This article by Alex Hardy, a Freeman of the Stationers' Company, was first published in The Bookseller on 14 October 2013.
Organisations such as Google and Amazon have built an industry around consumer data; publishers are still very much in the experimental phase of collecting, analysing and putting data to work in their businesses.
In UK law, the definition of “personal data” is broad—typically capturing individuals’ names and addresses, but also other types of data such as IP addresses and internet browsing behaviour. Publishers’ collections of personal data were once limited to not much more than that of their employees, their authors and those consumers who provided their information for marketing mailing lists or prize draw competitions. Now, publishers are encountering consumer data more than ever before, whether as a result of strategic marketing decisions or simply as a by-product of their increasing consumer-facing activities such as digital marketing and direct retailing of e-books.
Any organisation in the UK handling personal information about individuals has to comply with the UK’s data privacy laws. Briefly, this means companies must aim to minimise the data they collect about individuals, use the data for the purposes they have specified (and share it only with third parties they have specified, too), and keep the data secure and retain it only as long as is necessary, amongst many other specific requirements.
Consequently, compliance with data privacy laws is an ongoing process rather than a single exercise. Organisations that fail to keep their data activities in check have suffered civil and criminal penalties, including government audits and monetary fines.
European data overhaul
Managing data privacy in accordance with data protection laws is just one of the responsibilities publishers must take on as they continue to move from a B2B to a B2C business model. It is a crucial responsibility with legal, financial and reputational consequences for those organisations that get it wrong. In Europe, the regulatory burden of managing consumer data is set to increase very soon.
Europe is about to experience a regulatory overhaul of data privacy laws designed to strengthen online privacy and harmonise data protection rules within the EU. These laws, expected to be adopted at the end of next year, give new rights to individual data subjects and promise heavy penalties for organisations that, intentionally or otherwise, fail to respect those rights. The current draft law allows for fines of up to 3% of a company’s global turnover for breaches of the law.
A number of the big publishing houses have this year hired consumer insight directors and data analysts to help them address the increasing amount of information available about their readers and customers. While these hires reflect a change in business practices at the top, the new EU laws require an understanding of data privacy that is pervasive throughout organisations.
However, it’s not just about addressing data as a privacy issue or legal problem.
Publishers are also recognising it as a business asset waiting to be exploited. In the past year, lawyers have increasingly been consulted about the transfer of data as publishers sell or merge parts of their business. Commercial ventures brought about by trading data are also on the rise. Retailers have traditionally been the link in the publishing chain between the publishers and consumers. They now offer opportunities to gain access to valuable consumer data in exchange for publishers’ content.
Using data as a business asset provides an even greater incentive for publishers to ensure that data is collected fairly and legally from the outset. A commercial agreement to transfer data—such as from a publisher to a retailer as part of a sales promotion—will normally require the publisher guarantees they have collected the data in accordance with the law, often promising to be liable to the authorities in the event a customer complains about the use of his or her information. Equally, an e-reader platform providing readers’ data to a publisher will normally restrict the publisher’s use of the data, depending on the privacy terms the readers have signed up to.
Developments in e-commerce and technology mean publishers and authors have the opportunity to know more about who is buying a book and what they do with it after purchase. This knowledge brings responsibility. Publishers have the chance now to get it right as they design and plan ahead for the future.
Alex Hardy is a solicitor at Harbottle & Lewis LLP