tadamichi - Fotolia

Affiliate marketing industry failing on privacy compliance

The affiliate marketing industry needs to clean up its act in terms of privacy law compliance, a review of more than 900 websites has revealed

The Unsolicited Communications Enforcement Network (UCENet) has found that the affiliate marketing industry has significant issues to overcome in terms of compliance with rules concerning privacy and unsolicited communications.

Affiliate marketing is a commercial arrangement allowing a company to generate business by allowing other organisations or “affiliates” to promote their products or services.

For example, an online retailer may pay commission to an external website for traffic or sales generated from its referrals, by hosting links on its own site or sending links out via email or text message.

An investigation by UCENet, involving nine agencies from five countries, reviewed 902 websites and examined 6,536 consumer complaints related to affiliate marketing in their respective databases.

The issues found in the sweep included an apparent lack of self-regulation, lack of consent, misleading advertising and issues around affiliate marketing platforms.

A majority of participants noted that most of the publicly available terms of services between the affiliates, merchants and affiliate platforms lacked appropriate unsolicited communication guidelines establishing what is permissible.

Some participating countries that have an opt-in unsolicited communication regime noted that affiliates generally do not possess the consent of the consumer to send electronic communications.

Read more about the GDPR

Many participants noted the prevalence of misleading advertising in the affiliate marketing ecosystem. Within minutes of beginning their research, sweepers were exposed to some form of misleading advertising.

The investigation also notes that some affiliate marketing platforms, which operate as a third party agent handling interactions and payments between merchants and affiliates, have a short lifespan – often less than a year – and conceal their physical location, potentially making enforcement a challenge.

Of the 902 international websites visited during the sweep, 221 were flagged for further action. However, the operation also found many examples of good practice in the industry, demonstrating that compliance with laws on unsolicited marketing can be achieved.

The UCENet Sweep 2017 was jointly led by the UK’s Information Commissioner’s Office (ICO) and the Canadian Radio-Television and Telecommunications Commission (CRTC).

UK information commissioner Elizabeth Denham recently addressed the issue of consent in a presentation to the Direct Marketing Association (DMA) Data Protection 2018 event in London.

“It seems to me that a lot of energy and effort is being spent on trying to find a way to avoid consent. That energy and effort would be much better spent establishing informed, active, unambiguous consent,” she said.

Losing customers

Marketers are concerned the new EU and UK data protection regulations will result in the loss of customers, but Denham said she believes the new rules will bring better engagement with customers, enabling marketers to be better able to direct more targeted marketing to them. “You will have complete confidence that your customers have given informed consent,” she said.

Until the e-privacy regulation comes into force, the current Privacy and Electronic Communications Regulations (PECR) will sit alongside the GDPR [General Data Protection Regulation], which means electronic marketing will require consent, said Denham.

“Yes, there is potential to use legitimate interests as a legal basis for processing in some circumstances, but you must be confident that you can rely on it,” she said.

Read more on Privacy and data protection