forgotten
⢠Right for individuals to request organisations to delete any
information held on them
⢠Drafted with social media in mind â but goes beyond this
⢠For dm, there is an obligation to suppress, rather than
delete, i.e. âneed to keep to remember to forgetâ.
⢠Also problem of information which has already been passed
on to third parties
⢠Possibility of misleading consumers by raising unrealistic
expectations
⢠Need to strike more reasonable balance between consumer
expectations and limiting use of data for legitimate business
purposes.
⢠A possibility that dm might be OK - but this needs to be
clarified
29. Key points in the draft Regulation
Data Breach notification
⢠Every organisation that suffers a data security breach
would have to notify Information Commissionerâs
Office and the individuals concerned within 24 hours
⢠Not always obvious if there has been a breach or how
extensive it is
⢠Problem of notification fatigue, so individuals could fail
to take action when it is necessary to do so.
⢠No threshold level specified.
30. Key points in the draft Regulation
Subject Access Requests
⢠Data subjects to be able to request full information on
data held on them free of any charge
⢠Currently can levy a ÂŁ10 fee â doesnât cover cost but
deters time-wasters, frivolous or vexatious requests.
⢠Costs organisations £50 million p.a. now to meet SARs
⢠Proposal that can provide data in electronic form if data
subject agrees to this
31. Key points in the draft Regulation
- Marketing to Children
⢠General rule â parental consent required for
under 18âs
⢠Exception for online marketing to children
under age of 13
⢠No flexibility â a risk-based approach would
be better.
32. Key points in the draft Regulation
Compliance obligations
⢠Data protection obligations now shared between agencies
and clients, for example if holding clientâs database
⢠Appointment of designated Data Protection Officer for
organisations with 250+ staff
⢠Accountability/Privacy by Design/Privacy by Default
⢠Increase in fines/sanctions â in stages, of up to 2% of
global turnover or 1 million euros
⢠International transfers of data outside EEA â law would
apply to any processing of data or EU citizens. Not always
possible to tell.
33. Key points in the draft Regulation
Further delegated legislation
⢠Much of the detail of the Regulation will be implemented through
additional delegated legislation â some 45 Delegated Acts are
mentioned.
⢠Details of this secondary legislation will not be clear until Regulation
passed
⢠These areas of secondary legislation will include:
⢠powers to specify further procedures
⢠technical standards for Privacy by Design/Default
⢠specification of lawful processing condition
⢠additional responsibilities for national data protection
authorities; etc.
⢠European Commission will be taking significant powers to itself away
from the national authorities - raises serious issues of subsidiarity and
accountability
34. EU Draft Data Protection Regulation
- DMA View
⢠DMA welcomes the Commissionâs aim to reduce red tape and
simplify bureaucracy â but proposals do not achieve that:
overly strict, bureaucratic and unworkable
⢠Hard to say how Commissionâs estimate of 2.3 billion euros
saving to businesses was calculated
⢠Needs to be a fair balance between privacy and legitimate
business interests
⢠Current proposals will stifle innovation, add considerably to
business costs and place unnecessary obstacle to e-
commerce jobs growth
⢠Will be particularly harmful to SMEs
35. Influencing the legislation
⢠DMA is:
â Lobbying UK Ministers in MoJ, DCMS, BIS who represent
UK in EU Council of Ministers â now meeting in Working
Group
â Leading UK Data Industry Group response to the proposed
legislation & participating in CBI Group on Data
â Working with Federation of European Direct and Interactive
Marketing Associations (FEDMA) in Brussels leading
collective EU dm effort
â Lobbying MEPs â particularly on Civil Liberties Committee,
and Internal Market and Trade Committees
â Working with US DMA to influence US administration,
FTC,etc.
â Key research on consumer attitudes to privacy and on the
economic value of the dm industry
36. PECR â the new cookies law
The law has been in place since 2003
⢠required anyone using cookies to provide clear
information about them and provide opt-out if desired.
⢠The 2011 Regulations dramatically tighten the rules
⢠now, anyone depositing cookies is required not just to
provide clear information about them but also to obtain
consent from users to store a cookie on their device.
⢠New ICO powers to issue monetary penalty notices of up
to a maximum of ÂŁ500,000 for serious breaches
⢠The EU's revised PEC Directive came into force on 26 May 2011
but ICO said would not fully enforce for one year to give business
time to prepare.
37. The law doesnât just cover cookies
⢠The law covers all technologies which store information in the
âterminal equipment" of a user, and that includes so-called Flash
cookies (Locally Stored Objects), HTML5 Local Storage, web
beacons or bugsâŚand more
Two exemptions from consent requirement
⢠âuse of cookie is for the sole purpose of carrying out the
transmission of a communication over an electronic
communications networkâ
⢠âcookies that are strictly necessary for the provision of a
serviceâ e.g. internet banking, online shopping carts,
website log-ins
38. The ICOâs advice
2 sets of Guidance on www.ico.gov.uk
⢠âIt is not enough simply to continue to comply
with the2003 requirement to tell users about
cookies and allow them to opt out. The law has
changed and whatever solution an organisation
implements has to do more than comply with
the previous requirements in this area.â
⢠âBut, come 26 MayâŚ. when our 12 month
grace period ends, there will not be a wave of
knee-jerk formal enforcement actions taken
against those who are not yet compliant but
are trying to get there.â
39. How to comply with the new rules
Follow the ICOâs guidelines:
1. Check what type of cookies and similar technologies
you use and how you use them.
2. Assess how intrusive your use of cookies is.
3. Decide what solution to obtain consent will be best in
your circumstances.
40. In conclusion
⢠Issues surrounding implementation of regulation for email and mobile
marketing still a grey area.
⢠DMA Countdown to Cookie Compliance
â 10 Steps
â Guide for Email marketers
â Guide for Mobile marketers
⢠ICO guidance + will be issuing more in next 2 weeks
⢠ICC Guide on cookies issued this month
⢠Getting it wrong could result in adverse commercial impact â and
regulatory intervention?
⢠The rules of engagement online WILL change â how is up to you.
41.
42. Arenât we there already?
op¡por¡tu¡ni¡ty
noun, plural op¡por¡tu¡ni¡ties.
1. an appropriate or favorable time or occasion: Their meeting afforded an
opportunity to exchange views.
2. a situation or condition favorable for attainment of a goal.
3. a good position, chance, or
prospect, as for advancement or
success.
43. Media buying has changed.
Inventory booked far in advanced.
Post campaign optimisation.
Audience defined by placement.
Huge wastageâŚ
âŚand search took all the budgets.
44. The clearest display of intent?
Users displaying intent, in real-
time.
Highly targeted, precise
distribution system.
Only reach users who want to find
you brand.
Massive efficiency.
âŚand data became personal and
real-time.
45. Data is already at the heart of media buying.
Technology has changed the way we buy
media.
Data has changed the way we buy media.
47. Itâs the results that matterâŚ
The Value of data lies in the improvements in ROI it can
provide butâŚ
A lack of transparency & standards.
Removing the ânoiseâ is difficult.
Data is expensive and available to everybody
Insight sits with media buyers.
âŚraises the question of âhow much value does 3rd party
data bring to my business?â
49. Insight should be at the heart of your media buying.
Exclusivity of data is key.
Blend 1st party and 3rd party sources to see
your brands audience.
Look for people not cookies.
It is your audience.
51. But the opportunity for brands is significant
The Audience Management Platform
For the digital age
Social
campaigns
Facebook SEO
Social
Twitter campaigns
data
Youtube Spot cable
3rd TV buying
Intent data
Device data party Direct
Look-a-likes data marketing
Call center
systems
Attribution
modeling Brand Standards/
Data Security Governance
Source: Forrester Research, Inc.
52. The Red Aril platform provides a full solutionâŚ
Integrated Data Portfolio
Marketing Platforms
Website Data ⢠Ad Servers
⢠Inventory/Yield Optimizers
Mobile Data ⢠Content Management
⢠Site Personalization
Digital Data ⢠Creative Optimization
e.g. Email, Search ⢠Ad Networks/DSPs
Offline Data ⢠Mobile Networks
e.g. CRM, POS Analytic & Insight ⢠Ad Exchanges/SSPs
Social & Life Data ⢠Data warehouses
e.g. Registration, etc.
Data Monetization
3rd Party Data ⢠Data Exchange
⢠Private Exchanges
Sales Marketing
Ops
53. Inside the sausage factory
Client Application Interface Red Aril
Self-Service Full-Service
Audience Management
Data Analysis RealâTime Processing
Management Audience Development
Data
Data Rights
Audience Verification
Data Inventory
Closed-Loop Optimization Audience Optimization
Data Protection
Event Classification System Audience Extension
Browser API Batch Custom
Data Integration
1st, 2nd,
Data Online, Offline (CRM)
3rd â
Integration
54. The Red Aril architecture
User Interfaces, Systems, Platforms Media Execution
DATA DELIVERY LAYER
API Server-to-Server Browser Based
REPORTING & ANALYTICS AUDIENCE DISTRIBUTION &
Attribution Data Usage
DECISIONING ENGINE
DATA PROCESSING & AGGREGATION AUDIENCE & MEDIA MODELING
Data Cleansing Data Normalization Segmentation Qualification
INTELLIGENT DATA DISTRIBUTION LAYER
DATA RIGHTS MANAGEMENT
DATA INTEGRATION LAYER
Relational DB API / Native
Browser Based Server-to-Server Log Connector
Connectors Connectors
1st Party Data 3rd Party Data
Website Offline CRM Models Online Data Publisher Offline Data
Providers Data Providers
Search Email Ad Server
55. Functionality â Depth, Breadth, Analytics
ďź End-to-end solution: Data â Audience â Extension
ďź Complete data portfolio control â 1st, 2nd, 3rd party data â all together
ďź Real-time, user-level, audience modeling â predictive extensions
56. Get the right message to the right person
⢠Demographic Markers
⢠Psychographic Markers
⢠Media Exposures
⢠Search History
⢠Site Behavior
Audiences ⢠Social Graph
Context
⢠Competitors
⢠Brands
⢠Devices Content
⢠Channels
⢠Socio-economics ⢠Media
⢠Categories
⢠Semantics
⢠Lifespan
⢠User Generated