What is the ICO up to these days?

Around for longer than a lot of us might think, having been formed in 1984, the Information Commissioner’s Office is “The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals”. It has over time been responsible for the enforcement of planks of legislation that are key to the functioning of a dynamic and responsible market research industry: Starting with the first Data Protection Act of 1988, through the 1998 extensions to the act of 2018 which we all refer to as the General Data Protection Regulation (GDPR).

On the face of it, the ICO is busy and effective in what it does. Since October 2018 it has fined and ordered fundamental changes on 52 occasions, however the bulk of these (25) have come since October 2020. Whether this is related to Covid is for another blog, but we can see from some of the companies involved – Uber, Facebook, Experian, British Airways, Cathay Pacific, Ticketmaster – that household names are not immune from scrutiny or punishment.

So then, what is it doing for market researchers specifically? Does it maintain privacy on our behalf as private citizens? And can it help establish best practice in such a rapidly changing landscape, where the notion of privacy is fluid to say the least?

Quite possibly the notion of privacy has many more faces than can be managed by the ICO and certainly the Covid crisis has seen the UK in some senses become less averse to sharing personal information. Fancy a pint in your local, a sit-down meal in a restaurant? Use one of the track and trace apps or give your details in writing. Perhaps you’d like to go to the cinema; in which case, use track and trace or fill-in your details. Note also the proof of vaccination that many of us now carry. These are only three examples for individuals, but we can see other forms of identity being shared in the public domain and with a benign purpose behind them. Police officers and many roles in public service spring instantly to mind. And so too, do market research interviewers. There is then, no one size fits all when it comes to privacy.

In many respects, GDPR and its predecessors have had little direct effect on the business of Market Research because the activity has always been reliant on the key principle that all data as collected from respondents will be retained in complete confidence. With the growth of computers, the 1988 act saw the introduction of maintaining data files separate from files containing contact details of respondents, primarily as a way of improving compliance with the industry code of practice, partly as a result of pressures from international researchers, particularly from Germany. As far as I am aware this was not ever specified as a legal requirement in the UK and one wonders what steps banks and others take to separate transaction data from contact data!

Ignoring that, the other principle that research has always relied upon has been that respondents will be truthful. This was easier to believe in the good old days of exclusively face to face data collection but has become increasingly questionable, as we have moved through using telephone contact methods to now mainly online work, possibly amplified by the increasing use of financial incentives to obtain responses. The reliability of responses has become a critical concern for research with the result that irrespective of data protection, research often needs to verify the respondents as being bona fide.

Frankly, whilst the ICO does fly the flag for individuals versus corporate bad practice and incompetence, it does little to nothing to assist us with encouraging people to see Market Research as a different and legitimate activity. Although we as market researchers are allowed considerable freedoms from aggressive oversight – primarily because, considering the size of data files as controlled by those mentioned in the second paragraph of this piece, any transgression is likely to be comparatively insignificant in numerical terms. But also, adherence to our code of conduct and ethics provides us with considerable latitude under the legitimate interest rule.

But if we want people to help us with our work, we as market researchers will need to put much more effort into explaining the value of what we do so that people do not confuse us with fraudsters and others whose demands on their time may seem indistinguishable from our own approach.

To learn more, please contact us by clicking here.