My organisation wishes to use GoogleAds to target UK customers. However our current electronic marketing to existing customers is primarily based on soft opt in.
How do others approach this – do you ask customers for consent and are customers relaxed about providing this?
Stephen Lark
Andrea, it all depends on the soft opt-in. Were they given an option in which the opt-in box was pre-ticked and on examination was this a legitimate course of action. If so then this case I’d would lean towards it’s Ok to use google ads. However if the soft opt-in was not declared to the user then for sure I’d say no to the google ads.
Be mindful of the type of ads you are looking to target at the users – make sure they are relevant to the original opt-in. For example if the soft opt-in was justified because they had purchased a holiday then do not try and sell them kitchens!
Andrea
Thanks Dean. I should perhaps have confirmed in the question that the intention is to target existing customers, by providing the details directly to Google. These details have not been collected through our website.
I understand the PECR requirements, and am concerned that Google is acting as a controller here (but happy to be corrected on this) meaning that we require specific consent to pass the details to Google.
Dean
Hi Andrea, it’s true, I wasn’t exactly clear whether it was a case of collecting consent to advertise on a website or a disclose to Google.
We share the same view, that Google would be a controller, due to the amount of decision making and processing that they will conduct, and your organisation will have little say in that. So the question is, how do we obtain informed, unambiguous consent from customers before we disclose their information to Google for targeted ads?
Did your organisation state that data would be passed to Google Ads, or did the organisation collect consent for this when data was initially collected? If not, the passing data without consent is likely to be secondary processing that hasn’t been made clear to the data subjects. Does the organisation’s relationship with the customers allow for a request for consent?
Dean
Hi.
In the UK, targeting people with adverts through electronic channels requires consent. The practice is governed in the UK & EU by the Privacy & Electronic Communications Regulation (PECR), which requires consent for electronic marketing*. The PECR needs to be complied with in parallel with the UK GDPR and the EU GDPR. When I say this I mean that where the PECR requires consent, it is the GDPR’s definition of consent, and therefore standard of consent, that is required.
(*Unless an exemption applies where the person is already a customer, is being offered similar products or services to the ones they’ve already bought/received, and the person has been offered a chance to opt-out of marketing and hasn’t opted out yet.)
If the data for targeted ads is being collected from your website, a cookie & similar technology consent banner is recommended. If you do not have this type of mechanism on your website already, there are plenty of great examples around.