Big tech versus regulators is a battle loyalty marketers cannot afford to ignore
On April 4, 2023, almost 5 years since the General Data Protection Regulation (GDPR) became law in Europe, TikTok was the latest BigTech business to be fined by the UK’s Information Commissioners Office (ICO).

The reality is the fine of £12.7 million for misusing childrens’ data will be treated by TikTok as little more than a manufactured parking ticket. It is symptomatic of the battle raging between impunity and accountability, between BigTech and Regulators, which has become a critical lens for what is happening today in the data world. This is a battle that loyalty marketers cannot avoid or ignore, writes Richard Dutton, The challenges it presents to deploying and managing loyalty programmes are unprecedented because so many programmes rely heavily on the analytic tools that BigTech provides.
While BigTech continues to treat regulatory fines as a cost of doing business, the EU is taking BigTech on and doubling down on privacy and data protection regulation. First up is The Data Governance Act which establishes personal data spaces and intermediation services as alternatives to the existing major tech platforms. It entered into force in June 2022 and becomes applicable across all member states on 24 September 2023.

Next up are The Digital Markets Act (DMA) and The Digital Services Act (DSA) both of which entered into force in November 2022. The DMA mostly becomes applicable across member states on May 2, 2023, regulating digital gatekeepers and prohibiting exploitative use of market power by the gatekeeper in the digital economy. The DSA establishes rules for a more transparent and safer online environment and will become applicable across member states from February 17, 2024.

Two more regulations are already in the EU legislative pipeline. The Data Act will establish rules regarding the use of data generated by Internet of Things (IoT) devices. The AI Act is the regulation laying down harmonised rules on Artificial Intelligence (AI) and amending other certain European Union legislative acts.
The battle lines, however, are not just regulatory. Given the response to the recent launch and uptake of Open AI’s ChatGPT, there is plenty of evidence to suggest that the AI regulatory horse may have bolted. The class action lawyers are already piling into AI pioneers to challenge what the venerable Noam Chomsky describes as “the unauthorised appropriation of the creative work of millions of people that just happened to be lying around on the web”.

AI and ChatGPT regs coming soon
Loyalty marketers beware the lightning bolt that is ChatGPT. While its capacity to ingest vast amounts of data is impressive, its inability to validate its data outputs should set alarm bells ringing all over Loyalty land.
Good loyalty marketers will already have identified humanity’s growing distrust of algorithmic platforms. They have jettisoned the mantra that “data is the new oil”, acknowledging that personal data is the air that breathes life into loyalty programmes. The challenge for loyalty marketers is that so many of the tools BigTech provide are full of toxins which will not meet the compliant “clean air” that loyalty marketers need to lawfully navigate European data economies.

Loyalty programme data stewardship needs to take on a new dimension – not just to provide a regulatory defence but to be prepared for the class action barbarians arriving at the gates of your loyalty programme.
The author
Richard Dutton is MD of legal advisory service Elias Partnership and specialises in digital media. He is a Fellow of the Institute of Data and Marketing (FIDM), a Certified Loyalty Marketing Professional (CLMP), a member of the Board of Regents at the Loyalty Academy and a partner in the Customer Strategy Network (CSN).