When customer data is collected great care must be taken to ensure data protection law-friendly procedures and disclosures, but sometimes marketers do more than they need to.
Topic: Data privacy
Who: Zara UK
When: June 2001
Spanish fashion retailer Zara, which has seven outlets in the UK, opted to scrap thousands of customer records after failing to follow its own "opt-in" policy in an in-store questionnaire. Questions asked covered subjects such as the respondent’s opinions on clothing types and styles, but contrary to Zara’s own recently declared "opt-in" policy, respondents were given no opportunity to expressly "opt-in" to future marketing use being made of their responses. To minimise the embarrassment, Zara chose not to have respondents’ data on its database and has vowed to start again, this time with a clear "opt-in" box.
Why this matters:
Zara operates across 33 countries. In light of the inevitable variances between those countries’ data protection laws it may well have chosen, for a quiet legal life, to opt for the highest possible level of "permission marketing", namely explicit "opt-in." The fact remains, however, that in most countries the only context where "opt-in" is a blanket legal requirement is where "sensitive" personal data is being processed, such as information about a person’s racial origins, political or religious beliefs, physical or mental health. Indeed, in the UK it is not legally necessary even to give an opt-out opportunity in certain cases. These include situations where the uses which the data collector intends to make of the data are pretty obvious from the context in which the data is collected. It would also be important to ensure that no more data is being collected than is reasonably necessary for the company to fairly and legitimately go about its business.
In the Zara case, under UK law there would certainly have been no need to provide an opt-in opportunity, and if the only intended use of respondents’ clothing opinions was to facilitate better targeted marketing of Zara products, probably no need for an opt out either. This does not apply to Zara, but many UK businesses are, because of misunderstandings about data protection law, restricting themselves in the collection and use of personal data far more than they need to in order to be compliant.