UK Cookies Regulations: Today’s The Day

Officially, 26th May 2012 is the day that the UK regulators will be enforcing their 2011 update to the PECR, which requires companies to take opt-in consent for tracking information (including cookies) on websites. The regulations were actually updated one year ago, but the regulators gave businesses 12 months to get their house in order before they started enforcing it.

That’s the theory, at least. In practice, it seems that very little has been done by companies. Whilst most have been carrying out cookie audits and updating their privacy policy, very few have been taking opt-in consent. Many have decided to use the ‘implied consent’ route. What that means, is that by using a website with a clear privacy policy, a user has given their consent implicitly. That’s certainly not what the regulations say, but given that some of the governments own sites have gone this route, it will be interesting to see there is any enforcement by the ICO.

That’s on desktop, but what about mobile? It seems as if most companies have forgotten about this. One fine example of an opt-in window on desktop (I won’t mention any names), was not replicated on mobile. There isn’t even a privacy policy. Yet, the regulations are both device and technology agnostic. In other words, it doesn’t matter how you track (cookies, or in-app) or what’s accessing it (PC, phone or tablet), the regulations are the same.

Clearly, there are long-term issues; business are finding it hard to implement the regulations. When it comes down to it, those that make some effort with cookies are unlikely to fall fowl of the regulators. Those that completely flout it, may not fare so well – the ICO is already contacting some companies about their cookies.

I have written a white paper on the subject of mobile and cookies of the DMA which you can find here: http://www.dma.org.uk/sites/default/files/PDF/Cookies/Mobile_and_Cookies_Legislation.pdf

There’s some good general guidance here: http://www.dma.org.uk/toolkit/countdown-cookie-compliance

And a some further useful advice from econsultancy here: http://econsultancy.com/uk/reports/the-eu-cookie-law-a-guide-to-compliance

What is The Solution to Solution to Spam SMS?

Spam texts are clearly a problem. Although they represent a much smaller percentage than email spam (around 3% vs 75%), mobile is a much more personal channel. Maybe one solution could come from a preference service? In the UK there is one for voice called the Telephone Preference Service (TPS). It is widely known by consumers and generally works well. It started as a voluntary scheme, but became part of the regulations. Any brand intending to conduct telemarketing in the UK must, by law, screen the numbers against the list.

So why not set up something similar for SMS? The problem is that SMS is different to voice. Where as a telemarketer can phone you without prior permission, text messages are classed as ‘electronic mail’ and require the user to opt-in before a message can be sent. So for a marketer to send you a text, you must have given your permission directly or indirectly through a soft-opt in (through a sale or negotiation of a sale). Not only that, the marketer must also offer a method of opting-out of further messages. It’s therefore pointless for marketers to scan against a preference list, as users will already have opted in.

A preference service won’t stop the spammers either. In the UK a majority of unsolicited messages are for accident claims, debt management or mis-sold loads or personal insurance. The people sending the texts know they are breaking the law, so they use a variety of methods to avoid discovering. One thing is certain though. They are not going to scan their lists against a preference service.

In the end the only way to prevent SMS spam is a combination of better enforcement against those who are breaking the law – so far the regulators haven’t prosecuted anyone – there is much more they can do. Stopping spam also needs to be supported by better filtering at the operator level. This will stop many more messages from reaching handsets in the first place. One way to support this is through a spam reporting button (or address book entry) on every mobile handset. Even though it may be well intended, a mobile preference service is not going to solve the problem. In the end it may simply mislead consumers into believing that registering with it can somehow prevent spam messaging. It won’t.

DMA finds 8 million spam texts sent every day in the UK

A couple of weeks ago, The Sun claimed that there were 5 million spam text messages sent everyday in the UK. They didn’t quote a source, but the figure seemed rather high. Given that a number of journalists had been asking the DMA about the volume of spam SMS, we decided to find out. Using Touluna QuickSurvey we asked 1000 UK adults if they had received spam. The results were more surprising than we expected:

• 58% of people had received SMS spam in the last month
• 11% of people had received more than 10 spam messages in the last month

If those figures are mapped against the UK adult mobile population of 48.5m it means that 23 million people received spam last month. Accounting for the number of messages that each person received, it means that there were 263 million spam messages in the last month, or 8 million per day. Surprisingly, it seems as though The Sun has been under exaggerating the figure. The DMA’s study has been widely reported by the BBC today.

The definition of spam is a difficult one. Legally, spam is where the recipient has not opted-in, however many mobile owners regard any message they don’t want as spam, even if they opted-in previously. For example a previous purchase is considered as a soft opt-in (provided it was stated in the T&Cs). It is quite acceptable under the regulations to send such messages, but not acceptable from a consumer perspective.

To try to understand a bit more about the types of company, we split the 58% of spam recipients as follows:

• 22% have received SMS spam from company the recipient had previously bought products from or made an enquiry with – technically a soft-opt in.

• 23.5% have received SMS spam from a company they knew, but had no previous contact with

• 54% have received SMS spam from companies they don’t know and have had no previous contact with

• 30% have received SMS spam from a company not identified in the message - these are typically accident claims, debt management or mis-sold PPI messages

8 million spam messages per day is a lot. It could be argued that more than one fifth of these meet the regulatory requirements but consumers still see them as spam. The 8 million spam texts are just 3% of the 300 million messages sent each day in the UK. Compare that to email, where it is estimated that 78% of the billions of daily messages are spam. So why should 3% be a problem in mobile spam?

There are three important reasons why:

• Mobile is very personal – this is the device that we have with us all the time. We don’t share it, and it’s the place that most of us communicate with our friends and family. Unsolicited messages in this channel are very intrusive. A DMA/IAB study last year found that there was a 98% recall of brand SMS. Clearly, people remember a text message – solicited or unsolicited.

• People are not used to mobile spam – we have all learnt to live with a certain amount of email spam. That is helped in part by increasingly sophisticated spam filters and report spam buttons in email. Those management tools don’t exist for individual mobile users (yet).

• Mobile spam is bad news for legitimate permission-based marketing – even in world of apps and mobile web, SMS is an important driver for brand marketing, service and CRM. For consumers it can offer a convenient and immediate communication tool. If there is a perception that the channel is full of spam consumers will be reluctant to give brands their mobile number. In the email channel, the service providers have a major issue getting around spam filters, black-listing of servers and getting consumers to open their message. This is where SMS could end up if spam levels continue to rise.

In the end, text spam will be dealt with by a combination of better enforcement from the regulators, better filtering by the mobile operators and consumers not responding to unsolicited messages. The DMA is doing considerable work in this area – watch this space for updates.

Privacy: Is This the Main Barrier for Mobile Marketing?

Concerned about phone privacy? Here's one solution.

It’s an issue that brands often ignore, but over the last few weeks privacy in mobile and online has been at the forefront of the news. We had Google storing WiFi location information, we’ve had Android and iPhone storing users’ location data and Sony’s hacking problems which saw over 100,000 users’ data compromised. In a recent poll by The Wall Street Journal nearly 50% of 8,000 respondents said they were ‘very concerned’ that Apple were tracking and storing location information. This was confirmed by a Nielsen study which found that 52% of men and 56% of women also had privacy concerns about their smartphones.

From Apple’s perspective this was not a deliberate attempt to access this information but rather a bug in the operating system, that has been updated in a version of the iOS 4.3.3 which has just been released. Apple are different to Google. The latter are very much in the business of selling advertising, and location-based information is useful to that end. Apple, however are basically in the business of selling devices, their OS and apps (iAd aside).

However, it is significant that such a large number of people should show concern about the storing of location information. The internet has posed a threat to individual privacy for many years, not least of which, privacy issues from social media. But when it comes to mobile phones the issue of privacy is even greater. Mobiles are the most personal devices that we have – we don’t share them and it’s often where our most personal of communications happen. When brands get involved with mobile they are entering into, perhaps the most personal space of all. The same sentiment was obvious in a slightly different context. When we carried out our messaging study (DMA/IAB 2010) issues such as trust and control were important factors for people to accept brand marketing on their mobile phones.

We are now seeing a rapid growth in mobile marketing and advertising. Whilst privacy policies offer some consumer protection, ultimately it is essential that brands go out of their way to ensure that they are projecting their customers’ information as well as they possibly can. For many people, they clearly don’t feel that is the case.