Loyalty schemes will be directly affected by EU data reforms
Countries in the EU are currently working on their responses to the complex policy proposals suggested for the handling and storage of personal data. The legislative changes currently underway are of critical importance to the loyalty sector. Jeremy Henderson-Ross, legal director and general counsel – EMEA for Aimia suggests companies should play an active part in the discussions.
Issues around personal data are increasingly high profile. This was seen most recently by the widespread interest in the policy proposals announced by the EU Justice Commissioner, Viviane Reding. These announcements are part of an EU directive which aims to offer consumers easier access to their own data. Whilst the debate around personal data is incredibly complex, it is also one which companies cannot afford to ignore, as reforms have the potential to fundamentally affect the way businesses interact with their customers. For those of us who operate in the loyalty sector and store and handle data, the legislative changes currently in the pipeline are of critical importance.
Reding’s speech on 25 January set out her suggestions as part of the new EU Data Directive. Her proposals include measures to offer consumers easier access to their own data and the right to demand that personal data be deleted. For businesses, the directive would force organisations to ask explicitly for consent if required, rather than assume it. Companies with over 250 employees would need to appoint a data protection officer. Failure to comply with the regulations could bring about large fines.
Whilst these measures have proven controversial for many business leaders, there is widespread agreement that reform is necessary. The last changes were made in 1995 and therefore fail to take into account the vast developments in technology that have taken place since then. There are complex issues that need to be tackled around privacy and data protection, and there is a genuine desire for measures to harmonise data regulations, creating clear rules and regulations. These changes have the potential to be incredibly helpful for businesses that hold customer data.
The EU’s legislative procedures are lengthy and thorough. While on the one hand, this may seem daunting, they do present us with an opportunity for debate and consultation. The rules need to be approved by each of the EU’s member states and ratified by the European Parliament before they can come into effect. This process could take at least two years, by which time the proposals could look significantly different, especially if we ensure we make our collective voice heard.
Effects on loyalty sector
For companies operating in the loyalty sector, there are several areas in the ongoing debate that require further thought and advice to help policy-makers. Questions remain about the viability of some of the reforms. The ‘right to be forgotten’ is motivated by a desire to help consumers, and youngsters in particular, to ‘manage their online reputation’. But how would such a principle work for multi-national companies? It is also far from clear how information about an individual could simply disappear in the constantly expanding cyber world.
The proposals set out new rules on consent, accountability, data portability and privacy, but do not set out who will pay the resulting substantial additional costs. The real danger is that the final legislation may stifle business innovation and growth. The huge threat that fines of 2% of global turnover represent may lead to the use of data in business becoming increasingly conservative.
Perhaps the biggest threat for businesses like ours is the creation of an unbalanced world-wide data regulatory framework. A truly efficient and effective data market must take into account the global nature of data. In the US, the data privacy debate is also a prominent issue. Agreeing a template for regulation across the EU is one thing, but the EU commission must take into account the need for the reforms to work effectively with America. Indeed, countries with rapidly developing online spaces, such as India and China, are also attempting to use the data of their countries to spark growth. The data debate cannot simply be confined to Europe, or even to the US.
The aim of the commission is admirable: to simplify, strengthen and modernise the data protection framework to protect consumers but also spark economic growth. It remains key that the single framework that emerges does not represent a mere ‘common-denominator’ in data legislation, but represents best practice in both protecting an individual’s privacy and fostering innovation.
Aimia guidelines
Regardless of EU legislation, Aimia is creating its own guidelines that seek to acknowledge the critical responsibility that all data handlers have, without sacrificing our primary business objective of using data to help our clients improve their service and offer for consumers.
In a recently published white paper, ‘The New Data Values – securing customer data as a renewable resource’, Aimia sets out the four main principles which will underpin the company’s approach to data and privacy.
1. Transparency –we provide customers with information on specific data being collected, as well as the manner in which we collect it. No confusion is permissible, and the language and access must be in a consumer-friendly and easily understandable format.
2. Added Value – We always make customers aware that they’re being compensated in a specific manner for providing personal data. The value of the exchange must always be made explicit.
3. Control – Customers should always be in control of their data and at Aimia we always tell them with whom they’re sharing it and give them the ability to opt out of data collection at any time.
4. Trust – Fundamentally, our business must give consumers confidence in the security of the data. This is key to our business, as it is for all data handling companies.
Other companies operating in the loyalty sector should certainly not fear the ongoing process in the EU commission, but embrace the resulting debate and discussion and play an active part in it when appropriate. We should make it clear that we understand the need for responsible data handling and welcome the fact that the issue is achieving a much higher-profile. That said, we should work hard to ensure that any changes do not come at the expense of innovation. So long as innovation is not stifled, our sector can be a catalyst for future, long-term economic growth.
Jeremy Henderson-Ross is legal director and general counsel – EMEA, for AIMIA.