Third Party Problems

Many event organisers are now using third party tools to encourage visitors to share registrations online and to help them increase registration numbers. But if you use a third party service, are you absolutely sure that you know what they are doing on your behalf?

I recently received an email from a well-known UK retailer – reminding me that I put items into a basket and then abandoned it. I found this a bit creepy because I’d never knowingly given this company my email address and they certainly didn’t have permission to use it for marketing. Emailing a consumer a marketing message without their permission is in violation of PECR (Privacy and Electronic Communications Regulations). Also, their privacy policy made no mention of this so that meant it was a GDPR violation too. I contacted them to report this and to delve a little deeper.

A conversation with the retailer confirmed that they did not have my email address in their database, but that they were using a third party basket recovery system – a separate service that monitors their website and sends a helpful nudge to a wannabe customer if a basket is abandoned. This is often a useful service, but how on earth did they get my email address?

Although they didn’t have my email address, the third party basket recovery service somehow did. After an investigation by the retailer, we discovered that I’d used autocomplete to enter my postcode and this had filled in a newsletter subscription email field on the page automatically. Despite the fact I hadn’t submitted this form, the third party service used it to scrape my data.

The retailer was shocked at this finding – they didn’t know that their supplier was doing this and it went against the agreement that was in place between them and the supplier. The supplier may have thought that it was a great idea and that it would improve their service, but they clearly didn’t realise that this action constituted a breach of both GDPR and PECR. I recommended the retailer report themselves to the ICO, which they have done, and I’m sure the ICO will only offer help and advice.

If you do use third party services, make sure that you read the small print and make sure that their actions are not in violation of PECR or GDPR – because if they are you’ll be the one with the breach on your hands.

Simon on: AI

Pretty much every day brings a news story about AI, it is the subject of hundreds of news stories and this media fascination hasn’t gone amiss. AI is being incorporated into a lot of new tech and being used by lots of start-ups. It is being explored by many industries, and is having an impact on medical applications; a properly trained AI can scan medical records and pick up anomalies and patterns that would not be picked up by a human performing the same task - which is a potentially amazing use of AI.

But things are not quite as they seem. AI doesn’t actually have an exact definition and this is being exploited by a number of tech start-ups keen to jump on the band wagon. According to research by venture capital firm MMC Ventures, 40 per cent of the 2,830 purported AI start- ups in Europe don’t actually use any AI in their products. But they are doing this with good reason because the report also states that simply labelling yourself as an AI company attracts an average of 15 percent more funding than another non AI tech start-up.

This is an incredibly exciting time and AI will undoubtedly have a huge impact on how we live in the future, but be wary of those companies purporting to use AI – it may not be quite the news story they claim it to be.