Privacy: For whose eyes only?

With new UK and EU regulations on the way and services that throw wide brands’ customer information collecting and sharing practices, transparent data strategies are becoming a major differentiator in the pursuit of consumers

If you can’t trust Google’s app store, maybe you shouldn’t trust Google for anything,” screams Microsoft in its Scroogled campaign, in which it also accuses the search giant of trawling people’s emails for key words, enabling it to target them with associated advertising.

Microsoft’s latest attack, launched earlier this month, targets Google’s android operating system for giving app makers people’s personal details (see box). It states: ‘Your privacy is our priority’ and directs people to its own products such as search engine Bing. Microsoft claims that the campaign has been a success – 115,000 people in the US have signed a petition ‘to stop Google going through their Gmail’ and 3.5 million have visited

So is promising to keep personal information private becoming the new advantage for brands? Eighty-three per cent of consumers claim they are more likely to give their business to companies that they trust will use their information appropriately, according to research from GfK commissioned by Marketing Week.

Some brands, including Microsoft, internet browser Mozilla Firefox and BT, are considering this a golden opportunity – privacy as a differentiator might put them ahead of their competitors. But it is not only a desire to respond to public concerns that is prompting them into action.

The European Commission’s proposal for a General Data Protection Regulation, the most significant development in data protection law since the Data Protection Directive, is currently being thrashed out (see Q&A). Due to be passed in 2014, the legislation will both directly and indirectly affect brands, profoundly changing the way they gather, process and hold consumer data.

Meanwhile, the UK Government is on the verge of passing laws threatening compulsory regulation if companies do not release data to consumers – the latest step in the Midata scheme, which began in 2011.

BT has given consumers greater control over their cookie settings

Brands such as O2 and Tesco are getting involved. O2 is working on a ‘digital dashboard’ to show people not just their minutes and internet usage but also the location information for their smartphone and a list of the websites they visit, details of which the network operator keeps. Tesco is looking to launch Clubcard Challenge, which will give people data on their shopping habits based on its loyalty card data. A spokesperson confirms that a trial with consumers is under way.

William Heath, who is on the board of strategy for Midata, suggests that it is consumers themselves who are best in control of the information brands have on them.

“Various arms of government and industry sectors have felt that curating individuals’ personal data is their rightful task – an attractive idea when you see the valuations that have accrued for companies that have done well out of data, such as Google and Facebook – but you don’t have to reflect on this for long to realise that the curation of an individual’s data is best done by the individual.”

Consumer attitudes towards data privacy are changing. Trust in brands that hold personal data has been eroded thanks to numerous high-profile data breaches. Sony, for example, was fined £250,000 by the Information Commissioner’s Office (ICO) in January for a data breach on its PlayStation network in 2011 which compromised the personal information of millions of customers including their payment card details and dates of birth.

Added to this are the raft of companies springing up, offering to show consumers what personal data brands hold about them and how they are using it, such as MyPermissions (see Viewpoint).

GfK’s research, which surveyed 1,000 nationally representative internet users, finds that 88 per cent of consumers believe it is important to understand how the information they have given to a brand about themselves is used by that company and shared with other companies. As many as 85 per cent of consumers believe that it is important to understand why companies need the information.

“There is confusion over what companies actually collect and how they use this data both internally and to improve their site experience,” explains Colin Strong, managing director of technology at GfK UK. “People feel that they don’t have much control over how companies use their data and consider they are more likely to buy from companies that they trust to use their data appropriately.”

He adds that people are keen for companies to be clear about what data they have about them.

“We’ve long been used to a value trade. Consumers are giving value in the form of their personal data, in order to access services. It’s the lack of transparency about what then happens to the data which is starting to make people feel a little more cautious about the nature of the trade.”

Government and industry sectors have felt that curating personal data is their rightful task

Strong predicts a race to capture the high ground when it comes to privacy. “We’re going to come to a tipping point where brands will say: ‘We can see this on the horizon, we need to be able to put our marker in the sand’. As ever, being the first mover in the market isn’t necessarily everything but in something like this, it could start being accompanied by strong consumer sentiment.

“That increasing twitchiness consumers are displaying over privacy and personal data issues might start translating into where they spend their money.”

BT, for example, has given consumers greater control over their privacy settings. Since March 2012, it has offered users a choice about which cookies to accept when they access, rather than choosing to accept all cookies, as most sites do. Based on the International Chamber of Commerce guide for cookie categories, consumers can choose from ‘strictly necessary’, ‘performance’, ‘functionality’, and ‘targeting’.

“The approach we have taken provides users with easy-to-understand, upfront information about cookies, the different types and what they do, so that they can make an informed choice,” explains a BT spokesman. “When someone visits, they see a pop-up box, giving them the option to change their own settings. They can clearly see that they are able to make a choice about the different types of cookies and the effects of having or not having them.

“We’ve been pleased with how people are responding to the approach and it doesn’t seem to deter them from continuing their visit to the site. So far, we can see that customers are generally choosing to keep the cookies that we use to provide the best experience on our web pages.”

Likewise, Mozilla Firefox has adopted a proactive approach to privacy. In a blog post, general counsel Harvey Anderson says: “We all have to continue our efforts – both big and small – to create a more trustworthy environment of online products that seamlessly integrate ease of use, transparency and user choice.”

Draft EU data protection regulations make profound changes to data marketing

The company has offered consumers ‘do not track’ capabilities since 2011, via a tick box in its privacy settings, as well as private browsing so that people can use the internet without the web browser saving information on sites and pages they have visited. The company has plans to take this one step further with a trial to block third-party cookies by default, unless they are from a site the user has previously visited.

“As with all our new Firefox features, there will be months of evaluating input from our users and the community before the new policy enters our general release version of Firefox,” explains Brendan Eich, chief technology officer. “This will stay in our testing builds until we are satisfied with the user experience.”

He adds: “Mozilla is not the first to propose this feature in a web browser. For years, Apple’s Safari browser has accepted cookies only from the websites users visit, which is the exact feature Mozilla is now testing. Firefox users will always have the option of enabling third-party cookies if they prefer that experience.”

Yet more brands are releasing the data they hold on consumers back to them in order to enhance the user experience, increase transparency and gain consumer trust. “The argument of those pushing for greater transparency and openness is that it reflects well on the brand, gives greater satisfaction and encourages more loyalty. I think that if you get that right, it could be a real source of differentiation,” says GfK’s Strong.

Tom Ilube, managing director of consumer markets at Callcredit, which runs consumer-facing brand Noddle, a credit-checking service, agrees that brands releasing data to consumers could be a smart move.

“You might be willing to give company X more of your information because you feel it’s a more level relationship and it is treating you as a partner and a peer, whereas company Y seems like it is up to something – it doesn’t want you to know what it knows.”

GfK’s Strong warns that those businesses which do not let people know what data they hold on them may lose customers.

“Those companies risk having their customers using their Midata rights to transfer data to others which are adding more value. By being open, a company is likely to be welcomed further into the customer’s life. If not, it could effectively be pushed into the background and be treated firmly as an arm’s-length supplier.”

Although the ICO says it does not want to be too heavy handed about data use and privacy, it is clear that every brand will need a strategy for dealing with the issue. “Companies need to keep the expectations of the consumer first and foremost in their mind and develop a system that will work for their customers. The ICO is not in favour of a system that is too prescriptive. We are quite open to innovative approaches in that respect,” says Hannah McCausland, senior international policy officer.

The future is still uncertain and there is no real clarity as to how consumer attitudes will develop and what the final version of the new regulation will demand. But there is an increasing awareness of privacy that is causing people to question companies’ use of data. Brands will be at the frontline of this change and will need to know the answers.

Data regulations


By Michael Barnett

Consumer data has recently come under more scrutiny by the UK and EU parliaments than any other area of marketing. The UK Government is on the verge of passing laws threatening compulsory regulation if companies do not release personal data to consumers who request it – the latest step in the Midata scheme.

Unhappy with the slow progress companies were making voluntarily, the Department for Business, Innovation and Skills (BIS) has given itself powers to compel mobile phone operators, energy companies and banks to hand over data when customers ask for it, or when they permit third parties such as mobile apps and comparison services to do so.

This means that businesses in these sectors will need to give people comprehensive records of their transactions, which could enable them to demand more personalised services or switch to better tariffs.

Personal data store service Mydex is a third-party provider looking to help consumers use their information for their own benefit. Chairman William Heath, who also sits on BIS’s strategy board for Midata, argues that the new rules will restore consumer trust, allowing companies to offer more innovative services built around individuals’ data.

As part of Midata, businesses primarily in the energy, finance and telecommunications sectors have partnered with BIS in a bid to improve transparency and allow consumers to take advantage of the growing number of applications that can process their data, in order to choose products that better suit their lifestyle.

EU General Data Protection Regulation

At the same time, even more profound changes to data marketing are being discussed by the European parliament.

The Data Protection Regulation, designed to apply universally across EU countries, is likely to be passed in 2014 with enforcement starting two years later. Proposals include:

A requirement for organisations to get explicit consumer consent before processing any personal data, which needs to be given by “a clear affirmative action”.

A right for consumers to withdraw that consent and to object to any processing.

A requirement for organisations to correct or delete any personal information at the individual’s request.

Tom Ilube, managing director of consumer markets at Callcredit, says that regulation is forcing companies to think seriously about how they handle consumer data: “This issue, which wasn’t previously being discussed around the executive table, suddenly gets an agenda item because somebody has asked: ‘What are we doing?’ It drives some level of innovation, because it raises the level of the conversation.”