At the a4uExpo in Barcelona affilinet presented its view on the big data topic as well as the implications of the regulatory developments in this field for the online marketing and eCommerce industry. Key take away for any player in our industry clearly are: Put your customer at the centre of your activities! ALWAYS! This paradigm explicitly applies to any actions undertaken in the realm of Big Data. Big Data for us is any endeavor that starts with the collection of a range of data and ends with its interpretation and subsequent implementation of benefits for the customer. Big Data itself is here to stay and will bring our industry unprecedented options and choice.
Graph 1 – Reasons for Big Data growth
Around 15 years after the performance marketing segment was born, the advent of Big Data finally brought our industry on the radar screen of the regulators. In itself this isn’t necessarily surprising. If we look at the derivative trading industry for inspiration, we can see the same pattern. 15 years after their inception we saw strong regulation and governmental efforts bearing down on that particular innovative banking segment. The same course of events is now playing out again for our industry.
Although a natural process, the regulatory efforts to curb the excessive gathering and usage of data is a challenge we will have to take head-on. This is not the time to drag our feet. The reason for government bodies to react was the laissez-faire attitude of all of us towards datain the eye of the customer . But as we are all sitting in the same boat, the solution can only be rowing together through this thunderstorm.
The reaction of the regulator and also independent industry bodies are the following:
– The EU Privacy Directive
– The EU Data Protection Regulation
– And the W3C Do Not Track (DNT) Initiative
All 3 are actually working hand-in-hand and more closely linked than they appear to be at first sight: The EU Privacy Directive is a direct result of us tracking customers on their journey through the web. As long as this tracking was un-intrusive the customer reaction was ignorance at best, but we all missed one important point when we improved the tracking and made it more accurate it evolved to becoming something similar to a “personal” footprint. As soon as this happened it wasn’t a Privacy discussion any longer, but started to become a Data Protection issue.
For our non-EU friends a little side note: in the EU anything that concerns something that can be interpreted as remotely “personal data” falls under the local Data Protection legislation. Or, in the future potentially under the new EU Data Protection Regulation.
As soon as government realized that the advanced innovation in online Big Data business models were not a local issue but an international one, they started the regulatory process on an EU level on the Data Protection front too.
Graph 2 – EU initiatives and W3C
The difference between a directive and a regulation at the EU level is that the former needs local laws to be implemented, while the latter does not. Let’s focus here on the Privacy Directive and its implementation in the UK and the Netherlands (NL)
The Privacy directive and its first local implementations:
After the final adjustments to the 2002 EU Privacy Directive in 2009 local governments were given 2 years to implement the structure in local legislation. Before May 2011 nothing had happened from a EU perspective regarding local initiatives. With an ever more impatient EU in the background, the UK and NL finally took a stance and implemented a local recital , which came into effect in May 2012.
Graph 3 – Differences between UK and NL implementation of the Privacy Directive
The NL law goes a few steps further than its UK counterpart. The UK regulators were focused on on a practical more open interpretation, whereas the Dutch followed a more prescriptive approach. The key differences are the following:
– While the UK regulator took a practical stance and is pushing for a concept of implied informed consent and clearly favors education over brute force, the Dutch government took a very normative approach. In NL consent is expected to be gained before any cookie is dropped, which is technically challenging concept per se.
– But the most striking difference is the potential broadening of the term “personal” to any online identifier including anonymous cookies. As stated above, this broad definition is triggering a secondary local regulation: the Dutch Data Protection Law. This in turn requires a whole set of legally required actions (see chart above) that are now potentially required from anyone who is tracking customers on the internet.
Looking at the key points we, as an industry need to address now to be compliant with local Privacy laws, the following are key:
1. Education: Clear and Comprehensive Information on the publisher and advertiser sites
2. Control: Obtain Consent from your customers (publishers as well as advertisers)
3. Market Shaping: Be Proactive and follow the developments on the Privacy topic
In the UK we already see a couple of best practice examples in the online world that could be used as blue prints for becoming compliant or proactively educating customers not only in the UK and NL but in other EU countries too.
The implementation of the directive from vouchercode.co.uk has been seen as a positive example for a smart and technically lightweight approach to the topic:
Graph 4 – Best Practice Voucher Code
The implementation is relying on a pop-up layer which vanishes after a certain time and a fixed persistent header item on the top of the page. Both are clearly visible, straight forward and also easy to implement. The elements and the Cookie explanation page that appears if you click on “click here” are in plain English, straight forward and very easy to understand. Thus covering the gist of what the regulator wanted to achieve when he was thinking about market education.
A more advanced implementation and very close to the practical suggestions of the regulator itself comes from British Telecom. BT is generally following the vouchercode example on the initial homepage itself, but offers a more active choice in the pop up overlay where you have to explicitly accept. If you click on “change your settings” the following pop up offers not only a detailed cookie hierarchy and simple explanations, but also an innovative slider technology that makes it easy for the customer to switch on and off certain sets of cookies. The smart bundling of BT regarding the cookies is not only compliant to the regulators suggestions, but also easy to grasp for the customer.
Graph 5 – Best Practice British Telecom
However for the time being, we see both implementations as possible solutions. As the UK regulator wants to work with the market and not against it, he expects us to deliver and continuously improve best practice examples as the ones discussed here.
In case of questions regarding the implementation and a continuous updates on our discussions with the EU, International and local regulators, visit our blog: www.affilinet-inside.de. If you have further questions please don’t hesitate to contact me (email@example.com) or alternatively Paul Brown regarding the UK (firstname.lastname@example.org).
To download the full presentation on Big Data and Privacy – The end of the Wild West of Data, please see here.