The Truth About Data Sharing
In this week’s catch-up, Daniel and Simon aim to lift the lid on some of the more dubious practices that are undertaken when it comes to the sharing of personal data. Whilst the industry is focused upon the impact of the Cookie-pocalypse, it is worth exploring the fact there are potentially more problematic issues concerned with how people’s personal data is passed around (oftentimes without the owner of said data knowing).
What exactly are these dubious practices? Why are they allowed to happen? And why is transparency the only real solution?
Simon, can you explain a little bit about the more “dubious side of data sharing?” to kick us off?
Sure, but it’s important to separate it from “Lead Generation” right? This is more concerned with the data world, and people sharing that data without the consumer knowing, so it’s different from lead gen.
The truth is I’m aware of this world and these practices because I used to do it. Effectively it’s just the buying and selling of people’s personal data and whilst it’s technically “Compliant” there are some questionable aspects to it, mainly because the people whose data it actually is have little to no idea it’s going on.
So what you’re talking about isn’t illegal, right? It’s just questionable in the sense the companies who are doing it aren’t being completely transparent about it?
So there are two categories to this. The first is co-sponsor, where a consumer signs up to a site and there will be something that says “If you want to hear from our partners tick this box.” That is less questionable because they’re being - or they’re meant to be - more transparent about it.
But what a lot of companies do is have a huge amount of partner companies, so I’d say you should limit the amount of companies that can be listed and ensure they’re actually relevant to the consumer.
The thing is, even people in the industry may be shocked by the scale of it. It’s just huge.
Wasn’t GDPR created to stop exactly this sort of thing happening?
Good question. I’ve asked myself… why doesn’t the ICO do something about this? And to be honest, I expect the ICO would actually be shocked if they knew it was happening like this still.
The thing is, the companies who are involved in this kind of data sharing ironically have to be GDPR experts - or at least have one working for them - to get away with it. They’re jumping through loopholes of legitimate interest to get away with it.
I’ve seen stuff even recently on sites that generate a fair bit of traffic, but there’s definitely “bundling” going on where the opt-in has become part of the submission of your data.
And yeah, the stuff where it’s hidden in privacy policies, it’s just really questionable for me because they’re obviously using legitimate interest to get around it.
What’s the solution?
Honestly, I’m not sure yet. I really thought it would die out after GDPR, right? But it hasn’t. It will carry on whilst there is still demand from the end buyers, but the thing is… it’s just not great marketing. In fact, I’d say it’s not even marketing at all, it’s just buying people’s data and then trying to play a numbers game. But there is no intent there, there is no transparency, there is no building a relationship. It’s just spray and pray, and you’d hope that the best brands will lead by example and the ones doing this will want to follow… but yeah, who knows what the future holds? It’s gonna be interesting, that’s for sure.