UK data protection law suffering from 22 years of under enforcement, why should businesses bother complying? Actually there are plenty of reasons.
Why should UK digital marketers bother to comply with data protection legislation?
Stephen Groom
Head of marketing and privacy
Osborne Clarke London
Stephen.groom@osborneclarke.com
May 2006
This is a question increasingly being asked by even the most responsible and upstanding of interactive marketers who every day see their competitors ignoring data privacy laws and getting away with it.
To add insult to injury, a recent survey conducted across our European network of marketing law experts courtesy of the Osborne Clarke Alliance showed just how lax the data law enforcement regime is here in the UK compared with most other European states.
EU survey shows limp UK regime
When it comes to enforcing data privacy laws affecting email marketing (in the UK contained mostly in the Privacy and Electronic Communications (EC Directive) Regulations 2003), not a single email marketer has been brought before a UK court for breaking the opt-in/opt-out rules, let alone had to pay a fine. Compare this with Denmark and Spain for example where respectively 7 and 50 enforcement actions have been taken and in the worst cases £154,000 and £20,500 have been paid out in penalties.
Still best policy to comply?
So if it is still the best policy for UK digital marketers to comply (and it certainly is), why is this the case? Here are just some of the many reasons:
- customer/prospect databases collected non-compliantly are of doubtful value and could seriously compromise the value of the database owning business to a potential acquirer;
- as a recent UK civil case showed, non complaint digital marketers could be sued for damages by unhappy recipients if damage has been caused;
- even if the UK's enforcement authorities are hardly giving the appearance of actively policing the digital law of the land, the self regulatory Advertising Standards Authority ("ASA") is doing its bit for compliance. In a number of cases digital marketers have already been brought to book for breaching data privacy related rules in the CAP Code of Advertising, Sales Promotion and Direct Marketing. The ASA cannot impose fines, but having to defend your corner in the face of an ASA investigation can be a time and human resource-consuming business. This much we know from our work behind the scenes helping advertisers argue their cases. Also not attractive is the negative publicity that can follow a "complaint upheld" finding once the case report is published for all to see on the ASA website and even less welcome for repeat offenders will be a requirement to pre-check all future marketing copy with the ASA sister body the Committee of Advertising Practice;
- with joint or outsourced marketing activities, the chances are that non compliance with data protection laws will put the responsible company in breach of contract and liable to contract termination and/or damages awards;
- we have not said that data protection watchdog the Information Commissioner's Office ("ICO") is completely inactive and powerless and there are no guarantees that your company will not be singled out for enforcement action. The ICO is doing what it can to police data protection laws within the confines of its resources and the tortuous enforcement process with which it is currently saddled;
- and there is the small matter of keeping your customers and prospects happy and positive towards you, something that being transparent and compliant in your processing of their data can only help enhance!