The Information Regulator’s doomsday clock hit 0, life as we knew it changed. 1 July 2021 finally came. The re-consent pigeons were sent out and organisations joined in the communications assault with their weaponised bulk emails telling us that they respect our privacy. Oh, but the irony…as many people didn’t even know these organisations were processing their personal information in the first place.
ATTACK OF THE DATA SUBJECTS
Rumours are rife. POPIA, they say, is only directed at protecting the rights of data subjects; some even say that POPIA will kill direct marketing. Well, let’s bust those myths right now.
POPIA is about balance. The Act is clear, we must protect the constitutional right to privacy and guard against the unlawful collection, retention, dissemination and use of personal information. But dig a little deeper and you’ll see that the Information Regulator must also consider the interests of public and private bodies in efficiently achieving their objectives (yes, even the commercial objectives).
THE RISE OF THE TELEMARKETER
“Come on, baby, do the magic lead-generation thing”
Generally, responsible parties must always collect personal information directly from the data subject. This gave rise to the myth that telemarketers are not allowed to obtain information about data subjects from third parties.
We’re saying, hold your banthas; there are several exceptions to this default rule. When the appropriate exception applies, you are allowed to collect personal information from third-party sources under POPIA.
Telemarketers are allowed to generate leads from third parties if:
– the personal information is in or is derived from a public record;
– the data subject deliberately made their personal information public;
– the telemarketer can demonstrate that collecting the personal information from another source does not prejudice a legitimate interest of the data subject;
– it is necessary to maintain the legitimate interests of the telemarketer or another third party;
– collecting the personal information directly from the data subject prejudices a lawful purpose of the collection;
– collecting the personal information from the data subject is not ‘reasonably practicable in the circumstances…’; and
– the data subject consented to the collection of their personal information from a third party.
“Consent you must have, my young Padawan”
Wrong you are! Consent is not the only legal basis for processing personal information for lead generation.
The responsible party must be able to justify the processing of personal information based on one of the legal justifications of POPIA. For telemarketing or for doing something marketing related, you may be able to use one of these legal justifications if you need to process personal information:
– to meet your contractual obligations;
– because you have a legal responsibility;
– to pursue the legitimate interests of the responsible party or of a third party to whom you supply the information; or
– because the person whose personal information you are processing, or a competent person on behalf of a child, gave you consent.
Hint: Marketing related activities are recognised in other jurisdictions as a legitimate interest, as in ‘the legitimate interests of public and private bodies [to achieve] their objectives in an efficient way’.
“Always pass on what you have learned about telemarketing”
Direct marketing and telecommunications play a big role in the South African economy. No wonder then that telemarketing was left out of the direct marketing section of POPIA. We say this because section 69 only applies to electronic communication – and telephone calls do not form part of electronic communication.
A close examination of the South African Law Reform Commission’s Report reveals that the Department of Trade and Industry (DTI) made a calculated decision. The DTI not only wants to promote local call centres, it wants to offer incentives to attract more call centre business to South Africa, and to ensure that vulnerable consumers would still have access to goods and services through telemarketing. That’s why the Commission recommended that ‘a regulatory framework for direct marketing be promoted that will balance the rights of consumers not to be targeted unreasonably, with the right of businesses to communicate effectively with the public’.
The Constitutional right to freedom of expression includes the freedom to ‘impart information’ (section 16(1)(c)(iv)). In addition, section 22 establishes the right to choose a trade, occupation or profession, and section 32 establishes the right to access to information. The SALRC balanced these rights with the right to privacy, and added that it is important to note that it is widely recognised by political and economic commentators that economic growth is essential for the realisation of social and economic transformation in South Africa. Fair marketing practices designed to approach, inform and retain customers must accordingly be regarded as of critical importance to the growth of the South African economy.
The result was an opt-in regime for unsolicited electronic marketing (like an email and SMS), which would operate alongside the opt-out regime in the Consumer Protection Act 68 of 2008 (the CPA) for other forms of marketing (like telemarketing).
THE PROFIT AWAKENS
“The companies most adaptable to change will thrive. Business with a well-funded value proposition and insightful campaign planning will have a clear edge over those who’ve historically been reliant on simply hitting enough eyeballs to make the numbers work. It is Darwinian Theory applied to marketers” – Gee Ranasinha, CEO of Kexino.
So why can’t we do this by putting privacy first?
THE PERSONALISATION MENACE
Consumers want personalisation. According to a study, 80% of consumers would rather do business with you if you offer personalised services. The same study tells us that 83% of consumers are willing to share their personal information to enable a personalised experience as long as you are transparent and give consumers control over their information. And with control we mean full control, not just an illusion of control.
THE PRIVACY ACTIVES AWAKEN
There are consumers who would abandon companies over data practices – they’re called Privacy Actives. Privacy Actives care about privacy, they’re willing to act to protect their privacy and will switch brands if they don’t agree with a company’s data practices. According to this study, 29% of consumers are Privacy Actives who are willing to abandon social media companies, phone providers and retail companies to get better control of their privacy.
THE LAST BALANCING ACT
So, how do we balance privacy and personalisation? If brands aim to be more transparent and ethical in the way in which they process personal information, they can achieve this balance. Of the customers who reported an invasive brand experience, 64% said it was because the brand had information about them that they didn’t share knowingly or directly.
RETURN OF THE MARKETERS
Being an efficient telemarketer is first prize. But at what cost? An efficient marketer and organisation must be fair, honest, trustworthy, transparent, loyal and careful. That’s why telemarketers and organisations can use POPIA and better privacy practices to bolster their profits, because POPIA encourages responsible parties to carry out their business operations and make profit (with some changes here and there).
Yoda once said, “If you end your training now, if you choose the quick and easy path, as Vader did, you will become an agent of evil.” We must choose to be good marketers working within the confines of POPIA. Light, or dark? Which side will you choose?
You can now download the free chapter about direct marketing in Over-Thinking the Protection of Personal Information Act: The Last POPIA Book You Will Ever Need by Elizabeth de Stadler, Ilze Luttig Hattingh, Paul Esselaar and Jessica Boast.