Increasingly, brands are running joint marketing campaigns. Whether it is undertaken to reach a broader audience or improve brand image, the good news is that data protection laws do not prohibit joint marketing campaigns. But the bad news is that these laws impose restrictions as to how these campaigns are carried out.
These restrictions need proper consideration. Relevant steps should be taken to comply as non-compliance with marketing rules is one area where the Information Commissioner’s Office (“ICO”) is particularly hot on enforcement and issuing fines. Enforcement action can also lead to bad publicity and the brand being damaged.
Sending 3rd party marketing
Fashion brands often collaborate by sending marketing communications and offers relating to each other’s products or services to their respective mailing lists. This approach may seem ideal from a data protection perspective, given that no personal data is shared between the parties. Rather, the parties make use of their existing customer database to the benefit of the other party.
However, there are risks with this approach.
The main law which regulates direct marketing in the UK, the Privacy and Electronic Communications Regulations (“PECR”), applies in relation to both the “sender” and the “instigator” of direct marketing communications. There is no definition of what qualifies as an “instigator” in PECR, but the ICO says that you are likely to be an “instigator” if you “ask” a third party to send communications on your behalf.
As the default position under PECR is that consent is required to send direct marketing by email, the result is that the parties need to consider whether they both require consent from individuals in order to send them marketing communications relating to their partner’s products. Also, under the exception to this rule, while a brand may not need opt in consent to send marketing information about their own products to existing customers, they will need opt-in consent to send information on another brand to their customers.
When fashion brands collaborate to release joint fashion lines, what happens to the customer data generated by the promotional activities and sales of those lines? Given how important it is to know your customer base, it is likely that both parties will want in on the data. However, the following issues should be considered:
- Is this clearly specified in the collaboration agreement between the parties?
- In what capacity will the data be shared? For example, will both parties be able to use the data independently for their own purposes? If so, there are a number of issues to be considered, including:
- On what lawful grounds will the data be shared?
- Are individuals notified that their data may be shared with partner brands?
- Is there a data sharing agreement in place between the parties?
It is also possible that the parties could be “joint controllers” of the data if they will jointly decide how that data is used. For example, this could be the case if the parties have created a purpose built website for selling the products. In such circumstances, the parties would need to enter into a joint controller arrangement to comply with the GDPR.
Lastly, UK and EU businesses should take care if sharing customer data with a partner based outside the UK or EU respectively due to the restrictions on international data transfers imposed on businesses in these territories. In such circumstances, the parties will need to ensure a transfer mechanism is in place for the transfer to take place lawfully and this will usually entail entering into additional provisions referred to as “Standard Contractual Clauses”.
Take home points
- Be clear about how you want to use the data generated from your joint marketing activities from the outset. As always with data protection law, being proactive with the steps that need to be taken to achieve your objectives will make your life much easier than trying to react at a later date.
- Do not assume you can send 3rd party content to your customer base – doing so could result in you and your partner violating PECR and put you on the ICO’s enforcement radar.
- Consider if any data will be shared with your partner. Data protection law will not usually stop you from sharing data if there is a genuine reason for doing so and you have in place the appropriate documentation to allow you to do so.
If you have any questions about these issues in relation to your own organisation, please contact a member of the team or speak with your usual Fox Williams contact.