Your Big Data Opportunity

#iCCS12

:

#iCCS12

State of Play

Source: Big Data Insight Group – Industry Trends Report March 2012

State of Play

Source: Big Data Insight Group – Industry Trends Report March 2012

10

11

apache.hadoop.org

17

18

iCrossing UK

Client Summit

Thursday, 17th May 2012

Caroline Roberts

Director of Public Affairs

The Direct Marketing Association

• Europe’s largest national trade association in the marketing and communications sector

• 920 corporate members –suppliers, agencies and clients who use dm

• Client members include major blue chip UK (or operating in UK) companies, e.g. Readers Digest, News International, Barclays Bank, American Airlines, Virgin Media, Save the Children, British Gas, the main political parties, Microsoft, Marks & Spencer PLC

• Supplier members include list brokers, email marketers, mobile marketers, social media, mailing and fulfilment houses, creative agencies, etc.

• Services include: lobbying; legal advice; events; research; self-regulatory mechanisms; business development opportunities

• 50 staff - offices in London, Edinburgh, Bristol and Manchester

Two major pieces of legislation on data use

• EU Draft Data Protection Regulation

– A proposal from the European Commission to

update EU Directive 95/46/EC now beginning its

passage through EU institutions

• Privacy and Electronic Communications

Regulations 2011

– EU Directive 2009/136/EC

– Enacted 26th May 2011

– Will be enforced from 26th May 2012

Draft EU Data Protection Regulation

• Where are we now

• Background to the proposal

• Key points in the proposed Regulation

• Influencing the legislation

Where are we now?

• European Commission published draft Data Protection Regulation 25th January 2012

• Consultation process since May 2009

• Ministry of Justice Call for Evidence Jan-Feb 2012

• Jan 2012 – 2014?? – European legislative process

• ?? 2016 – New Regulation in force

Why revise the law now?

1995 European Directive ( implemented into UK by 1998 Data

Protection Act ) showing its age due to:

1) Law doesn’t take account of new technologies – and more

complex information networks: interconnected data rather than

held in databases

2) Lack of common European law and differences in national

implementation

3) Consumer concern over privacy – high profile data security

breaches, etc.

Key points in the draft Regulation

Opt-in and opt–out - obtaining consent

• General rule for direct marketing – “explicit consent by clear

statement or affirmative action” . Much more prescriptive.

• Possible legitimate interests exemption ?

• Legacy databases – what about data collected under current law?

• At worst, if consent cannot be proved, whole databases could be scrapped.

• At odds with existing rules on voice calls, email and SMS marketing

• Would almost certainly lead to requirements for increased opt-in mechanisms

Increased burdens on business

Decrease in functionality of many consumer-friendly services


IP addresses and cookies

• Definition of personal data extended so could cover

some IP addresses and cookies

• But IP addresses identify a device not an individual +

some IPs are general, e.g. in a library or internet cafe

• Huge implications for digital marketers

• Web analytics & profiling made much more difficult, if

not impossible

• Interaction with new cookie rules


The right to be forgotten

• Right for individuals to request organisations to delete any information held on them

• Drafted with social media in mind – but goes beyond this

• For dm, there is an obligation to suppress, rather than delete, i.e. “need to keep to remember to forget”.

• Also problem of information which has already been passed on to third parties

• Possibility of misleading consumers by raising unrealistic expectations

• Need to strike more reasonable balance between consumer expectations and limiting use of data for legitimate business purposes.

• A possibility that dm might be OK - but this needs to be clarified


Data Breach notification

• Every organisation that suffers a data security breach

would have to notify Information Commissioner’s

Office and the individuals concerned within 24 hours

• Not always obvious if there has been a breach or how

extensive it is

• Problem of notification fatigue, so individuals could fail

to take action when it is necessary to do so.

• No threshold level specified.


Subject Access Requests

• Data subjects to be able to request full information on

data held on them free of any charge

• Currently can levy a £10 fee – doesn’t cover cost but

deters time-wasters, frivolous or vexatious requests.

• Costs organisations £50 million p.a. now to meet SARs

• Proposal that can provide data in electronic form if data

subject agrees to this


- Marketing to Children

• General rule – parental consent required for

under 18’s

• Exception for online marketing to children

under age of 13

• No flexibility – a risk-based approach would

be better.


Compliance obligations

• Data protection obligations now shared between agencies

and clients, for example if holding client’s database

• Appointment of designated Data Protection Officer for

organisations with 250+ staff

• Accountability/Privacy by Design/Privacy by Default

• Increase in fines/sanctions – in stages, of up to 2% of

global turnover or 1 million euros

• International transfers of data outside EEA – law would

apply to any processing of data or EU citizens. Not always

possible to tell.


Further delegated legislation

• Much of the detail of the Regulation will be implemented through

additional delegated legislation – some 45 Delegated Acts are

mentioned.

• Details of this secondary legislation will not be clear until Regulation

passed

• These areas of secondary legislation will include:

• powers to specify further procedures

• technical standards for Privacy by Design/Default

• specification of lawful processing condition

• additional responsibilities for national data protection

authorities; etc.

• European Commission will be taking significant powers to itself away

from the national authorities - raises serious issues of subsidiarity and

accountability

EU Draft Data Protection Regulation

- DMA View

• DMA welcomes the Commission’s aim to reduce red tape and

simplify bureaucracy – but proposals do not achieve that:

overly strict, bureaucratic and unworkable

• Hard to say how Commission’s estimate of 2.3 billion euros

saving to businesses was calculated

• Needs to be a fair balance between privacy and legitimate

business interests

• Current proposals will stifle innovation, add considerably to

business costs and place unnecessary obstacle to e-

commerce jobs growth

• Will be particularly harmful to SMEs

Influencing the legislation

• DMA is:

– Lobbying UK Ministers in MoJ, DCMS, BIS who represent UK in EU Council of Ministers – now meeting in Working Group

– Leading UK Data Industry Group response to the proposed legislation & participating in CBI Group on Data

– Working with Federation of European Direct and Interactive Marketing Associations (FEDMA) in Brussels leading collective EU dm effort

– Lobbying MEPs – particularly on Civil Liberties Committee, and Internal Market and Trade Committees

– Working with US DMA to influence US administration, FTC,etc.

– Key research on consumer attitudes to privacy and on the economic value of the dm industry

PECR – the new cookies law The law has been in place since 2003

• required anyone using cookies to provide clear information about them and provide opt-out if desired.

• The 2011 Regulations dramatically tighten the rules

• now, anyone depositing cookies is required not just to provide clear information about them but also to obtain consent from users to store a cookie on their device.

• New ICO powers to issue monetary penalty notices of up to a maximum of £500,000 for serious breaches

• The EU's revised PEC Directive came into force on 26 May 2011 but ICO said would not fully enforce for one year to give business time to prepare.

The law doesn’t just cover cookies • The law covers all technologies which store information in the

“terminal equipment" of a user, and that includes so-called Flash

cookies (Locally Stored Objects), HTML5 Local Storage, web

beacons or bugs…and more

Two exemptions from consent requirement • “use of cookie is for the sole purpose of carrying out the

transmission of a communication over an electronic

communications network”

• “cookies that are strictly necessary for the provision of a

service” e.g. internet banking, online shopping carts,

website log-ins

The ICO’s advice 2 sets of Guidance on www.ico.gov.uk

• “It is not enough simply to continue to comply with the2003 requirement to tell users about cookies and allow them to opt out. The law has changed and whatever solution an organisation implements has to do more than comply with the previous requirements in this area.”

• “But, come 26 May…. when our 12 month grace period ends, there will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there.”

http://www.ico.gov.uk/

How to comply with the new rules

Follow the ICO’s guidelines:

1. Check what type of cookies and similar technologies

you use and how you use them.

2. Assess how intrusive your use of cookies is.

3. Decide what solution to obtain consent will be best in

your circumstances.

In conclusion • Issues surrounding implementation of regulation for email and mobile

marketing still a grey area.

• DMA Countdown to Cookie Compliance

– 10 Steps

– Guide for Email marketers

– Guide for Mobile marketers

• ICO guidance + will be issuing more in next 2 weeks

• ICC Guide on cookies issued this month

• Getting it wrong could result in adverse commercial impact – and regulatory intervention?

• The rules of engagement online WILL change – how is up to you.

Aren’t we there already?

op·por·tu·ni·ty

noun, plural op·por·tu·ni·ties.

1. an appropriate or favorable time or occasion: Their meeting afforded an

opportunity to exchange views.

2. a situation or condition favorable for attainment of a goal.

3. a good position, chance, or

prospect, as for advancement or

success.

Media buying has changed.

Inventory booked far in advanced.

Post campaign optimisation.

Audience defined by placement.

Huge wastage…

…and search took all the budgets.

The clearest display of intent?

Users displaying intent, in real-time.

Highly targeted, precise distribution system.

Only reach users who want to find you brand.

Massive efficiency.

…and data became personal and real-time.

Data is already at the heart of media buying.

Technology has changed the way we buy

media.

Data has changed the way we buy media.

Scale audience from your own customers. 3rd Party Data

3rd party pixels

It’s the results that matter…

The Value of data lies in the improvements in ROI it can provide but…

A lack of transparency & standards.

Removing the “noise” is difficult.

Data is expensive and available to everybody

Insight sits with media buyers.

…raises the question of “how much value does 3rd party data bring to my business?”

IT’S GOOD, BUT IT COULD BE BETTER.

Insight should be at the heart of your media buying.

Exclusivity of data is key.

Blend 1st party and 3rd party sources to see

your brands audience.

Look for people not cookies.

It is your audience.

DMP is the emerging hub for digital marketing

Attribution

modeling

Social

data

3rd

party

data

Facebook

Twitter

Youtube

Intent data

Device data

Look-a-likes

Social

campaigns

SEO

campaigns

Spot cable

TV buying

Direct

marketing

Call center

systems

Brand Standards/

Governance

Data Security

The Audience Management Platform For the digital age

But the opportunity for brands is significant

Source: Forrester Research, Inc.

The Red Aril platform provides a full solution…

3rd Party Data

Offline Data e.g. CRM, POS

Ops Sales

Marketing Platforms

• Ad Servers

• Inventory/Yield Optimizers

• Content Management

• Site Personalization

• Creative Optimization

• Ad Networks/DSPs

• Mobile Networks

• Ad Exchanges/SSPs

• Data warehouses

Data Monetization

• Data Exchange

• Private Exchanges

Integrated Data Portfolio

Marketing

Website Data

Mobile Data

Social & Life Data e.g. Registration, etc.

Analytic & Insight

Digital Data e.g. Email, Search

Browser

Real–Time Processing Audience Development

Audience Optimization

Audience Verification

Audience Extension

Closed-Loop Optimization

API

Batch

Custom

Event Classification System

Application Interface Client

Self-Service

Red Aril

Full-Service

Audience Management

Data Integration Data Integration

1st, 2nd, 3rd – Online, Offline (CRM)

Data

Ma

nag

em

en

t

Data Protection

Data Analysis

Data Rights

Data Inventory

Inside the sausage factory

Email

DATA PROCESSING & AGGREGATION

REPORTING & ANALYTICS

DATA INTEGRATION LAYER

Log Connector Server-to-Server Browser Based

1st Party Data 3rd Party Data

Website Online Data

Providers

Offline Data

Providers Models Offline CRM Publisher

Data Ad Server

Relational DB

Connectors

API / Native

Connectors

AUDIENCE & MEDIA MODELING

Data Normalization Data Cleansing Segmentation Qualification

INTELLIGENT DATA DISTRIBUTION LAYER

Search

AUDIENCE DISTRIBUTION &

DECISIONING ENGINE

DATA DELIVERY LAYER

API Server-to-Server Browser Based

User Interfaces, Systems, Platforms

Attribution Data Usage

DATA RIGHTS MANAGEMENT

Media Execution

The Red Aril architecture

Functionality – Depth, Breadth, Analytics

End-to-end solution: Data – Audience – Extension

Complete data portfolio control – 1st, 2nd, 3rd party data – all together

Real-time, user-level, audience modeling – predictive extensions

Get the right message to the right person

Audiences

• Demographic Markers

• Psychographic Markers

• Media Exposures

• Search History

• Site Behavior

• Social Graph

Content

• Media

• Categories

• Semantics

• Lifespan

• User Generated

Context

• Competitors

• Brands

• Devices

• Channels

• Socio-economics

demo

Old World New World

Over to you for any more questions…

Business

Your Big Data Opportunity