Mum’s the Word

A few days ago, the organisers of the Parklife Festival in Heaton Park in Manchester sent out badly spelt text messages to those who had booked to attend. The Manchester Evening News reports that the texts purported to be from the recipient’s mum, but in fact were a plug for the festival’s after parties.

A running theme of this blog is the way in which organisations sometimes overlook or ignore the rules in order to win business, and the casual intrusion and impoliteness that this represents. Assuming that the story is accurate, I think the Parklife organisers may have breached both the law and the advertising standards code (the CAP Code).

Of course, for starters, the festival organisers need consent from recipients to send them text marketing. This has to be active, clear consent, and not some bollocks buried in the T&Cs. Even if they can satisfy the so-called ‘soft opt-in’ (where messages for similar products and services can be sent subject to an opt-out), this would need to have been done explicitly. The fact that a person has booked tickets or expressed an interest would not be enough to infer consent. Parklife’s organisers may well have done this, but given the other problems, it’s a reasonable question to ask.

Regulation 23 of the Privacy and Electronic Communications Regulations states that a marketer cannot ‘disguise or conceal‘ their identity. By sending what is in fact a marketing text in the guise of a message from Mum, Parklife’s organisers have apparently breached this section. As the MEN points out and the BBC have confirmed, some of the recipients will have lost their mums, and so a text message from ‘Mum’ isn’t just crass marketing, it’s distressing. Whether or not the ICO will take action is a matter for them and presumably, may be based in part on whether they get any complaints. However, if they do take action, the NME reports that Parklife’s organisers have already apologised for ‘unnecessary personal distress‘, which would presumably be a factor in any proposed PECR civil monetary penalty. A CMP can only be issued if the communication would or would be likely to cause substantial damage or distress, which seems like a high threshold. However, getting a text message from what seems to be your dead mother is probably the kind of thing that CMPs were designed to address, especially if the text arrives the day before the deceased’s birthday.

As well as PECR, many marketing communications are covered by the CAP Code, which is enforced (to the extent of forcing advertisers to withdraw offending items) by the Advertising Standards Authority. The CAP Code has a number of interesting sections:

3.1 Marketing communications must not materially mislead or be likely to do so.

+

3.3 Marketing communications must not mislead the consumer by omitting material information. They must not mislead by hiding material information or presenting it in an unclear, unintelligible, ambiguous or untimely manner.

+

3.5 Marketing communications must not materially mislead by omitting the identity of the marketer.

+

4.2 Marketing communications must not cause fear or distress without justifiable reason

And finally, just for good measure,

4.3 References to anyone who is dead must be handled with particular care to avoid causing offence or distress.

I’m not as familiar with the CAP Code as I am with DP and PECR, but this sounds like a fairly open and shut case.

The MEN reports that Sacha Lord, who runs the company behind the festival tweeted ‘So this is what it feels like to be a jar of Marmite! #LoveItOrHateIt’. I’m certain it’s more what it feels like to be a bellend, but it may be more than that. Any of the folk who received this moronic marketing may wish to consult with the ICO‘s website, or that of the ASA. It’s also a good example of where marketing law isn’t complex or confusing, as some marketers and their apologists like to claim. You don’t send text messages that look like they’re from people’s mum, especially because she might be dead. 

Replace ‘I’ with ‘A’ and it’s funnier

A lot of people who I know – regardless of politics – admit having a soft spot for Boris Johnson. When playing the left-leaning parlour game of “Name A Senior Tory You Wouldn’t Slap”, Boris seems to win out quite a lot (I’m virtually the only person I know who likes Eric Pickles). I’m a member of the Mercutio* party anyway, but Johnson never gets my vote. I don’t know if it’s the self-conscious hair, his exceptionally grating silly ass persona, or simply the fact that despite being a calculating and ideological politician, he has convinced so many that he is some sort of cuddly figure of fun – whatever it is, I can’t stand him.

However, I enter the ‘Twittersnatch’ debate not merely to have a pop at the current Mayor of London. After all one of the problems with the current mayoral battle is that, for my money, it resurrects the gag from the 1960 US Presidential election (‘be thankful only one of them can win’).  In my view, the appropriation of the Mayor’s following and the ‘so what’ reaction of Johnson’s people demonstrate that politicians still don’t understand social media or data protection.

The story goes like this: Boris Johnson’s Twitter account was @MayorOfLondon. In order to campaign for re-election, he changed his Twitter name to @BorisJohnson, taking all of his followers with him: http://www.bbc.co.uk/news/uk-politics-17450985. Following a flurry of criticism, a new account was born (@BackBoris2012), and only those who followed that new account will receive the campaigning tweets. If at this point, you’ve lost interest, I don’t blame you. This is not a titantic struggle of ideals, but a playground squabble.

However, what is the Data Protection angle in this spat? Guido Fawkes pointed out (somewhere that I can’t bloody find and will correct when I do!) that Johnson apparently brought many of his followers with him when the @MayorofLondon account was created, so surely, they should have expected whatever promotional guff spews from the excited fingers of whichever Damian or Jemima is operating the account on any given day?

I’m starting from the presumption that a twitter name is personal data. It’s unique, it applies (mostly) a living individual and in most cases, the living individual can readily be identified from the profile page. Many of the @MayorOfLondon followers will be clearly identified as real people merely by knowing their twitter name. I’m told that the @MayorOfLondon account was used as a GLA tool to promote the ceremonial or London-plugging elements of Johnson’s role, so anyone who followed it would have a reasonable expectation that their data (the twitter name) would be processed solely for that purpose. Even if this was a promotional purposes, it is obviously different from the aim of getting Johnson re-elected. The Data Controller of that twitter account – if used to promote the Mayoralty and not Johnson the Conservative politician – was the Greater London Authority. The Data Controller of the Boris Johnson account – if used to get him re-elected – would either be Johnson, the Tory Party or some campaigning hybrid of the two.

Twitter, like most social networks, is a strange world that doesn’t easily fit into the neat definitions of Data Controller or Data Processor – Twitter can’t be the latter because it just sold two years of tweets to Datasift, a company with a name so explicitly Orwellian I have to assume it’s an elaborate corporate joke. Nevertheless, within the overall portal / umbrella, a corporate outfit / campaigning politician asking for personal data in order to send out messages is a data controller to the extent that they decide what happens to their following. They should not act in a high-handed manner, and cannot ignore UK law. Followers cannot fairly be shunted over into a channel devoted to a political purpose without some explicit opt-out (at best). The first Data Protection principle demands that the use of personal data is fair, and it isn’t fair to completely change the purposes for which you process a Twitter follower’s name.

For that reason, I think it’s at least arguable that the data of any identifiable Twitter user was used unfairly, assuming they were individuals as opposed to corporate users like @angrybirds or imaginary ones like @pobgovebot, and especially if they signed up during the @MayorOfLondon phase, rather than being moved over from a previous Johnson account. I can’t imagine that the Information Commissioner’s Office will weigh in heavily now, nor is there much point in them suddenly finding their ass-kicking gear. But if this is the last idiotic wheeze that comes out of either side of the Livingstone / Johnson smackdown, I will be very surprised.

The problem is, in my experience, people involved in politics tend not to know much about data protection, and even less about direct marketing. It’s worth noting that Labour, the Liberal Democrats, the Conservatives and the Scottish Nationalist all have enforcement notices against them from the Information Commissioner’s Officer under the Privacy and Electronic Communications Regulations, forcing them not to make automated telephone calls unless they have explicit consent: see here. A breach of any of these notices would result in prosecution. This despite the fact that everyone I have ever met hates automated calls, even if they feature the voice of Liz Dawn or Sir Sean Connery. Rather than (in Helen Lewis’ apposite tweeted phrase) clutching their pearls in shock, the people responsible for the Twittersnatch should have admitted that it was a clumsy and unreasonable thing to do. And it’s only because they backed down that they didn’t get deeper into the DPA mire.

* Read ‘Romeo and Juliet’ if you didn’t get that reference, or better yet, find a production of the play and see it. This will be the most constructive thing you’ll ever do as a result of reading this blog.

Facebook posts can mean prison

When I lived in Wigan, the most common response to seeing a copy of the local weekly, the Wigan Observer, was to turn to the page that showed who had been up in front of the magistrates. Like most people, what I wanted to know was whether anyone I had been to school with had broken into a shed or got drunk and hit a policeman with a fire extinguisher. In recent days, the Manchester Evening News, normally a paper with a rich and varied coverage, has been transformed by marathon court sittings into a multi-page version of the same thing. It’s an endless succession of self-destructive anecdotes – the guy identified by his Batman jumper, the chef who stole a camera ‘because he did not have one’, and the squaddie who tried to sell a £2000 Les Paul guitar that he claimed he had bought during the riots.
Today, I assume the MEN will go for the comparatively huge sentences for two chaps in Cheshire who tried (and thankfully, failed) to use Facebook to incite riots in Northwich and Warrington: http://tinyurl.com/3utotsu. However, the story is an object lesson in how so many people do not understand social media or electronic communications.
I’m paranoid. As far as possible, I never write anything in an email that I wouldn’t want to have broadcast. I had an email exchange recently where a friend sent increasingly rude and abusive jokes about a third party we both know, and all of my responses were basically “                    “ . I didn’t want my opinions on record, especially as the tone of an email is incredibly hard to judge.
On the other hand, Facebook, instant messaging and email allow some parts of society to extinguish the concept of an unexpressed thought. The Daily Mail is a rich seam of stories about people saying ridiculous and damaging things on Facebook and similar sites – the teacher who criticised her pupils http://tinyurl.com/3c65fkx or the girl sacked after describing her new job as ‘boring’ http://tinyurl.com/d4h9c5. The Mail still hasn’t thought of different way of illustrating these stories than asking the subject to pose in front of a computer, as if it’s impossible to understand the situation otherwise. In both of these cases, people’s careers are damaged; in others, (a quick Google search will show you many), people also get sacked, or damage their reputations or ruin their family lives.
Fast forward to today, and we see these two young men going to prison (and the Mail has another one here: http://tinyurl.com/4xpowny. Meanwhile, the DisabledGo News blog reports Facebook comments allegedly made by employees of Atos, the firm delivering the work programme, describing disabled clients as ‘parasitic wankers’ and ‘down and outs’: http://tinyurl.com/3bpvb66. This could have consequences both for their careers, and for the company’s contracts.
I’m far from the first to say this, but much as social media has connected the world in new and interesting ways, it has also opened the door for a lot of people to cause themselves huge damage. No matter who you are, the lesson has to be learned: THINK BEFORE YOU TYPE. Who might read what I have said? How might it be misinterpreted? Can I trust the recipients not to forward it on to everyone they know? Facebook encourages lots of friends, while an email is the ultimate form of portable, airborne information.

The Information Commissioner says you can do FOIs via Twitter

I am not the most enthusiastic fan of social media. I love new technology, but at some point I associated social media with children (I know, I was wrong), and only now do I see the error of my ways. I use Facebook solely for the purpose of entering competitions, I have just this evening started using Twitter properly, and that’s about it.

So when the Information Commissioner’s advice that it was acceptable to use Twitter to make FOI requests emerged, I wasn’t a happy anorak. Is it really unkind to see it as the regulatory equivalent of Dad Dancing, something to show that the ICO is down with the kids? Every time I’ve run an FOI course in the last 18 months, I have mentioned to my punters that it was entirely possible that a tweeted FOI was a legitimate one, but my heart sank every time I said it. Twitter is instant, urgent, of the moment, and for the most part, it’s transitory. The little box into which one deposits a tweet says ‘What’s Happening?’, not “What Do You Want To Know In 20 Working Days Subject to a Rigorous Process of Searching and Decision Making?”
An FOI request doesn’t have to be huge and momentous, but it should be considered. It should be thought through. I would defend to the death the right of people to make justifiably silly or trivial FOI requests (if the person who asked the Foreign and Commonwealth Office how much they spent on Ferrero Rocher ever identifies themselves to me, I promise to buy them a drink), but especially in the current climate, it’s not unreasonable to ask FOI requesters to ask themselves: what do I want to know, why do I want to know it, and am I asking the right person? 140 characters might oblige some FOI requesters to boil their queries down into coherence (some users of What Do They Know really need a word limit), but equally, it might just encourage people with itchy tweeting fingers to go crazy with a swarm of FOI one-liners.
Time will tell whether this will amount to anything. But as an experiment, I have just made an FOI request via Twitter to the Information Commissioner’s Office. After all, it’s always nice to see them following their own guidance.

I would say that it’s equally nice when they don’t follow their own guidance, but of course *that never happens*.