The milestone has just passed for the implementation of GDPR, and many of you might have sighed in relief in May, when looking at the compliance checklist for the treatment of personal data. However, not even a month had passed since the official implementation deadline, and there were already news that made us think of GDPR again. The implementation of data protection was a first step, but both industry and regulators now have to look at the interpretation in real life/ real business. What will personal data regulation mean in our day to day business?
British Telecom was fined by the Information Commissioner Office (ICO) for breaching the UK’s Privacy and Electronic Communications law at the end of June. The GBP 77,000 fine is modest for BT, and the news might have been dismissed easily.
However, look at the details and we can find an example of the interpretation challenges that will await GDPR and Data Privacy laws in Europe. BT sent 5 million emails to its customers in 2016 supporting charity initiatives, including ‘Stand Up to Cancer’. This led one person complaining to the ICO. BT sees these email as an extension of its service, where social and community campaigns are an element of the brand and product.
Therefore, the telco says that the messages should be treated as ‘service messages’, a fulfilment of the value promise to its customers and not as a marketing message. However, the ICO defined these as ‘nuisance’ messages, even if it also pointed out that these were not a marketing activity with financial benefit. For ICO these were marketing message in nature, despite that this was not a deliberate contravention of regulations.
Join MEF’s work on Personal Data Guidelines
We should look back at the compliance check-lists, the understanding of communication channels, the processes and message types; the personal privacy debate is moving to a next level of details.
The mobile ecosystem has a chance to discuss and create a set of guidelines that can help the industry to navigate this process safely, protect business’s future as well as the rights and trust of our customers.
This is an area where MEF has been very active in the last years, and it needs the full cross industry support to develop. Help us to create meaningful industry guidelines in the Trust in Data Workgroup.