Is Your Data Growth Fuel Or a Time Bomb?

Growth relies on marketing – and marketing runs on data. There’s more data available on our customers than ever before. But it has to be collected, analysed, stored, and used correctly we need to be aware of the moral and ethical dimensions – and it’s urgent: almost half of marketers think their organization isn’t handling data right. New EU rules mean the definition of ‘right’ is going to get tighter and more rigidly enforced, and that’s the direction industry best practice is moving anyway.

As the regulatory environment gets tighter and customers’ expectations rise we have to balance the power data offers us to grow and offer customers value, with the risks posed by legal frameworks, ethical dilemmas and technical challenges.

Can we know too much about our customers? What happens when data accumulation and analysis goes awry? And what’s the alternative to an ever-deeper analysis of an ever-wider data pool?

Consumer Data Collection

Any consideration of data has to start with collection, because that’s where data starts. Before privacy activists object to storage or use, they point to data that’s collected without their consent or even their knowledge. There are ethical issues in play here, as well as regulations that don’t always perfectly reflect what appears to be ethical common sense, and there’s the matter of your customers’ feelings, and consequently your reputation, to consider too.

The Ethics of Data Collection

Here’s how you blow it ethically: do something people haven’t said they’re OK with you doing. In the past most companies have interpreted this to mean that anyone who’s clicked ‘I agree’ is fair game. But just like no-spam promises evolved to become clearer and moved to front and center as a value proposition in themselves, so data collection practices can be made ‘positively ethical.’

Ethical problems fall under three main headings:


Not telling people you’re collecting their data? It’s surprisingly easy to do this: You can collect data from website visits, for instance, without your customers knowing. But it’s a serious ethical minefield.

Privacy Violation

It’s one thing to record when someone visits your website -but it’s another thing altogether to track them across multiple online acts. Yes, it lets you build up a picture of their preferences, one that can be used to market to them more effectively. But at what point does that become ‘surveillance,’ asks security expert Bruce Schneier?

Breaches of Confidentiality

Companies regularly share customer information with subsidiaries, associate companies, and affiliates. The usual method of acquiring consent rests on ‘negative consent’ – customers have to opt out if they don’t want their data shared. But with the amount of data that’s available now, that might now be a strong enough ethical safeguard – and with the incoming Internet of Things set to make modern data collection techniques look as antiquated as harassing people with a clipboard, we have an ethical duty to take confidentiality more seriously.

Case Study: ‘Negative Consent’ and the Samsung Scandal

What happens when you ignore all of this in a quest to get more data? Ask Samsung. Earlier this year, the company – which had previously denied the allegations – was forced to confess: Samsung smart TVs are effectively spying on their viewers, recording voice data and transmitting it (unencrypted!) to Samsung. This is negative consent taken to extremes: Samsung argued that a clause buried deep in the privacy agreement meant customers had agreed to this in advance. The voice data wasn’t filtered prior to being transmitted either, meaning entire conversations were being recorded and transmitted. The scandal emerged during a 7-quarter dive in profits for the company, so it’s hard to pinpoint how much damage the breach of trust did to the bottom line: let’s go out on a limb, though, and say it probably didn’t help.

Is There a Better Way?

There is. You may have noticed that when you sign up for a lot of websites, especially for SaaS or techy companies, they’ll have simple, readable privacy policies. Yards of legalese which you agree to without reading (only to find that, in the words of Yakoff Smirnoff, TV watch you) has become a few simple statements, like ‘we’ll never sell or give your data away without your consent.’ Surprise, surprise: people trust plain, definite statements instinctively. Want your customers’ trust? Earn it, starting there. Only collect data with express, positive consent. Here’s the smart bit: since the baseline expectation is negative consent, positive consent represents value. Value which can be exchanged for data, from customers who actually want you to have it.

Data Analysis

Collecting data is just the beginning. Without analysis, that data is useless. And as data collection becomes easier and more comprehensive, attention shifts to data analysis as the shortest route to improving outcomes and adding value. If everyone has the same data, but you’re better at analysing it, your decisions will be better because better conclusions will support them, and your results will be better too.

Algorithms and Error

From simple analytics like figuring out that someone who subscribes to a fashion magazine is interested in fashion, we’ve moved ahead to using complex algorithms to calculate propensity scores and seek to predict customer behavior in order to influence purchase decisions preemptively and more comprehensively. The result is often a win-win for marketers and consumers. Marketers get better open rates, click through rates and better leds to hand on to sales. Consumers get shown ads or sent emails that offer products or services they’re actually interested in. But there’s an ethical gray area here. Can data analysis put two and two together and tell us something new about our customers – something they might not have wanted us to know? We need to guard against the risk of creating sensitive data from the analysis of non-sensitive data. So companies have to consider the impact of that on customers, the company, affiliates and shareholders. (It’s also not good business to come across as creepy!)

New EU Rules: Simpler, Tighter

Remember when we mentioned that regulatory environments can change from country to country? Well, they’re about to change across the whole EU soon. The European Commission has released its draft of the European Data Protection Regulation, the replacement for the Data Protection Directive. It’s intended to make privacy laws the same across the EU, and when it comes into force it will supercede the Data Protection Act where there are disagreements. The new legislation will impose these five requirements:

– More than 250 employees? You must have a specific data protection officer.

– Refresh your data asset register to clearly show which data is held where and by whom.

– Rewrite your privacy policies so that they’re in plain English.

– Processes and procedures for handling data deletion and subject requests.

– Technical and procedural overhauling in the light of a new fines schedule that could see you fined between €250,000 and €1m or more.

Case Study: The Target Pregnancy Test

Bill Shmarzo, Chief Technology Officer for EMC Global Services, says, ‘the [news] stories always seem to have occurred first and then [companies] figure out how to act.’ Like when Target figured out a woman was pregnant from her browsing and purchase behavior and emailed her to congratulate her. That one made headlines for all the wrong reasons: Target assembled data from its own collections, demographics and bought information and used that to figure out that the young woman was pregnant. She hadn’t told the company – and when coupons for baby toys arrived at her parents’ home it turned out she hadn’t told her dad either. That’s sensitive data being created out of non-sensitive data like unscented lotion and cotton wool purchasing.

Obviously, the less things like that happen the better. Yet, EU law may now swing the other way. One of the provisions of the new rules includes ‘one-touch’ data permissions. You can use a customer’s data only for the purposes they specified. If you find an ancillary purpose for it, you have to get their permission again. Sounds like the death knell for businesses like email marketing that rely on mining customer data for prospecting, sales, post-purchase and upselling emails and – well, everything we do, really.

So What’s The Solution?

In many ways the best solutions are the simplest. We’ve all heard the story that the Americans spend $100m developing a pen that would write in space, while the Russians just used pencils. It happens to be a myth, but the point behind it remains valid: tactical solutions using the tools that are already to hand are always preferable, provided that they actually work.

Take Econsultancy’s analysis of Gap’s email marketing. Christopher Ratcliff was getting emails showcasing maternity wear, or bearing subject lines like ‘You. This Dress. Perfection.’ Maybe that dress would look great on Christopher, but in the main, we’re looking at a serious lack of basic segmentation here. The simplest way to optimise your email marketing without falling foul of the new EU rules is to build rock-solid fundamentals. And it’s one that doesn’t require new tools or technologies.

We can see a similar lesson in’s analysis of its clients’ open rates. Open rate falls of 20% or 40% – catastrophic declines – weren’t due to an inaccurate mining of big data or a faulty algorithm. Instead, the sender authentication was getting screwed up and the lists were decayed. That’s something you can fix with a word to your tech team and regular retargeting or retention emails to inactive contacts. New EU rules that require super-strict data compliance don’t have to stymie email marketing: they may just be keeping us from heading down the blind alley of big data, where we’ll find one Target-style ethical and business reputation catastrophe for every insight into customer behavior. The solutions we’ve been preaching throughout this piece – transparency, positive consent – can give you the tools to build, maintain and exploit a great list even in a stricter regulatory environment than most of us ever saw coming.


Ramping up data acquisition efforts might just be the wrong answer. Many email marketers actually already have way more data than they need to do killer segmentation and offer their customers personalized messages that convey real value. And data analysis can produce diminishing returns – as well as Target-style glitches and regulatory vulnerabilities. To ace data use for email marketing and drive growth, nail the basics, get affirmative consent for everything and go out of your way to treat your prospects, customers and leads respectfully. It will keep you ethical, keep you on the right side of the law, massively improve the quality of your data and by talking to your targets in a respectful manner you’re delivering value right from the start.