The ASA has ruled against a mechanism for capturing customer data. But Stephen Groom suggests the verdict is fundamentally flawed in at least three ways and is concerned that the only UK regulatory body with any apparent appetite for enforcing so called “opt in/opt out” rules may have lost the plot.
Topic: Email Marketing
Who: Freemans plc t/a Kaleidoscope Ltd
Where: Advertising Standards Authority
When: January 2009
Law stated as at: 28 February 2009
The Advertising Standards Authority ("ASA") considered a number of complaints in respect of a national press ad for a "marquise ring" inviting mail orders.
One complaint was the ASA's own challenge as to whether the "data protection information" in the ad complied with the CAP Code.
The "data protection information" was towards the end of a considerable amount of small print at the bottom of the order form contained in the ad.
The information read as follows:
"By ordering from us, you are consenting to us sharing your information with other organisations and to us or them contacting you for marketing purposes by mail, telephone, email or otherwise. If you do not wish to be contacted by us by telephone for marketing purposes please tick this box [ ]. If you do not wish to be contacted by other organisations for marketing purposes, please tick this box [ ]."
In their defence, Kaleidoscope said their data protection statement was drafted by solicitors and they believed it complied with the Data Protection Act 1998.
The ASA was not persuaded by this.
It alluded to clauses 43.4 c and 43.5 of the CAP Code and "reminded Kaleidoscope that the explicit consent of consumers was required before disclosing their details to third parties for direct marketing purposes."
The ASA went on to find that:
"Because the small print stated that by responding to the ring promotion, consumers were consenting to Kaleidoscope sharing their information with other organisations who might contact them for direct marketing purposes, we concluded that the ad breached the Code."
Accordingly the complaint on this count was upheld.
Why this matters:
On the face of it this decision seems inconsistent with a decision taken by the ASA only weeks before, as reported on marketinglaw.
This was the decision in a case concerning a magazine insert promoting Craftmatic adjustable beds. Requesting email addresses from prize draw entrants who filled in a questionnaire, text at the end of the questionnaire stated:
"Please give us your name, address and phone number so that we may contact you by phone, post or email with information about our products. [ ] Tick the box if you do not want your name and address to be disclosed to companies who may contact you about products that may be of interest to you.(Your email will never be provided to any other company, for any purpose)."
The decision here was that the CAP Code had been complied with.
The ASA felt that if respondents supplied their email address after reading the first sentence, then they were clearly giving explicit consent to being contacted by email.
There was no reference in the adjudication to sharing data with third parties, so presumably the ASA was quite happy with this aspect. This is odd as the treatment of this is very similar to the treatment in the Kaleidoscope case, viz:
If you do not wish to be contacted by other organisations for marketing purposes, please tick this box [ ].
[ ] Tick the box if you do not want your name and address to be disclosed to companies who may contact you about products that may be of interest to you.
So why was the Kaleidoscope wording a breach of the Code when the Craftmatic wording was not?
Admittedly the Kaleidoscope wording appears to have been in small print towards the end of the ad in question, but the Craftmatic wording seems to have featured with similar lack of prominence, after prize promotion rules and a questionnaire.
So it remains unclear why the verdicts differed, and this lack of clarity may not be unrelated to what the writer believes to be three fundamental flaws in the Kaleidoscope decision.
The ASA verdict states that CAP Code 43.4 c was breached.
43.4.c requires prior explicit consent before sending email marketing communications, but in this case no marketing email has been sent yet. We are only at the point where the email address is being acquired.
By all means investigate the adequacy of data acquisition wording after an email has been subsequently sent and a recipient has complained, but to adjudicate on whether a marketing communication has been sent in compliance with the code before the communication has actually been sent seems premature to say the least and arguably ultra vires.
The ASA verdict states that CAP Code 43.5 was breached.
43.5 requires that if after collection it is decided to use personal information for a purpose significantly different from that originally communicated, marketers should first get explicit consent.
How does this apply here? We are at the point of first collection of data, not after it, and so there is no question of existing data being used for different purposes. Very strange.
The "complaint upheld" finding in respect of the "data protection information" was the right finding but on the wrong part of the "information" and for the wrong reasons.
This is assuming of course, which has to be a dubious assumption, that it is intra vires for the ASA to apply CAP clause 43.4.c (dealing with how captured personal data can be used) to a case where the data has not yet been acquired, let alone used.
The clear breach of the CAP Code that we say did in fact take place related to use of the respondent's email address for future marketing by the advertiser.
The area of non compliance was the so called "customer soft opt-in" exception to the normal need for prior consent before unsolicited marketing emails can be sent.
The Kaleidoscope press ad was a typical "customer soft opt in" scenario, where the consumer's data is being captured in course of "negotiations for a sale." In such cases the law and the CAP Code make it clear that acquired emails can be used for future unsolicited email marketing promoting "similar" products of the advertiser.
This is provided, however, that at the point of acquisition the respondent is told that they can opt out of receiving such emails and given a simple means of doing so.
This is where the Kaleidoscope wording falls down. From the transcript of the "data protection information" in the ad, no such information or opportunity seems to be provided as regards email. So the treatment from the point of view of future marketing emails is incorrect and means the advertiser will not be able to use captured email addresses for these purposes without breaking the law and the CAP Code.
Here appears to be the area of principal difficulty, yet no reference is made to this in the ASA case report.
Who watches the watchmen?
So we are concerned that the ASA is getting into something of a knot over "data protection" disclosures and opt in/opt out.
This is all the more concerning because, although ICO has given guidance in these areas, it has so far shown little or no appetite for taking enforcement action against transgressors. This leaves just one body in the UK actively watching for breaches of the rules here and enforcing them. But who, as they say, watches the watchmen to ensure that marketers and consumers alike do not become confused?