Customer data is the lifeblood of a company’s marketing strategy. But while marketing departments want to collect as much data as they can and use it forever, local privacy laws often won’t allow this. Companies must remain within strict guidelines. But even within these guidelines, marketing experts might find their new best friend: legitimate interest.
The legal term “legitimate interest” appears only in the EU’s privacy law, the GDPR. However, the concept is present in several other prominent regulations.
The GDPR lists six acceptable reasons to process a customer’s personal data:
Unlike the GDPR, California’s privacy law doesn’t have a list of acceptable reasons to retain or process customer data. However, the CCPA (California Consumer Privacy Act) still places restrictions on businesses’ usage of the data in question.
CASL, the Canadian Anti-Spam Law, is far simpler than either the CCPA or the GDPR. CASL is primarily concerned with blocking spam or malware-ridden emails. In practical terms, the law focuses on making sure companies restrict their email marketing to a specific window of time. A consumer not interested in their products can simply not reply to their emails and wait for their permission to expire.
CASL lists two circumstances under which companies may send marketing emails to consumers:
All three privacy laws contain some concept of legitimate interest even if the term itself doesn’t appear. And for our purposes, this principle is the most important. The European Commission defines legitimate interest in this way:
“Your company/organisation has a legitimate interest when the processing takes place within a client relationship, when it processes personal data for direct marketing purposes, to prevent fraud or to ensure the network and information security of your IT systems.”
Conventional marketing measures would say that making a purchase or taking advantage of an offer demonstrates legitimate interest to be contacted frequently, and for a long time. But a detailed understanding of most relevant legislation shows that’s not the case. Privacy laws are concerned with the customers’ interests above all else—and most customers don’t want to be contacted forever.
The three privacy laws discussed above are the most famous and influential, but they’re far from the only ones. Virginia passed its own privacy law recently, as did Brazil. Large-scale businesses with customers around the globe have felt the effects of increasingly restrictive privacy legislations. Legitimate interest, while not exactly a loophole, allows you to continue your marketing efforts without breaking local privacy laws or annoying your customers.
Are you using legitimate interest correctly in your marketing strategy? Get in touch to start improving today.
This blog post is an excerpt from our white paper “Reinventing CTAs in a Privacy-Conscious World”. Download and read the full white paper here.