Learning from the tsunami of repermissioning emails (part 1 of 2)
Back last year, when sharing research on data sharing & trust, I predicted a coming ‘tsunami’ of repermissioning emails by businesses.
I’m sure you are already experiencing that. It probably feels like a reminder of your diverse interests, as so many brands contact you. Some may have a strong customer relationship with you, others you may not remember ever using. Either way, there appears to be a real mixture in the quality & approach of these communications.
As recommended in our two-part series of preparing for GDPR, some are relying on a legitimate interest basis for existing customers. Others are not.
Some seek to engage & educate, others appear to flagrantly try & pass unnoticed.
So, to make use of this email Inbox filling, I thought I’d share some reflections on a variety of such email communications. Below, I review a selection that have recently hit my inbox. Some are genuine repermissioning emails (asking for my proactive, informed, unambiguous consent). Some are the required communication of legitimate interest basis. Each made me reflect on opportunities for improvement, so I thought I’d share those thoughts with you.
To close, in part 2, I will also share a wider review conducted recently by MyCustomer; so you can hear the perspective of others too. Until then, let’s dive into the email tsunami & see what we can learn…
Repermissioning emails: MyAccountantFriend
To start us off, here is a repermissioning email that I received from my accountant:
Below this was also the required footer with contact details & email unsubscribe link. The title of this email was “Want to stay in touch? Then we have to ask… sorry!” In my view, it’s a shame to take such a negative tone about GDPR & consumer empowerment.
But, I was also confused as to why my accountant had seen the “need” to act on proactive consent basis. As a data subject, who already trusts them to manage my accounts, I would have accepted as entirely an appropriate, a legitimate interest basis. Perhaps merging data from accountant system users & optional blog/email subscribers proved to be a problem. Either way, this feels like a missed opportunity to more positively recognise me as an existing customer & keep me informed. This is especially true as I received another copy of this email to another email address, in which my name was left blank. A classic example of why a single customer view & attending to data quality is needed to execute repermissioning well.
Repermissioning emails: IQPC
The next one to share, came from a conference event organiser. I last spoke at one of their events back in 2015 & have had little to do with them since. However, this company chose on that weaker basis to assume a legitimate interest basis for their communication:
Everything from the bland email subject line, “GDPR update“, to the use of grey colour & smaller font – made this email soporific. In fact it felt so boring as to be manipulative. The fact that a legitimate interest basis does not require proactive consent from data subjects, should not be used as an excuse to induce passivity. People should be informed of how you are using their data & informed about their rights in a way that empowers them to take action if they wish.
This really did feel like the other extreme, from the MAF (perhaps) unnecessary consent basis email.
Repermissioning emails: Emerald Publishing
Next is an example that you can also get consent emails wrong. This comes from a publisher of academic papers to which I have contributed.
Now there are things to comment this communication. The email subject, “An important email from Emerald Publishing” does invite attention. However, by starting with just a general statement & link to privacy notice, it is not at all obvious that consent is needed to receive further communications.
On a busy day, I could easily have passed this by, assuming it was another legitimate interest communication. However, closer reading of paragraph two, reveals that this is a proactive consent seeking, repermissioning email. That basis is probably appropriate, as I am not a customer of this business, nor an active user. But, I’ll be surprised if they achieve a high response & consent rate, given the lack of button or visual call to action.
Repermissioning emails: Barracuda Search
Moving back to an example of legitimate interest basis emails, here is one from a business that I don’t remember ever using.
Below, what I’ve shown above, are the contact details of an individual. I have mixed thoughts about this communication. On the positive front it it brief & has obvious contact details. On the negative, it starts with the title “Data Privacy Inform Notification from Barracuda Search Limited“, which is not only boring, I’m not sure what it means.
More seriously, this email fails to make clear the rights & actions that data subjects can take. Just including a link to a long privacy policy, is not a ‘plain english’ way of either explaining the data processing you are doing, nor the rights that data subjects could choose to exercise. Brevity is nearly always good, but here more is needed.
Repermissioning emails: Barracuda Search
That’s not for this post. One that has focussed more on work related emails. In part two, I will turn to those GDPR related emails that I’ve received relating to other parts of my life, like running & eating.
What do you think? Do you have any thoughts to share on the above examples, or emails that you’ve received? If so, please share below or on social media. You can also contact me directly, if you’d like to send me examples of emails to feature in future posts.
Let’s keep this conversation going. Engaging data subjects with effective & empowering email communications won’t end as a challenge on May 25th. Rather, it is part of a whole new data sharing relationship & CX experience, built on & working towards greater trust between consumers & businesses. Something many of us will keep working to improve, perhaps for the rest of our careers.