The ICO Direct Marketing Code – Yes, it Applies to You!
by Grace Dillon on 29th Apr 2020 in News
Senior vice president of Merkle's Data Solution in EMEA, Nick McCarthy (pictured below) writes exclusively for ExchangeWire about why businesses should not hesitate to embrace the newest version of the ICO Direct Marketing Code.
Early March may feel like a different era, however in reality it was only just over a month ago that the ICO closed their consultation on its the draft of the revised Direct Marketing Code.
The timeline for implementation remains slightly unclear and could even shift back further given the numerous challenges presented by COVID-19. While it is a tricky time to make predictions, previous code revisions from the ICO would indicate the full code could be implemented and enforced within the next 18 months. That’s no bad thing because the code is actually something of a game changer for marketing departments and beyond.
There is however nothing to fear and certainly no need to panic. There’s still plenty of time for businesses to take action and the code is a good thing for a variety of reasons, some of which I’ll come to later.
First and foremost, the code offers practical guidance for anyone conducting direct marketing activities or operating within the broader direct marketing ecosystem. It’s worth noting that the ICO code applies only to the UK so anybody with markets in the European Union will need to study the details of other markets and devise their approaches accordingly.
Back in the UK, with any code of this kind, the devil is always in the detail. While the code should be applauded for its (mostly) clear and unambiguous language plus some useful case studies, one thing that every marketer needs to be aware of is how it defines what constitutes direct marketing:
“Direct marketing includes the promotion of aims and ideals as well as advertising goods or services. Any method of communication which is directed to particular individuals could constitute direct marketing. Direct marketing purposes include all processing activities that lead up to, enable or support the sending of direct marketing.”
Historically, this code was very focussed on the “traditional” direct marketing industry. The clarification of the definition means it covers a lot more.
There’s a danger that if you aren’t sending out printed material or running an outbound call centre as part of your marketing mix, you could assume the code doesn’t apply to you. Beware – the code covers all types of interaction your brand would have with a consumer - everything from paid marketing in social media to customer experience on your website. Therefore, unless your marketing and customer experience activities are generic, it is going to be applicable to you!
Enforcement measures will be equal to those of GDPR which means the code can be regarded as practical guidelines on implementing GDPR for companies conducting any type of personalised marketing.
I’d encourage everyone to familiarise themselves and get feedback from their privacy teams on the specific impacts to their business. One big clarification in the code that is definitely worth a detailed review are those that apply to when consent is the most appropriate legal grounds for processing. The code is more explicit about when specific and informed consent needs to be used for different marketing channels and marketing purposes (potentially including specific consent for analytical use). The implication of this for a brand is:
- You will need to consider which channels and marketing activities you have consent for and then whether you need to re-consent to continue your current activities (e.g. matching into social or digital channels like Google/Facebook or using data in analytics)
- The knock-on effect here is that there will be more “options” for consumers to consent to. More checkboxes may lead to less consent, meaning less permitted data for brands to use for CRM, customer experience and analytics.
- More checkboxes will also impact the complexity of what data can be used for decisioning, analytics, campaigning and customer experience. Ensuring you are managing consent with auditable records will need more thought and consideration.
- Where you have analytical models built using data collected from consumers, you may need to consider whether you have the right consents for the use of this data and if any third party data is also usable (see below)
The changes not only affect brands directly but also indirectly due to implications for the paid media and third-party data landscape.
In the paid media landscape, social and digital platforms will need to re-consider how all of the code changes will apply to them. There are industry discussions already ongoing in relation to the ICO’s ad tech and RTB review but the application of the specific guidance in the code will certainly provide some influential guidance. Publishers, digital and social platforms will also need to consider the consent requirements above and this will mean that prospect targeting and personalisation options (in even major media platforms) will decrease in the short term. Therefore, unprepared brands will expect lower ROI and less ability to measure performance.
Third Party data brokers in the UK will all need to review what datasets they can offer to the marketplace. Given the clear guidance throughout the code there is a much higher bar for the capture, use and combination of third-party datasets.
The net result is that marketers will ultimately have to accept that there will be much less third party data available for profiling, modelling and analytics and some of the data used right now and built into their own customer decisions and segmentations may well not be available when the code comes into force. Brands should plan for the need to rebuild their current modelling/segmentations if they contain any “seed” data or variables within them which may have come from a non-consented source such as third party or non-consented first party data.
When the final version of the code arrives, there may well be an initial shock as brands look to ensure they are compliant but the code remains a hugely positive step for consumers - ensuring choice and transparency. The ICO has provided guidance for brands on the application of GDPR that is reasonably clear but also consistent with their position on RTB and cookies.
Finally, it’s important to remember that the code remains in draft. At Merkle we will continue to advise our clients on the challenges and opportunities created by the new code. We’ll also be keeping our eyes firmly on other relevant developments such as those within the IAB’s GDPR’s Transparency and Consent Framework and how some of the principles in this code might be replicated across the EU.
Regardless of the final wording of the code, we already know that the legacy for brands will be a need to work harder than ever to explain the value exchange as to why consumers should provide consent to use their data in the first place and then work proactively to maintain their trust so that their data is kept consented and up to date. Simple in theory, more challenging in practice. But this is a challenge brands can meet and one that will usher in a new era of customer value and trust.
Brand SafetyDataGDPRRegulationUK
Follow ExchangeWire