“Hi, you haven’t finished watching Jeffrey Epstein: Filthy Rich”, said an email my husband received last week.
It annoyed him. Feeling like his behaviour was being monitored, he promptly clicked the unsubscribe button. Not only that, he went through all of his streaming services’ emails and dumped them too! (Perhaps a petulant ‘lockdown’ moment!)
He knows his TV habits are analysed and is happy to be given recommendations based on what we’ve watched in the past. They’re actually often a pretty good prediction of our tastes. But a personalised email, out of the blue? For him, it felt a step too far.
“75% of customers expect organisations to understand their individual needs” (Source: IBM Survey)
There’s plenty of research showing that many of us like the brands we interact with to know a little about us. We like getting relevant offers and services.
It therefore makes sense for businesses to learn more about their customers. However, they need to get the balance right. We just don’t like it when this feels like consumer surveillance … it just gets creepy. (What was probably intended to be an innocent nudge felt like bossiness or spying to my husband).
Being upfront with people. Telling them why they should share personal details, shouldn’t be seen solely through the prism of compliance. It’s also about giving people a good customer experience and building brand reputation.
The more your customers like and trust you, the more they’ll be willing to do business with you AND share information about themselves.
Apologies, but I am now going to mention the ‘G-word’. GDPR, somewhat unfairly, often gets bashed up for hindering lots of things. I say unfair, because GDPR doesn’t stop you personalising your customer engagement. It does ask you to put a few checks and balances in place.
This means putting your customers in the driving seat – giving them control over what information they provide and telling them what you plan to do with it. Here are just a few points to think about.
Do you clearly tell people what’s in it for them? Do you let them know from the outset how you plan to use the information they give you? (Also see: Why is it so hard to explain how we use personal data).
Do you let people choose what they share? (I won’t be alone in my dislike of the *mandatory field with no clear reason given as to why I have to share this information). Also do you make it easy for people to ask you to stop using their details? (I also won’t be alone in betting infuriated when I can’t easily get in touch).
Do you collect information you don’t really need? Try not to fall into the trap of gathering details with the ‘it-might-be-useful-at-some-point-in-the-future’ approach. Also be careful not to use the information you have for a different purpose, (which you haven’t told anyone about).
Do you regularly update what you know about your customers? Do you ask them if they still have the same interests? Over time, what you think you know about your customers may become so inaccurate its actually counterproductive. Quite often what you know is only a snapshot at a particular moment in time, not a lasting profile of their habits.
(This reminds me of being asked by a home store what my interests were. I might have been interested in sofas at the time, but this was temporary. New sofa in situ = no interest anymore).
The ‘don’t-be-creepy check’
Do you carefully consider whether what you are doing might surprise people? Would they really expect you to use their information in the way you are? Just because you’ve ‘buried’ in your T&Cs / privacy notice that you do something, doesn’t mean people won’t be a bit freaked out when this becomes clear to them.
And, if they’re like my husband (the grumpy, privacy-savvy demographic is fairly big) they might choose to make engagement doubly difficult.
Okay, here’s the technical bit (I wish I had one of those shampoo advert graphics for this, you know, the ones that show how Jojoba nuts stop dandruff or something). Yes, you do need to identify a lawful basis under GDPR for all your activities, and this includes the information you collect for personalisation purposes. Are you relying on consent? Can you rely on Legitimate Interests? Is it okay to wrap this up as part of your service terms? All questions that should be answered, and the answer will be depend on the specifics of what you are doing.
For me, the key is not to be afraid to telling people what you are up to. Be transparent – people aren’t stupid. My husband knows his TV habits are analysed, but he doesn’t want to feel like ‘Big Brother’ is watching. I know brands will be keeping track of my interactions with them, just don’t be creepy. Tell people what you’re trying to achieve, and you may be surprised at what they’re happy to share.
Philippa Donn, June 2020
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.