The ability to measure the user behaviour of each individual email marketing subscriber is an important tool for relevant and target-specific communication. Click profiles, for example, help to identify interests and serve these better. In practice, however, companies face a dilemma when it comes to the legally compliant collection and processing of personal response data. With its current version of the ELAINE FIVE Online Dialog CRM, technology provider artegic is presenting a new solution for legally compliant marketing based on behaviour profiles: Privacy Admission Control.

Successful dialogue marketing now requires targeted and relevant communication. The content of campaigns as well as the selection of target groups must be based on the specific interests and requirements of each individual addressee. In this context, email marketing has always stood out with its measurability of all actions. It is therefore possible to determine, with accuracy, whether emails have been opened or links have been clicked on. Apart from purely statistical analysis, this also makes it possible, in particular, to collect, store and analyse the user behaviour of the individual contacts.

Marketing practice requires suitable technical solutions

However, the tempting technological possibilities of creating user profiles from response data are subjected to legal restrictions in many countries. Often, the following applies: when data from user behaviour analysis is linked with personal data such as an email address, the explicit consent of the person in question is required.

In marketing practice, the required separation between persons who have given their consent to profiling and those who have not given their consent, or who have withdrawn their consent, is often not possible technically. Collection and processing of the relevant data can either be activated or deactivated, if at all. In reality this means that the process is either carried out for everyone or no one. This presents a dilemma for companies which do not wish to either refrain from profiling or abstain from legal security.

Individual level of data processing based on consent

The Privacy Admission Control Function of the ELAINE FIVE Online Dialog CRM solves the issue of varying types of consent in dialogue marketing. The new solution makes it possible to differentiate the technical processing of data directly during collection, according to the specific consent given by the individual person. The individual level of consent can be displayed and can be dealt with, in practice, in a legally secure manner.

During the collection of behavioural data from measurements of various processes including opens, clicks, conversions and send-to-a-friend, ELAINE checks which data usage has been consented to by the person in question. When collecting and processing data the profiling metrics can distinguish between any levels of consent. Detailed interest and behaviour profiling can therefore be carried out without the risk of legal conflicts with users who have not given their consent, or having to refrain from profiling completely for this reason.

Following the same principle, it is also possible to manage various opt-in sources or different versions of data privacy notes and, accordingly, take their legal implications into account.

Upgrading of consent as a marketing task

The Privacy Admission Control Function of the new ELAINE FIVE Online Dialog CRM also facilitates the expansion of data usage declarations of older data bases, where no granular collection of consent took place. By knowing the specific level of consent, it is possible, at the next opportunity or during special campaigns, to specifically request an update or expansion of the consent. This upgrading of data privacy statements is becoming an essential task in the marketing context, due to higher demands in dialogue marketing and stricter legal requirements.

Business practice is often not legally compliant

If you also wish to create personal user profiles purely for statistical analysis, you may need the explicit consent of the users, depending on the legal position. Personal user profiling takes place when data from the measuring of user behaviour is linked or can be linked to personal data – in email marketing, the email address in particular. This also means that campaigns, which are already running and targeting all those users who have not clicked on the last mailing, also fall under this extended duty to obtain consent. Frequently argued, separate storage which can, however, in practice simply be linked via IDs for example, is therefore not sufficient.

In any case, this consent to data usage for the purpose of personal profiling must be obtained in a manner which can be proven and, depending on the legislation, should be requested separately from the opt-in process for receiving emails. However, this is hardly ever taken into consideration in practice. Many of the solutions in use and data usage statements do not therefore comply with the legal requirements and represent a legal risk.

Furthermore, users and the public are becoming increasingly sensitive when it comes to data privacy. Companies are therefore required to take their legal responsibilities seriously. Justiciable processes such as suitable subscriber consent obtained in an effective manner are continually required within the context of data privacy statements, as is a suitable method for differentiating technically between various types of consent in data processing.