Keeping customers in the loop

Data are the driving force behind Weve, a mobile advertising joint venture between mobile network operators O2, EE and Vodafone. Paul Worthington, ACMA, CGMA, draws on his experience at O2 to provide guidance on safeguarding customer data.

The UK’s three largest mobile network operators — EE, O2 and Vodafone — have long been fierce competitors for mobile contracts. But in recent years, the continued squeezing of traditional markets has forced the companies to start looking at new markets. As mobile devices, especially smartphones, have emerged as the primary screen for many consumers, the companies decided to compete in a new realm: mobile advertising, a market worth £1.03 billion (about $1.75 billion) in the UK in 2013, up 95% from 2012, according to the Internet Advertising Bureau.

But that presented a quandary for the operators: How would the companies wrest advertising share from players such as Google and Facebook? “The operators realised that they had value in the data that they’ve got,” recalls Paul Worthington, ACMA, CGMA, an account director at O2. “But the problem [was] that each one could only serve a third of the market.”

So in 2012, the three operators formed Weve, a unique partnership aimed at leveraging the collective value in their subscriber data to more effectively send mobile advertisements to customers through their mobile devices.

Basing its proposition on the accuracy of its first-party, verified and anonymised customer data, Weve has established itself in the text message (SMS) advertising market. The process is one that involves many stakeholders — lawyers, regulators, corporate partners, advertisers and, of course, customers.

Worthington, O2’s representative in the project, walked us through the data loop that drives the joint venture (see Figure 1) and offered his tips on establishing a privacy policy for a project that depends on secure, anonymised data use (see “Six Rules When Working With Customer Data,” below).

Data are the driving force behind the Weve business model. With a combined total of 22 million subscribers, the mobile network operators (MNOs), O2, EE and Vodafone, have access to 80% of the UK’s addressable market. Weve’s goal is to responsibly leverage its combination of verified first-party user data and browsing behaviour to help advertisers deliver campaigns to their target audience.

O2 submits encrypted and anonymised data from its customers who have consented to the joint venture. It maintains a blacklist of domains, such as health or religious sites, that cannot be transferred to Weve because sensitive personal information could be inferred from the use of those sites. Behavioural data change rapidly, and it is important to keep them refreshed daily. In line with industry best practice, data are not retained longer than necessary. If a customer opts out of receiving messages, he or she is removed from campaigns within five days, and his or her data are permanently deleted within one month.

When brands request ad campaigns with a specific target demographic in mind, extracts of anonymised behavioural data from browsing activity (up to the first slash of a web address) help to further segment customers into, for example, car buyers or mums. This is the most valuable data for the operators collaborating in Weve. The idea is that subscribers receive more relevant ads and offers and are more likely to engage with them, making advertisers more likely to place future campaigns with Weve.


Within O2, the internal governance process to manage data is called Information Council. This is made up of lawyers and business intelligence, finance, security and regulatory specialists. Any proposed use of customer data has to be approved by this forum. Paul Worthington draws on his experience at O2 to provide guidance on safeguarding customer data.

  1. Be transparent. Tell customers what you’re collecting, how you’re using it and how you’re protecting their data. A lack of transparency will attract unwanted attention and suspicion.
  2. Embrace simplicity. Keep your privacy policy up to date, prominent and simple. Customers are more relaxed about their data being used if they think your organisation is upfront and not hiding behind pages of legal jargon.
  3. Plan ahead. However robust your processes, always plan for the worst. Evidence shows a company’s reputation can even improve in the event of a data breach based on how quickly it communicates after the event. In case a data breach does arise, O2 has processes in place to inform the public and the relevant authorities about the problem and to outline what the operator is doing to resolve it.
  4. Know your regulations and proactively engage the industry bodies and regulators. Know the rules inside out and don’t take shortcuts. Sloppy processes or data controls can bring financial penalties as well as permanent brand damage. Data are arguably your company’s greatest commodity. Treat them as such.
  5. Communicate the value. Customers are more relaxed about the use of their data if there’s a clear benefit to them. If your organisation is using the data in exchange for a free service or to provide an improved service such as tailored offers, make that clear.
  6. Give customers control. Customers want to be in control of their own data. Be clear on how customers can change their preferences or how they can opt out altogether. It promotes trust and will further engage your customers. For example, before a new subscriber can be added to the O2 customer base to receive text messages, he or she receives an initial message about the offers proposition, including details of how to opt out if desired.