Joint marketing – what are the data protection issues? - Fashion Law

17 Feb 2021

Increasingly, brands are running joint marketing campaigns. Whether it is undertaken to reach a broader audience or improve brand image, the good news is that data protection laws do not prohibit joint marketing campaigns. But the bad news is that these laws impose restrictions as to how these campaigns are carried out.

These restrictions need proper consideration. Relevant steps should be taken to comply as non-compliance with marketing rules is one area where the Information Commissioner’s Office (“ICO”) is particularly hot on enforcement and issuing fines. Enforcement action can also lead to bad publicity and the brand being damaged.

Sending 3^rd party marketing

Fashion brands often collaborate by sending marketing communications and offers relating to each other’s products or services to their respective mailing lists. This approach may seem ideal from a data protection perspective, given that no personal data is shared between the parties. Rather, the parties make use of their existing customer database to the benefit of the other party.

However, there are risks with this approach.

The main law which regulates direct marketing in the UK, the Privacy and Electronic Communications Regulations (“PECR”), applies in relation to both the “sender” and the “instigator” of direct marketing communications. There is no definition of what qualifies as an “instigator” in PECR, but the ICO says that you are likely to be an “instigator” if you “ask” a third party to send communications on your behalf.

As the default position under PECR is that consent is required to send direct marketing by email, the result is that the parties need to consider whether they both require consent from individuals in order to send them marketing communications relating to their partner’s products. Also, under the exception to this rule, while a brand may not need opt in consent to send marketing information about their own products to existing customers, they will need opt-in consent to send information on another brand to their customers.

Brand collaborations

When fashion brands collaborate to release joint fashion lines, what happens to the customer data generated by the promotional activities and sales of those lines? Given how important it is to know your customer base, it is likely that both parties will want in on the data. However, the following issues should be considered:

Is this clearly specified in the collaboration agreement between the parties?
In what capacity will the data be shared? For example, will both parties be able to use the data independently for their own purposes? If so, there are a number of issues to be considered, including:
- On what lawful grounds will the data be shared?
- Are individuals notified that their data may be shared with partner brands?
- Is there a data sharing agreement in place between the parties?

It is also possible that the parties could be “joint controllers” of the data if they will jointly decide how that data is used. For example, this could be the case if the parties have created a purpose built website for selling the products. In such circumstances, the parties would need to enter into a joint controller arrangement to comply with the GDPR.

Lastly, UK and EU businesses should take care if sharing customer data with a partner based outside the UK or EU respectively due to the restrictions on international data transfers imposed on businesses in these territories. In such circumstances, the parties will need to ensure a transfer mechanism is in place for the transfer to take place lawfully and this will usually entail entering into additional provisions referred to as “Standard Contractual Clauses”.

Take home points

Be clear about how you want to use the data generated from your joint marketing activities from the outset. As always with data protection law, being proactive with the steps that need to be taken to achieve your objectives will make your life much easier than trying to react at a later date.
Do not assume you can send 3^rd party content to your customer base – doing so could result in you and your partner violating PECR and put you on the ICO’s enforcement radar.
Consider if any data will be shared with your partner. Data protection law will not usually stop you from sharing data if there is a genuine reason for doing so and you have in place the appropriate documentation to allow you to do so.

Contact us

If you have any questions about these issues in relation to your own organisation, please contact a member of the team or speak with your usual Fox Williams contact.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.

Joint marketing – what are the data protection issues?

Connect with us

Popular insights

Moncrief “handmade in Italy” and “featured in top international fashion magazines” claims found to be misleading

What challenges are fashion brands facing today? Unravelling in-house legal and HR issues

The Digital Markets, Competition and Consumers Act 2024 explained