Emma’s Diary seems to be the perfect website for parenthood, offering child-raising tips and giving away coupons worth up to £200. But in exchange for free diapers, users gave their consent for their data to be used for different advertising campaigns.
It has now been revealed that the data were sold to the Labour Party in 2017, although the consent to access to data was not extended in favor of the political parties.
The website now faces a penalty for misuse of personal data.
This case is part of the investigation of the Information Commissioner’s Office (ICO) on political/digital marketing, following the data scandal of Cambridge Analytica.
What started with a glimpse into the misuse of Facebook data has now opened a window to the complex online advertising system and has shed light on the opaque world of personal data trading.
What is a data broker?
Personal data is known as the “new oil” and data brokers play the role of extractors of our valuable information in every possible way.
Data brokers collect information from hundreds of sources, including censuses, surveys, public records and loyalty card programs, and then sell it to other organizations.
Recent researches by experts in secure data destruction describe the practice of data brokers as an industry with virtually invisible and unregulated infrastructure, despite the recent approbation of the General Data Protection Regulation (GDPR).
Who are the big beneficiaries?
Acxiom and Experian are probably the best known data brokers, and they make a lot of money. In 2018 fiscal year, Acxiom is expected to generate about £71M.
But there are thousands of smaller actors in the industry, such as apps and websites that request registration from their users, requesting consent to access their data, and then sell them to marketing companies.
As part of the ICO’s work, experts in secure data destruction mention that investigations have been initiated over other companies such as Experian, Lifecycle Marketing (site owners of Emma Diary), and Data8.
What does Facebook has to do?
Digital campaigns are now really important for political parties. They involve immersing themselves in often-complex relationships with data brokers and information analysis companies.
In the case of Facebook, the company had agreements with three data brokers: Acxiom, Experian and Oracle Data Cloud. It also allowed political parties to target an audience by gender, location, interest and behavior, and offered what it called its partner category service, allowing advertisers to resort to information compiled by data brokers.
These data allowed political parties to further delimit their targets, obtaining personal information such as car or house owning, or whether someone is consumer of a particular brand.
For example, an advertiser who would like to direct his ads to new mothers could use collected information from data brokers about those who recently purchased baby products using a loyalty card from a store.
Facebook has announced that it will end this practice, which has been one of the key methods used by marketers to link Facebook users’ data about their friends and lifestyle with their offline data about their families, finances and health.
So, what’s next?
Secure data destruction specialists have described the scope and scale of ICO’s research as unbelievable, as it shows that the collection of user data is a systematic practice that goes beyond Facebook or any other company.
For these experts in secure data destruction it’s fair to say that the digital marketing industry received a call for attention with the introduction of GDPR, and this research by ICO will remind people that they have a competent regulatory agency by their side, which will force the companies to limit their bad practices regarding data security.