What Happens When Digital Marketing Ignores New Privacy Laws
Technically, I was in the middle of a soundstage in downtown Manhattan, directing a commercial. In actuality, I was groveling for favors. The burly gent over my shoulder, shaking his head no, was a Teamster. This was years ago – my first union gig with the Local 817. We were way behind. Teamsters have a lot of rules, many of which I didn’t understand. I wasn’t in control. They were.
If you don’t know the rules, you’re gonna pay. The same is true for the new privacy laws coming down the pipe. Because if you don’t follow them, you’re gonna pay.
Change is Coming
The new European Union law called the General Data Protection Regulation (GDPR) protects their citizens from marketers who obtain private information, like email addresses, without permission. This applies to all existing email lists, too. And these penalties are stiff. Maximum fines are up to $24 million (U.S.) or 4 percent of the company’s annual income, whichever is greater.
Who is Vulnerable?
So how did you come by your list of customers? Did you buy it from a third party? Build it through a retargeting campaign? Scrape it from the internet, beacons or some geofenced service? After this law takes effect, if you use customer lists to target people, you need to be able to prove in court the person opted into seeing your ad before you sent it.
Hold on! Your company does business in the United States, so you’re off the hook… right? Good luck with that thinking. The protections extend to Europeans abroad. If one of their citizens didn’t opt-in and you’re using their personal data, you might soon be out of business.
But it’s a little fuzzy on who ultimately bears responsibility – the publisher or the person using the data, like an agency or internal team. The GDPR defines the responsible party as the “data controllers,” so consult your attorney on that one. But here’s a clue: Many of the large agency groups are furiously revising deals with subcontractors to pass the responsibility to them.
A Cautionary Tale
The Canadian Anti-Spam Law (CASL) went into effect in 2014. It requires businesses (based in Canada or not) to get consent before sending electronic marketing messages to Canadians. The following year the company Compu-Finder was fined $1.1 million (CAD) for violating CASL.
On May 25, 2018, the GDPR becomes enforceable. Article 13 prohibits the use of email addresses for marketing purposes without the recipient giving prior consent. Anyone who receives an unsolicited email can file a complaint. It then falls on the marketer to prove they had been given permission before serving the ad.
If you’re giving away coupons for free ice cream cones, you might be able to get away with it. If you’re Evil Corp or somewhere in between, you’d better start getting your house in order. Now.
Oh, and the Teamsters? They’re wonderful people to work with – professional, and they work hard. As long as they get their 15-minute breaks on time and you don’t try to push back lunch – meal penalty or not.
Mike Johnston is a production executive and advertising creative in Seattle. He is available for freelance consulting, writing and directing. Contact Mike.
Wanna know more about about Facebook advertising? Read all about it.