Increasingly, brands are running joint marketing campaigns. Whether it is undertaken to reach a broader audience or improve brand image, the good news is that data protection laws do not prohibit joint marketing campaigns. But the bad news is that these laws impose restrictions as to how these campaigns are carried out.
These restrictions need proper consideration. Relevant steps should be taken to comply as non-compliance with marketing rules is one area where the Information Commissioner’s Office (“ICO”) is particularly hot on enforcement and issuing fines. Enforcement action can also lead to bad publicity and the brand being damaged.
Sending 3rd party marketing
Fashion brands often collaborate by sending marketing communications and offers relating to each other’s products or services to their respective mailing lists. This approach may seem ideal from a data protection perspective, given that no personal data is shared between the parties. Rather, the parties make use of their existing customer database to the benefit of the other party.
However, there are risks with this approach.
The main law which regulates direct marketing in the UK, the Privacy and Electronic Communications Regulations (“PECR”), applies in relation to both the “sender” and the “instigator” of direct marketing communications. There is no definition of what qualifies as an “instigator” in PECR, but the ICO says that you are likely to be an “instigator” if you “ask” a third party to send communications on your behalf.
As the default position under PECR is that consent is required to send direct marketing by email, the result is that the parties need to consider whether they both require consent from individuals in order to send them marketing communications relating to their partner’s products. Also, under the exception to this rule, while a brand may not need opt in consent to send marketing information about their own products to existing customers, they will need opt-in consent to send information on another brand to their customers.
When fashion brands collaborate to release joint fashion lines, what happens to the customer data generated by the promotional activities and sales of those lines? Given how important it is to know your customer base, it is likely that both parties will want in on the data. However, the following issues should be considered:
It is also possible that the parties could be “joint controllers” of the data if they will jointly decide how that data is used. For example, this could be the case if the parties have created a purpose built website for selling the products. In such circumstances, the parties would need to enter into a joint controller arrangement to comply with the GDPR.
Lastly, UK and EU businesses should take care if sharing customer data with a partner based outside the UK or EU respectively due to the restrictions on international data transfers imposed on businesses in these territories. In such circumstances, the parties will need to ensure a transfer mechanism is in place for the transfer to take place lawfully and this will usually entail entering into additional provisions referred to as “Standard Contractual Clauses”.
Take home points
If you have any questions about these issues in relation to your own organisation, please contact a member of the team or speak with your usual Fox Williams contact.
You can register online or follow us on Twitter or LinkedIn to receive our latest news, events and publications.