When brands think of online marketing, they often think of advertising that makes use of consumers’ personal data through tracking cookies, email subscription and the like. The collected information is then processed to better aid marketing decisions, such as creating audience segments based on consumer behavior, or targeting consumers along a certain point on the purchase decision making funnel.
However, recent privacy breaches have made consumers increasingly concerned about their data — how it’s being gathered, processed, used, and stores. As a result, advertisers are also making moves towards more safe, secure, and efficient ways of processing their consumers’ data.
Various regulating bodies such as the European Union have created and passed new regulations that now give companies a better handle on data collection for advertising purposes, without being overly invasive.
That is where expressed consent comes into play. Under various data protection regulations, such as the Data Privacy Act of 2012, and the CAN-SPAM Act, consent must be expressed instead of implied.
Consent: Implied vs. Expressed
Consent is implied when a data processor believes there is a reason for a customer to give consent if they asked for it – for instance, an existing relationship between customer and corporation.
One’s consent to provide information may be implied if such information is published in plain sight for anyone to see; a business card is provided; or a transaction was made, whether a sale, an inquiry, or a donation.
On the other hand, expressed consent has no room for such assumptions. It is required whether there is an existing relationship or not.
As such, parties asking for consent must ensure the other party understands the question and its implications, and that they explicitly make the choice.
Filling a form, ticking a box, or getting explicit assent in a phone conversation are a few examples where express permission can be obtained.
Under data protection regulations, the option to opt-out or withdraw consent when deemed fit is also required. Customers also have the right to know how their personal information will be processed thereafter.
Five elements of expressed consent
Marketing companies can test if consent is expressed or implied by fulfilling five elements dictated by most data protection regulations. Consent must be:
1. Freely given (no pressure imposed);
2. Specific (within the scope of data collection and processing);
3. Informed (parties are aware of what they’re consenting to, including the assurance for secure data infrastructure);
4. Unambiguous (request for consent must be clear and simple);
5. And with Clear Affirmative Action (the person must agree through a statement or an action).
All these support one key principle of cybersecurity: transparency.
Transparency is embedded in these elements: they ensure that consumers are aware of what companies collect, what data infrastructure is in place, what it can handle, and that data collection is consensual.
Transparent transactions help companies avoid liabilities; while also garnering higher consumer trust, as such transactions let consumers feel valued and protected.
Down the line, transparency helps companies gain conversions and, eventually, sustained loyalty. A recent Label Insight study that focuses on buying behavior and brand transparency shows that customers are willing to give another service provider a try, if they perceive it to be more transparent.
With transparency, there is no room for complacency. Both parties should be accountable for their decisions, but as advertisers, we are liable for storing and processing the data of hundreds, if not thousands, of data subjects.
Once all these conditions are fulfilled, all parties will see this as a win-win situation, as they’re assured not only of enhanced security but also ease of use.