Read also: 10.5 million customers' data - used for ads no one asked for
When 10.5 million customers joined a sports chain's loyalty program, they thought they were collecting points. What they didn't know was that their email addresses and phone numbers were being passed on to a social network. There, the data was matched against user profiles – and used to show them customized ads in their feed.
No one was asked. No one was informed. The registration form mentioned nothing about advertising on social media.
The CNIL pointed out that the use of customer data for advertising on third-party platforms requires a separate, specific consent. It's not enough to hide it in the terms and conditions. The customer must actively agree to this specific purpose — separate from the loyalty program itself.
**Practical point:**
Review your signup forms – for newsletters, loyalty programs, customer registration. Does it state that the data can be used for advertising with third parties? If not – but you're still uploading lists to Facebook or LinkedIn – you're missing consent.
Inspired by: CNIL