Consent vs Legitimate Interest:
Understanding which legal basis best suits your needs is essential! We know that both legitimate interest and consent have their benefits and downfalls when looking to communicate with consumers. However, depending on the brand, industry sector or channel of communication one or the other can play a major role in the success of the marketing strategy.
What is Consent?
Consent is when the individual has given consent in the form of an ‘opt-in’ for a company to process their personal data for a specific purpose.
Consent requires an organisation to be named at the point of data capture and the consumer must ‘opt-in’ to be contacted by the brand, with the consent statement allowing for unbundled data collection with the boxes never pre-ticked i.e consent requires a positive /affirmative action to be recorded.
It is often seen as the ‘safe’ option when it comes to collecting consumer data for marketing purposes. Whether it is using a tick box or a subscription form, consent offers the consumer a clear choice, ultimately helping to build a brand’s reputation as trustworthy, transparent, and responsible, subject to the below guidelines also being followed:
- The opt – in is a positive action – Reliant on the consumer ticking to receive communication (remember, no pre ticked boxes)
- The statement of consent is clear and unambiguous
- All third-party data controllers are named
- Information on how to withdraw consent is clear and easy to find
- The communication methods and content addressed to the consumer must then fulfil the purposes stated when consent with given
Consent is only one of the lawful bases under which companies can collect consumer data. It gives consumers a choice whether to be communicated with, and by which channel, and ultimately can build a more trusting relationship when it comes to data transparency.
Remember – when data is collected via consent, and the purpose of collecting that data remains the same, it can then also be used under the legal basis of legitimate interest.
What is Legitimate Interest?
Legitimate interest is when you or a third-party have a genuine reason that makes processing the data necessary, and there are no other interests that outranks your business interest. For example, your organisation may be able to demonstrate a legitimate interest in marketing your goods to existing customers in order to increase sales.
Legitimate interest is another of the six lawful bases for processing consumer data for marketing purposes, in line with the ‘lawfulness, fairness and transparency’ regulations. However, whereas consent is centred around a purpose, legitimate interest is more flexible and can apply to a wider range of consumer communications where needed.
When using consent, the consumer’s relationship with the brand is balanced and based on a transactional agreement. When using legitimate interest, the purposes are often less transparent to the consumer but offers more flexibility for marketing purposes. You can rely on using legitimate interest, if you can show how your use of the consumer data is proportionate, has a minimal personal impact and the consumer is unlikely to be surprised or object to what they receive.
To be clear, within the GDPR itself, Direct Marketing is specifically singled out as a legitimate interest. It is important to note however, that unlike data which has been captured under consent, once data is collected under that basis of legitimate interest it cannot then be used for consent-based marketing.
How to apply a Lawful Bases:
Most lawful bases require that processing is ‘necessary’ for a specific purpose. If you can reasonably achieve the same purpose without the processing, you won’t have a lawful basis. Remember, you must determine your lawful basis before you begin processing, and you should document it. Take care to get it right first time – you cannot swap to a different lawful basis at a later date without good reason.
Your privacy notice should include your lawful basis for processing as well as the purposes of the processing. If your purpose does change, you may be able to continue processing under the original lawful basis if your new purpose is compatible with your initial purpose (unless your original lawful basis was consent). If you are processing special category data, you need to identify both a lawful basis for general processing and an additional condition for processing this type of data.
Overall, both consent and legitimate interest serve a purpose. Consent builds a level of trust and brand awareness whilst enabling communication to consumers. Legitimate interest on the other hand, helps brands target a broader consumer or prospect base. There is no one size fits all when it comes to collecting data, so when choosing a lawful basis take care and don’t be afraid to ask for advice!
Check out more of our blogs on lawful bases or get in touch today for advice on data protection:
It is well over a year since GDPR came into force, but the ripple effects from its introduction can still very much be felt. Especially when it comes to Marketing. Many businesses responded in knee-jerk fashion to the new Regulation and assumed that inactivity was the best course of action to remain compliant and avoid the risk of fines and the brand damage of an ICO investigation.
One of the reasons for this inertia was the confusion both before and after May last year as to which legal basis could be used to communicate with customers and prospects. This was especially the case for the third sector – with many charities deciding to play things safe and cease using direct mail campaigns altogether – even when this has been a core channel previously. This was particularly surprising given that several months before the introduction of the GDPR, the ICO announced in its online FAQ section of advice designed specifically for the charity sector that:
‘You won’t need consent for postal marketing …If you don’t need consent under PECR you can rely on legitimate interests for marketing activities if you can show how you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object.’
Indeed, in Recital 47 of the GDPR it states that processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.
The ICO has stressed that all the legal bases for processing data under GDPR have equal weighting and the first line in the guidance on consent states: The GDPR sets a high standard for consent. But you often won’t need consent. If consent is difficult, look for a different lawful basis!
Erring on the side of caution, many charities chose to ignore this advice and decided to rely on consent for all marketing channels. A notable example is the RNLI who in 2017 announced that they would be moving to opt-in consent alone, most likely as a precautionary response not only to the impending GDPR but also the media critique of fundraising practice at the time. The move saw their supporter base decrease from two million to only 500,000 by 2018 and a fall in legacy income last year. However, they have recently reviewed this policy and have publicly announced that they will be using Legitimate Interest as a basis for processing supporter data from now on.
Direct Mail makes customers feel valued!
In the last few months we have seen encouraging signs of more charities reassessing their campaign strategies and returning to using DM under the basis of LI. Recent research has found that after years of ‘inbox bombing’ and phishing scams, there are issues with trust when it comes to digital communications – 87% of consumers consider mail communications to be more believable. [The Value of Mail in Uncertain Times, August 2017]
The study also found that 70% of consumers indicated that mail makes them feel valued.
Suffice to say – Direct mail is alive and well! Far from being an outdated medium – when combined with latest technology, creatively and thoughtfully put together, personalised and targeted, Direct Mail is and will remain, a relevant and highly effective channel well into the future. And with the ePR looming to replace PECR as the prevailing law governing electronic marketing and creating more legal obligations for digital channels, the status of Direct Mail used responsibly under LI – and other direct channels – will only increase.
So what are you waiting for? Get in touch to talk to us about your next Direct Mail campaign.
At REaD Group we have been helping businesses of all shapes and sizes get great results from Direct Mail for more years than we care to remember. And with the advent of GDPR our services have become even more important and relevant to our clients (from optimising data selections and data quality to campaign reporting and analysis). We’re a safe pair of hands.