Perspective on the ICO Regulations and Privacy


So, I’ve done a few posts on the ICO regulations now, and I’m trying to stay on top of the developments in the area as it’s likely to have a big effect on the work the team and I do here at Coast Digital.
I heard an anecdote yesterday and realised just how over the top these regulations are when put in context with other industries, so thought I’d immortalise it in a blog post.

Firstly though, let’s just think about banks and credit card companies in particular. They have a duty to monitor activity on their customer’s accounts for protection, and indications of fraud and so on. This is a service I’m grateful for, but what happens when this ‘monitoring’ becomes a bit too closely linked with marketing? On with the anecdote!

A good friend and colleague James has just purchased a new mobile phone using a credit card. He was contacted by his credit card company directly a short while after the purchase, offering him their own brand mobile phone insurance package.

Let’s just break that down. As a consumer, James made a purchase online with his credit card. The credit card company collected information on the purchase. Not just the value of it, and where the money was to be transferred to, but the products in the basket as well*. They used information that they already had on James, like his name, and his email address and tailored an email marketing message to suit all of that information perfectly. James went on to say the messaging used was excellent, and enticed him to click through the credit card provider’s site to investigate.

A few points to make from me…

Firstly, kudos to the credit card company. This is an excellent example of automated marketing that has obviously worked very well in this case. Perfectly timed, tailored and relevant content delivered directly to James after a specific trigger (buying a phone).

Secondly, I ask how intrusive does the wider world think this is?

Privacy is a big deal these days. Google recently going through a huge change of their terms has had people up in arms about the level of data being collected by a service, and then having that data being passed through other Google products. The world cares about what big online players are doing, but does nobody mind what the banks do with personal data?

Thanks to ICO cookie regulations, as of May website owners are likely to have to gain a user’s permission to be able to even track them anonymously (no personal data collected) through the page of their website.

This is 2 completely different levels of data collection and usage. I just wonder why it is the banks are allowed to be massively intrusive (direct personal contact) with marketing messages based on information collected from personal behaviour online? Yet, as of May, as a website owner, I’m not even allowed to know what pages of my site a user is looking at unless I gain permission first, let alone go on to use that information for marketing purposes later.

You may well be thinking, “Surely the bank’s terms and conditions say they will use this information, and you agreed to those terms when you signed up, and you can write to the bank to opt out if you don’t like it”. I agree completely, and, this is essentially how the internet works now (pre-may). As a user I agree to the terms and conditions of a website when I use it, and legally I can opt out of any behavioural marketing by getting in touch with the site owner.

So I wonder why it is, that behavioural marketing (and in fact, even anonymous information gathering) for websites using cookies is under so much scrutiny, yet other industries seem be able to carry on regardless.

For me as an online marketer, this seems wholly unbalanced and that either the ICO regulations are in fact an over egged reaction to uneducated griping about online privacy, or that actually the FSA (or other governing body) needs to create some guidelines for these financial service providers and how they use personal information.

Should banks be allowed access to our personal behaviour information online for their own gains (rather than our own protection)? Why is it just cookies that are a hot topic at the moment for the EU, and not intrusive behavioural marketing in general? What are your thoughts?

*Disclaimer – This may all be coincidence. James could have bought a new phone, and coincidentally, the bank could have contacted him directly a few days afterwards with a very targeted message saying “if you’ve just bought a phone, why don’t you get our mobile phone insurance”, and these could have been completely separate events. I’m just putting 1 and 1 together…

More on this subject