It should have been a straightforward pan-European direct mail campaign. An automotive company came up with a single-template creative, the data had been bought from Acxiom, the translation bureau had adapted the text for each market and the campaign was ready. But at the last minute, there was a hold-up.
"When we looked at the piece for Spain we noticed that some of the terms and conditions were not in place," explains Dr Sachiko Scheuing, European chief privacy officer at Acxiom. "Spain has quite a brutal regime in terms of data protection, and an extra paragraph needed to be inserted into the direct mail piece."
This paragraph - which actually took up half a page of A4 - went into huge detail about how Acxiom had obtained the data, why the customer was receiving the mailing piece and their rights - should they wish to complain or be removed from the mailing list. "It's mandatory to include this information," says Scheuing. "Companies tend to avoid countries with tougher data protection regimes such as Spain and Italy, because the data requirements can be onerous."
Not only are they onerous, but the penalties for infringements are also a deterrent. According to the Email Law Marketing Survey, published in February this year by law firm Osborne Clarke, and covering data protection law and practice for marketers in 17 European countries, the penalty for sending an unsolicited marketing email in breach of the Spanish email law ranges from £30,000 to £150,000.
Given that this figure leaps to a potential fine of £300,000 in Germany and up to £450,000 in Holland, clients could be forgiven for avoiding international direct marketing campaigns altogether. The survey also revealed that digital marketing law across Europe was, as Osborne Clarke describes it, "a shambles".
"Everyone agrees it's a complicated area," says Elizabeth Brownsdon, solicitor at law firm Bird & Bird and a specialist in data protection and IT law. But she says clients aren't being put off.
So how can firms minimise the potential problems of an international campaign? If you are a multinational company with a presence in all the countries you are looking to target, things are easier. British Airways ran a direct mail campaign last November to its top 90,000 customers worldwide to promote the relaunch of the Club World Cabin, and each region had an input into the final execution. As well as checking that the tone and phraseology of the mailing was appropriate for that market, the marketing team in each sales area also ensured legal compliance.
"What's becoming apparent is the trend for local sign-off, especially for legal issues," says Angus Crowther, client partner at agency EHS Brann, who is responsible for international accounts and who helped set up EHS Brann Spain. "It makes sense economically to run campaigns centrally, but they should be nailed down locally."
Working with an agency that offers an overseas network is a must for any company looking to run an international campaign, particularly if it doesn't have a local presence. EHS Brann, for example, is part of the Euro RSCG global network, and the big data providers such as Acxiom and Experian have overseas siblings or partners they can tap into.
But where a country sits on the data protection scale, it is subject to change and varies considerably.
"Everyone thought there was going to be common data protection law across Europe, but it's not the case," says Martin Bradbury, international client services director at EuroDirect. "There is a set of principles and each national government has interpreted them differently. In the UK, there is a good dialogue with government and much of what is needed is handled with best practice."
One of the benefits of having an on-the-ground presence is keeping abreast of any shifts, such as the recent swing in Italy from a very strict regime to a more moderate one.
According to Bradbury, "Italy is a beacon of hope in a regulated world." The Italian government doesn't make the electoral roll available for marketing activity and the alternative mass-market dataset Telefone Italia could only be used if the individual had actively opted in, reducing the universe to a paltry 350,000.
"It has been frustrating for direct marketers. Italy is not that different in size to the UK. It's similarly structured economically and it's relatively affluent, but has effectively been cut off from DM," says Bradbury.
This changed when a new, more liberal data protection chairman, Francesco Pizzetti, was appointed in the 1990s and who reviewed the existing legislation. Among the changes he made was a new approach to the management of public data, with opt-out replacing the previous principle of opt-in. As a result, the data availability for direct marketers has soared.
Not withstanding changes in data availability in different markets and the importance of ensuring that data is run past the necessary suppression files such as Robinson Lists, international direct mail campaigns are fairly straightforward. "There are fewer cross-border complications with mail and telephone marketing," says Stephen Groom, a partner at Osborne Clarke. "The (EU) Data Protection Directive of 1995 has been broadly implemented in a similar way across Europe."
But the same cannot be said of the Privacy and Electronic Communications Directive, which came into force in 2003. Part of the problem, explains Eduardo Ustaran, a partner at law firm Field Fisher Waterhouse, is that the directive itself was the result of a compromise between conflicting parties.
"The first draft was quite clear cut - to carry out direct marketing by email consent needed to be obtained beforehand," he says. "But this was perceived as onerous, so pressure groups lobbied to bring in various exceptions. The European Commission was persuaded to add the exceptions and we ended up with a directive that is open to interpretation."
One of the greyest areas is soft opt-in (essentially, opt-out), which is permissible for email contact with existing customers. But how do you define a customer?
The UK has interpreted this element of the directive quite broadly. Even if a sale has not been completed, the individual could still be classed as a customer if they have actively expressed an interest in buying a product or service. Countries such as Germany, Spain and Italy have interpreted this element of the directive more strictly. Spanish law, for example, says there is a need for an "existing contractual relationship" to be in place.
It is little wonder that Ustaran estimates that 75 per cent of the data protection advice he gives relates to email marketing, with telemarketing and postal campaigns making up the rest. Osborne Clarke's Groom even numbers email service providers among his clients.
Cross-border email campaigns might seem like a minefield, but often the client's in-house privacy policy will go even further than international data protection legislation. This is the case at Hertz Europe, which runs a direct and email campaign in 13 countries promoting the membership of its loyalty club #1 Club Gold.
Direct marketing consultant Steve Hanney, who worked at Hertz Europe as head of relationship marketing last year, says: "The Hertz privacy policy is rigidly compliant and an excellent benchmark. It sticks to the letter of the law."
Similarly, Chelsea Football Club has a strict data policy, according to Lauren O'Rooke Walker, account manager at its agency WDMP. "Because Chelsea has lots of international fans, we have to ensure the data capture process is compliant with legislation in that country.
"Last year, the club launched its membership drive in the US, raising awareness of the MLS Allstar game in Chicago through local press ads, posters, emails, doordrops and postcards. Of the 20,000 people who went to the game, 4,000 took part in the competition and the opt-in process was transparent, says O'Rooke Walker.
According to Chris Hare, client services director at agency Gyro International, legal issues are easier to control centrally if a company is dealing with customer data it has collected itself.
"If you are buying data, then you are reliant on the list owner or data house and would expect them to have already met the correct legal requirments," he says. "These would need to be checked extremely carefully before embarking on a campaign."
Major brands are likely to err on the side of caution about legal compliance, although as Osborne Clarke's Groom points out, there is yet to be a single case where a UK firm has faced legal action abroad because it was in breach of local data protection law.
"But there's still the risk, particularly for multi-nationals doing digital marketing across various markets," he says.
And with countries such as Italy threatening six years in prison for breaches of its email marketing law, it's not hard to see why marketers are taking the cautious approach.
POWER POINTS
- International campaigns need to be micro-managed locally
- Some countries' data protection laws can have financial consequences
- Mail and telemarketing creates fewer cross-border complications
NEED TO KNOW
- Developments in digital marketing law
The different interpretations of the EU Privacy and Electronic Communications Directive seem to have created a legal minefield, but Chris Combemale, chair of the DMA Email Marketing Council and chief executive officer of Email Vision, has some words of comfort. "If you operate in the UK to the standards set out in the DMA's Best Practice Guidelines, you should be compliant in just about any other country," he says.
If you have the right policies in place at the point of data capture and ensure there is always a very easy and visible means of opting out, it would be hard to fall foul of the law.
But there are areas worth double checking, such as the existence of a "Do Not Email" preference list.
According to the Osborne Clarke survey, some countries have adopted such a list (Austria, Belgium, Denmark, Germany, Portugal), while others have not (Spain, Sweden, Italy, Ireland, Holland, France). Best practice would dictate that data is suppressed against any Do Not Email list.
The enforcement action taken by regulators varies from country to country and is changing. For example, in the UK, the government recently announced that individuals who are convicted of the deliberate and wilful misuse of personal data will face up to two years' imprisonment for trials in the Crown Courts.
But the passing of a tough new law does not necessarily mean convictions as Ben Isaacson, privacy and compliance leader at Experian and CheetahMail, outlines: "From my experience, the US is the only country pushing for more enforcements. The Federal Trade Commission, for example, has levied a series of fines against violators of the CAN-Spam Act," he says.
He adds that the highest-profile US enforcement action was led by AOL, which persuaded a Virginia state court to sentence a spammer to nine years in jail. But this legislated environment does not stop legitimate emailers carrying out their activity and the email rental list market in the US is buoyant, says Isaacson.
The mantra of using opted-in data, coupled with clear opt-out opportunities, should keep emailers the right side of the law both in the US and Europe.
TOP TIPS
- Observe the DMA's Best Practice Guidelines
- Ensure that there is always an easy and visible means of opting out of your communications
- Email data should be suppressed against the relevant country's Do Not Email list
- Check the enforcement action in place; this varies from country to country
CLIENT QUIZ
Cross-border data protection tips
- What data protection advice can you give to brands embarking on cross-border campaigns?
- What's the biggest data protection challenge you've faced?
- Is legislation forcing you to abandon cross-border campaigns?
Anthony Hyde, marketing communications manager, Xerox
Make sure you stick to the letter of the law in the countries you are operating in, but use it as a spur to get more creative. One of the good things about stricter legislation is that we have to come up with new ways of doing things and that's exciting - it's a challenge.
The Privacy and Electronic Communications Directive - it means we communicate with fewer people via email than direct mail. Our data policy is opt-in.
No.
- Steve Hanney, DM consultant and recently head of customer retention, Butlins
Make sure that your firm's internal data protection standards are in keeping with the most rigid country you deal with. Create a benchmark for compliance that adheres to the strictest jurisdiction, to ensure your processes will be uniform and legally you are covered.
Rolling out an international campaign when the local markets question compliance with the firm's privacy policy, because they can operate below that level of the law.
Absolutely not. But companies should recognise that if their data protection policy is made up of local laws cobbled together, they are a sitting duck for exposure to bad practice. These laws can have a great advantage in terms of a ready-made international policy.
- Jon Clark, head, Friends Reunited
If your DM is in customers' best interests, and you're approaching the right segments with personalised messages, customers should see value in what they've received. As long as it's easy to opt out of other emails, you've done right by the customer.
Most of our email marketing is upsell or cross-sell to existing customers. We ensure we give them the chance to opt out. This means we know which messages they want.
Our approach is the same for our UK, Australia, New Zealand and South African sites.
Comments