Skip to content

Social Media – a reminder of the obligations inherent in social media – and other data privacy issues

I was at the fascinating Social Media Content SA Briefing event held last week by Marketing Mix in Joburg. Lots of interesting insights of relevance to ecommerce. One comment though reminded me of how important it is to be attentive to comments you can receive via your social media presence. The speaker stressed the need to learn from the comments which customers make, including complaints, such as “You are spamming me and I don’t want to receive emails/SMS from you again”. Beware, if the customer says this on your FB page, or in response to your Tweets or Instagram page, they haveopted-out of marketing from you and you must remove them from your marketing list even if they are a good client, otherwise you will contravene the POPIA Regulation laid down by the POPIA Regulator last year.

As a reminder, a customer “opts in” to an e-shop by providing their details “in the process of a sale” (and that means even if the sale does not go through), so ecommerce companies have this “soft” opt in provision, unlike direct marketers who must get a specific opt in. However, whether the customer has specifically opted in or just provided their data in the process of a sale, the moment they opt out their name and details must be blocked and removed from all marketing lists by the e-merchant until or if they opt in again. Which is why it is always wise to reduce the opportunities for your customers to complain (and avoid spamming your customers with too many messages!).

Meanwhile, in Europe the UK Privacy Regulator (the ICO) is investigating how personal data is used in real time bidding (RTB) in programmatic advertising. What the UK Regulator says is worth quoting, because we know there is a close relationship between the SA POPIA Regulator and the UK Regulator. “We have focused on RTB due to its complexity, the risks it poses and the low level of data protection maturity we’ve found through some of our initial engagement. Whilst we accept that RTB is an innovative means of advertisement delivery, our view is that, in its current form, it presents a number of challenges to good data protection practices. We have prioritised two areas: the processing of special category data, and issues caused by relying solely on contracts for data sharing across the supply chain. Under data protection law, using people’s sensitive personal data to serve adverts requires their explicit consent, which is not happening right now. Sharing people’s data with potentially hundreds of companies, without properly assessing and addressing the risk of these counterparties, raises questions around the security and retention of this data.” [my italics].

I would like to draw readers’ attention to the secondary uses of the data you collect on your customers during “the process of a sale”. If you are outsourcing the processing of data you collect or are outsourcing your marketing, please ensure that you have a strict contract with your suppliers to prevent them from using that data for any other purpose than your own marketing/customer services. Failure to have a strict, no disclosure contract could make you liable for any privacy infringement.

Posted in

Shahrain Coovadia

Shahrain Coovadia is a Cyber Security Consultant at Deloitte, South Africa. Prior to joining Deloitte she started a web-design studio, and worked at the University of Cape Town as a teaching facilitator. Shahrain graduated from the University of Cape Town with a Bachelor of Commerce Honours specialising in Information Systems. She currently facilitates web & database management for Ecommerce Forum South Africa (EFSA).

Leave a Comment

Become a member

Join the Ecommerce Forum South Africa and benefit from industry insights in South Africa and Africa.

Sign up to newsletter

Sign up to our newsletter and stay informed of the progress we are making at the Ecommerce Forum South Africa with government during Coronavirus.