You are here

Data protection - The route to hell is paved with good intentions

The route to hell is paved with good intentions. This phrase could have been written for the discussions that are currently going on throughout the corridors of power in Brussels, as those of us working in the marketing industry anxiously await the final details of the imminent EU data protection regulation.

The policy-makers may well have the best of intentions with an ambition to create a world in which people are protected from spam email, cold calls and junk mail. But will any changes, whether in the form of legislation or directive, have the desired effect in improving protection EU citizens? I suggest not.

The problem we have today isn’t necessarily the data protection laws (this is certainly true of the UK), but those who blatantly disregard them. So, by imposing new regulation all that is likely to happen is those responsible and compliant organisations that are already operating on the right side of the law will continue to do so. However, unscrupulous individuals and organisations (such those trading junk data online) that do not respect or adhere to the current system will continue to flaunt the rules. Especially when you take in to account that many of culprits (particularly in relation to spam email) are based in non EU countries and as such fall outside its jurisdiction.

If we look at some of the proposed regulation and for a moment assume that they are implemented at their most extreme (by which I mean legislation rather than directive and opt-in rolled out across every communication channel), then there is real cause for concern. In fact, it would create an untenable situation. To offer an example, company X wishes to pitch its services to company Y. However, despite having large offices in London and 500 staff, company Y is a partnership, so theoretically company X would not be able to engage with it, unless the company was already opted-in. This is because in the eyes of the Privacy and Electronic Communications Regulations (the UK implementation of the EU e-Privacy Directive), sole traders and partnerships are classified as individuals and not entities, so you would be committing an offence by picking up the phone, pressing send or posting a letter.  That is madness!

Many marketers and data providers within the EU (and professionals outside) have become exceptional at ‘knowing’ their customers, engaging with them via the channels they prefer with relevant and timely content. And, whilst I do of course respect the privacy and identity of every person, speaking as a consumer, I would prefer this than see an unwelcome return to environmentally unfriendly; high-volume non-targeted anonymised door drops.

Taking a pragmatic look at how the situation will most likely play out, I think (and indeed very much hope) we will not be facing legislative change by the end of this year.  I honestly cannot conceive how it would be possible to manage EU-wide, as individual nation states want to retain control over how tightly the rules are enforced and the right to impose their own penalties. Furthermore, I strongly suspect that postal will not be affected, although I can envisage telephone marketing moving to opt-in.

However, until the regulation is confirmed organisations continue to plan for the worst and hope for the best. Many that I have spoken with are already working hard on preventative measures, to try and ensure that as many of their current and crucially lapsed customers are opted-in. This is time-consuming, costly and distracting for businesses that have had a torrid time as a result of the economy and should be now surging forward in their marketing efforts, rather than dotting I’s and crossing t’s.

So, if anyone from Brussels is reading this, I would strongly urge you to change focus and instead of reform that will only hurt the good guys, investigate better ways at stopping the bad guys. I genuinely fear for those marketers who will at some stage undoubtedly make an honest mistake and will be made an example of with stiff financial penalties. I worry that ‘opt-in everything’ will significantly reduce the volume of useful and well managed data that can be both utilised and ultimately monetised. And, I am also concerned for the smaller data providers who risk losing business as risk averse brands default towards the larger data providers for a perceived level of risk mitigation. 

Finally, I fear that that far from improving circumstances for EU citizens, it is they who will face the brunt of the new regulation.