Up to now, the disciplines of direct, digital and database marketing have based themselves on a single common assumption: that the organization is the data manager; that direct marketing is driven by the organization that collects, analyses and uses data in pursuit of its own purposes.

This assumption relegates consumers to a passive role: as a data subject about whom data are collected, and a target at which marketing messages are directed. But now this assumption is being challenged … by the UK Government.

In April 2011, the Government announced a new consumer empowerment strategy called Better Choices: Better Deals.1 Subtitled ‘Consumers Powering Growth’, the strategy covers a diverse range of initiatives: to support collective purchasing in sectors such as energy; to ensure the integrity of consumer feedback and peer reviews (to stop them being hijacked by PR hucksters); to rejig the consumer protection landscape — and to persuade companies holding data about their customers to release these data back to the customer so that customers can use these data for their own purposes.

This aspect of the Government's consumer empowerment strategy — called ‘midata’ — is now gaining momentum. A number of major UK companies have already signed up in support of the project including British Gas, Callcredit, EDF Energy, E.ON, Google, Lloyds Banking Group, MasterCard, Moneysupermarket.com, npower, RBS, Scottish Power, Scottish Southern Energy, Three and Visa (see Figure 1). They are just the first wave. The Department of Business, Innovation and Skills (BIS), which is managing the programme, intends midata to extend to all companies collecting and using customer data. Within three years, it wants every company with customer data to enable the release of data back to customers in ‘a safe, privacy-friendly, portable and re-usable (ie machine readable) manner’.

Figure 1
figure 1

 The first wave of companies signing up to the department of business, innovation and skills’ midata vision

Full size image

Announcing the publication of the Government's midata vision in November 2011,2 Consumer Minister Ed Davey observed that ‘currently, most consumer data is held by service providers, meaning only one side of the customer–business relationship is empowered with the tools of information management.’ midata, he said, would ‘redress that balance’. The goal is to ‘put customers in charge’ so they can use ‘their own personal data to inform their purchasing decisions and lifestyle choices’.

For direct marketers, these developments represent a fundamental challenge (and opportunity) at two levels: theory/mindset, and operational practicalities. The personal/customer data landscape is undergoing a deep structural shift as individuals become managers of their own data (deciding what information they wish to share with who); use information as a tool in their own hands (turning the spotlight of data use on the customer's purposes rather than that of the company); and become natural points of data integration (generating a richer, rounder view of their own lives than any traditional organization-centric database can hope to achieve).

Let us look at practicalities first.

The midata project

Midata is taking a phased approach, developing a four-stage programme called TACT, which stands for Transparency, Access, Control and Transfer.

The core of the Transparency phase is making Personal Data Inventories (PDIs) available to all customers: a comprehensive description of the data the company holds on each customer. PDIs are essential for personal data empowerment because customers cannot ask to see, or get data released back to them, if they do not know what data the company holds. The midata Project Board expects PDIs to be a standard component of all online ‘my account’ facilities within the next 2–3 years, with the first PDIs being released in the first half of 2012.

The second step of TACT is Access. This is where customers can, using established mechanisms for verifying their identity, access not only information about the data the company holds on them but actually see the data itself. For some companies such as Amazon, this is already normal practice: customers can see a complete record of all their transactions with the company for example. But for others, this is new territory.

The third step is Control: letting customers query, correct, update or change specified fields within the database. Again, this is already normal practice with many companies where customers routinely update information relating to email addresses or telephone numbers, for example. But it is not common to all companies, and it could be extended into new areas such as permissions management — letting customers specify when they are willing to be contacted about what, via which channel.

The final step is Transfer, where the customer asks for specified data to be released back to them. Initial data releases, starting in the first half of 2012, will focus on administrative, transaction and usage behaviour, but as midata gains momentum it will broaden to embrace other data sets.

Midata currently envisages three scenarios for data release:

  • Scenario 1: data are released back to the individual's device (PC, smartphone, tablet) for individuals to use as they wish, probably in the form of a simple CSV or XML file. Scenario 1 has the immediate benefit of simplicity (it is not hard to do) but longer term drawbacks: most individuals will not know what to do with the data, and the risks of the data being lost, stolen or inappropriately shared are relatively high.

  • Scenario 2: the individual requests a company or companies to release specific bits of data to a service provider, for the purposes of providing a particular service, for example energy tariff and usage for the purposes of price comparisons. By focusing on a tightly specified set of data, this approach reduces the risk of data loss/abuse (assuming the service provider keeps to data protection regulations and promises).

  • Scenario 3: data are released back to the individual's personal data store or personal data locker: a specialist service set up for the purposes of helping individuals gather, store, manage and share their own data in ways they can control. This scenario empowers individuals with genuine control over their own data, allowing them (or services with permission-based access to the data) to use new combinations of data to create a wide variety of new services. This scenario is unlikely to reach mass penetration soon, and raises questions about the relationship between the individual and the personal data store provider.

To oversee the project, BIS has established a Strategy Board consisting of companies signing up to the midata vision, regulators and consumer groups, plus three Sector Boards covering the main industry sectors of banking, energy and telecoms. There is also an Interoperability Board, consisting of long-standing specialist data companies such as credit reference agencies, new services such as Mydex, the personal data store provider, and consumer privacy groups. The Interoperability Board's task is to take a cross-sector view of data release processes, data security and privacy protection issues.

Plans are already being made to extend the reach of midata to new industry sectors so that all companies holding customer data are releasing data within the next 3 years. If these plans are realized, the UK's personal data environment will be transformed. Given growing international interest in midata, the UK is unlikely to be alone. In the US, the Government has already initiated a similar project called Smart Disclosure3 and the EU is taking a close interest. In fact, if draft revisions to EU Data Protection regulations are implemented, the principle of midata will be established as part of European law.

In particular, the draft regulations update Subject Access Requests by requiring that ‘Where the data subject makes the request in electronic form, the information shall be provided in electronic form, unless otherwise requested by the data subject’.

More specifically, Article 18.1 embraces the principle of midata with a new ‘right to data portability’:

‘The data subject shall have the right, where personal data are processed by electronic means and in a structured and commonly used format, to obtain from the controller a copy of data undergoing processing in an electronic and structured format which is commonly used and allows for further use by the data subject.’4

What started out as a voluntary initiative in the UK alone could soon, therefore, be a regulatory requirement across the whole of Europe.

So how should marketers respond?

Preparing for a new personal data landscape

Marketers need to prepare for a different type of personal information environment. Figure 2 sums up the main features of this environment where individuals act as managers of their own data in many different ways.

  • Trust and identity The first development is new approaches to identity management. To do business in an online world, individuals need to be able to prove they are who they say they are. Historically, we have approached identity management in an organization-centric manner, with each organization establishing its own rules and procedures for checking individuals’ identity (the result being that individuals are now awash with dozens of different passwords, log-in procedures and so on). Now, in its ID assurance programme running parallel to midata,5 the Government is seeding a private sector market for services that let individuals carry their own identity verifications around with them as they travel from place to place on the net. Once the necessary infrastructure and mechanisms are established, there are hundreds of different types of verification that individuals could carry around with them online. They could be provided with secure, encrypted tokens verifying that they have passed their GCSEs or got a first from Oxford (educational qualifications); that they have a licence to drive a heavy goods vehicle or an aeroplane (professional qualifications); that they have this or that credit rating; that they are registered blind or disabled; that they have a valid driving licence, passport, car insurance or CRB check and so on. In this way, individuals will soon be equipped and empowered to share verified information about multiple personal attributes with the organizations they choose to do business with.

  • Information about what's available and possible Over the past few years, search and price comparison have moved from marginal to mainstream as consumers show a voracious appetite for information about what is available on the market. This is not personal data per se, but what each individual searches for and what data they collect and use is highly personal. At the same time, search and comparison markets are increasingly driven by personalized, customized specifications — information about ‘my circumstances, preferences and priorities’. This shift from general information about markets ‘out there’ to personalized information about ‘what I’m interested in’ is cementing indviduals’ roles as information sharing ‘partners’ rather than merely passive targets of marketers’ messages.

  • Released information This is the arena of midata itself, giving individuals the right to access and use information about their transactions, interactions and behaviours for their own purposes.

  • Personal informatics A fledgling industry in its own right, personal informatics services help individuals gather, store and share information about their own lives. The website, the Quantified Self (http://quantifiedself.com/) lists hundreds of different services covering the full range of life activities: how people spend their time, their moods, their physical fitness and activities, energy usage, food intake, health indicators (blood pressure, blood sugar etc). As this industry develops, individuals will become ‘owners’ of rich new data sets that they could share with suppliers and service providers if they saw good reason to.

  • Peer-to-peer information sharing This includes all the information the individuals store and share via social media. It also includes more structured information, such as the peer reviews collected and curated by Reevoo. The rise of social media is forcing consumers to learn about information sharing — do I want to share this information with this person? If I do share it, how might it be used?

  • Volunteered information While historical transaction records or tracking data can provide some insights into consumers, they do not reveal what an individual plans to do next, why they did what they did, or what persona their actions should be linked to. Up to now, all organizational data gathering techniques, including behavioural targeting, has failed to reach or reveal this information. However, new technologies mean that individuals are now able to volunteer information that was previously inaccessible to marketers: information about their goals, plans, priorities, preferences, circumstances and ‘reasons why’. Competition between marketers for access to this volunteered information can only intensify.

Figure 2
figure 2

 The many different ways individuals are now managing their own information.Source: Ctrl-Shift

Full size image

Midata is working within this context of exploding use of information by individuals — an explosion that, in turn, is encouraging the rise of specialist new services to help them collect, collate, curate, manage, analyse and share the information they need to manage their lives better. The challenge for marketers will be how to connect with these day-to-day consumer information management activities in a way that adds value: if ‘precision targeting’ was the direct marketer's mantra of old, permission-driven ‘precision data sharing’ — recruiting the customer as an active information sharing partner — is emerging as the new mantra.

Creating data sharing relationships with customers

In a world where customers are increasingly managing their own data, and choosing who they share what information with, a previously level playing field (where all database marketing companies did basically the same thing: collect and analyse customer data) is suddenly turning very uneven. Companies with trust-based information sharing relationships with customers will have access to rich new data sources and the permission to communicate. Companies without these data sharing relationships risk being left out in the cold — with restricted access and use to customer data, and restricted or non-existent permissions to communicate.

There are three aspects to this emerging competition: trust, the mechanisms and processes of information sharing, and the value both sides get from information sharing.

Trust If individuals are to opt-in, give permissions and volunteer additional information, they need to trust the other party. Earning this trust is becoming a must for marketers. But how?

We can expect a flurry of activity around different aspects of trusted data sharing over the next few years. Some of the hot spots will be:

  • Privacy policies and terms and conditions (the small print). Historically, these have been designed to protect organizations from potential legal liability and to maximize their freedom of manoeuvre within the law. Over the coming years, these documents will be scrutinized more intensely (especially by activists and regulators) and marketers will increasingly see them as opportunities for relationship building. Marketers will use these documents to demonstrate openness and transparency, to explain why their policies and processes are trustworthy, to reassure customers that they avoid certain practices and to send the message ‘you can trust us with your data’.

  • Mechanisms of control. A key part of a successful data sharing relationship is providing customers with mechanisms of control that make it is easy to set and change preferences and permissions. Today's highly limited ‘opt-in’ and ‘opt-out’ buttons will evolve into fully fledged dashboards, allowing customers to give (and withdraw) increasingly granular permissions and preferences including time-based permissions: ‘talk to me about holidays until 1 June, but not thereafter'.

  • Companies will evolve internal policies and culture, staff training and incentives to support these empowering practices.

It is a common fallacy that because ‘nobody reads privacy policies’ customers do not care about what they say. In reality, privacy policies and terms and conditions are currently presented to customers in a way that rubs salt into the wound of powerlesslness: ‘there is nothing I can do about it anyway, so why bother looking? Just tick the box!’ Every time this happens, a little more trust is eroded. Over the next few years, marketers can expect privacy policies and terms and conditions small print to symbolize their brands’ overall attitudes and intentions towards their customers. Kitemark systems for compliance to best practice are already under discussion among midata participants.

Processes and mechanisms: For a data sharing relationship to work, data sharing has to be safe and easy. In a midata world, this will involve a number of developments including:

  • Developing and maintaining systems capable of presenting and updating PDIs.

  • Giving customers safe access to some or all of their data — so they can actually see the data the organization holds about them.

  • Giving customers the ability to correct, add to and update certain data fields such as address and contact details.

  • Log-in and access processes that reassure customers that only they can see these data.

  • Safe and easy-to-use mechanisms for customers to be able to say ‘please release those bits of data back to me or my chosen service provider’.

  • Safe and easy-to-use mechanisms for customers to volunteer additional information to companies — about their preferences, plans and intentions, for example.

Many companies’ initial reaction to this shopping list is to throw their hands up in horror. The complexity! The expense! The other side of the coin is the evolution of technology. Five years from now, a two-way flow of digital information between company and customer will be the norm. The real issue is ‘who is using emerging possibilities for information sharing to best effect?’

Value: Data sharing for the sake of it is a waste of time and money — it will not happen. Data sharing is also unlikely when only one side benefits: why should the other side bother? The pressure is on, therefore, to find the win–win sweet spots where both sides benefit from the exchange. As we have seen, there are many potential benefits the two sides can offer each other. Companies can offer customers reassurance and peace of mind, an empowering sense of control, simpler and easier administration and other processes, the ability to gain increased insight into their own behaviours, advice and decision support, plus new and personalized service and services. Customers in turn can help companies curate their data (thereby improving data accuracy and quality). They can offer enhanced permissions and opt-ins, express preferences, communicate future plans and intentions, as well as share the context of their behaviours, self-target and self-segment. These are insights and data that current approaches to data collection and analytics cannot reach.

The challenge for companies is to identify those bits of data that both sides will get most value from sharing. A part of this is a review of all the data the company holds on its customers from the perspective of customer value — if these data were handed back to or used by customers, what value could they get from it? The other side of the coin is asking ‘what information/insight do customers currently have about their own needs, plans and preferences that they could share with us if they saw good reason to? And what would such a good reason look like?’

The potential benefits of such volunteered information are significant — it reaches the parts traditional data gathering techniques fail to reach, including:

  • Real-time data synchronization, where individuals inform companies/suppliers of ‘changes to my circumstances’ (eg change of address, contact details, circumstances) as they happen rather than letting them be discovered months later.

  • Expressing future plans, intentions and priorities. The ability to volunteer intentions — ‘I intend to move home, buy a new car, go on holiday’ — could transform the dynamics of marketing.

  • Expressing specifications — ‘this is the sort of car/holiday I’m looking for’, ‘this is the nature of my education/health need’. Again, this could drive far-reaching changes to marketing and market research/customer insight and personalization processes

  • Explaining/expressing current purposes and priorities. This could help eliminate large amounts of guesswork and inference from current practices, and enable much more appropriate/relevant personalization of services.

  • Providing context by offering a genuine single customer view (eg my overall financial circumstances, not just my transactions as seen by one particular organization-centric data silo). This extends to the ability to present and define different persona to organizations, which is key to many a marketing insight.

Once the trust and mechanisms are in place, this ability to identify and maximize the potential value of customer data — to both the customer and the company — will become a new competitive battleground.

Reinventing ‘direct’

Looking back from a time when midata is the accepted norm, we will see that long-standing assumptions about direct marketing — that the company is the entity that collects and manages customer information; that the company uses this information to pursue its own purposes — can actually blind marketers to the potential of rich new markets. Three such markets are now emerging.

  • The first market is for personal data management services, such as personal data stores, that help individuals collect and manage their own data, including controlling what data they share with who, for what purposes.

  • The second market is for decision-support services — services that help individuals acquire and use the information they need to make better decisions (as opposed to information deployed to influence consumer decisions in favour of a particular brand or offer).

  • The third market is for ‘life management’ services that gather, integrate and deploy information to manage information-intensive life processes (such as manage my money) and life episodes (such as move home) better.

The common factor uniting these new services is the opportunities for ‘information logistics’ they open up: to share exactly the right information (both ‘to’ and ‘from’) with the right customers at the right time. In the process of researching and making decisions, for example, customers can volunteer information about what they are looking for, when. When managing life processes and episodes such as ‘my money’ or ‘move home’, they are effectively specifying the nature, context and timing of the value they seek.

The dream of helpful, useful, timely, relevant communication has always inspired direct marketing. It may be about to be realized — via a route early pioneers of the discipline never dreamt of, by consumers managing and controlling their own data.