- Home ›
- Data Protection ›
- Compliance
Data Protection Compliance
The UPU makes it harder for postal services to sell personal data
At its 25th Congress in Doha in October 2012, the UPU adopted a new personal data protection compliance framework. Adherence to this framework is compulsory for all postal service providers who are designated by a Member State of the Universal Postal Union to fulfil the universal service obligation.
The 25th UPU Congress made it clear:
The UPU Convention provides for the confidentiality of the data gathered by designated operators, AND for the protection and security of that data.
Defining
Personal Data
The global postal network defines personal data as the information needed to identify a postal service user.
The UPU’s data protection compliance framework on personal data conforms to the definitions given in international and regional regulations on the handling of personal data, and adapts them to the postal context.
In terms of the current postal delivery business model, personal data is primarily the information needed to identify the sender and recipient of a postal item (name and physical postal address/delivery point).
Article 11bis: Personal data may be deployed ONLY for the purposes for which it is gathered
The new Article 11bis of the UPU Convention, which came into force on 1 January 2014, states that personal data on users may be deployed only for the purposes for which it was gathered, and must abide by national data protection legislation. This brings data protection compliance regulations on personal data by postal services into line with international and European Community legislation.
As data is currently processed in accordance with the legislation of the country in which it was gathered, the methods of collecting and processing data may vary. Therefore Article 11bis states that:
Designated operators have an obligation to inform postal service users how their personal data is being used, and the purposes for which this information is being collected.
Where data may enable third parties to identify the postal user directly or indirectly, postal services may only transfer this data where national legislation authorizes them to do so.
Tough Times for List Brokers
The UPU Convention has made clear that this new postal
data protection compliance is a fundamental cornerstone of the postal service
provision, and stresses the confidentiality,
protection & security of personal data.
Essentially, no change here.
However, this effectively pulls the rug out from
beneath the address and list broker industry.
Given the clear and specific declaration that a postal service user’s personal data may be employed only for the purposes for which it was gathered (i.e. for delivering a mail piece), any list privileges, list brokerage, or the reselling of address data which enables third parties to directly or indirectly identify postal services users is, by definition, prohibited.
This is referred to as "purpose limitation".
Where postal services want to continue using their customers’ personal data in this way, a hard "opt-in" is required – postal users must give their express permission for their personal data to be used, after having been fully informed about the exact use that will be made of their data.
Any other use - a contrario - is prohibited. It is easy to imagine that, particularly where there is no financial inducement to the postal user, hard opt-in rates will be neglible.
The European direct marketing business model, however, runs counter to this model of data protection compliance.
Data is currently used to identify postal users from address lists, from traceable and trackable data provided via the Internet, by cross referencing and data mining activities to identify customer interests.
All this falls outside the definition of postal data protection compliance and clear purpose limitation. Postal services will be required to clearly separate themselves from these activities.
Fig.1: Data Selling in Germany - the major players in today's data market.
Posts as
Trusted Mediators in a Digital World
The Universal Postal Union, a special UN body
dedicated to the global postal network and serving the needs of governments and
their designated operators, has clearly understood the importance of focusing
on the paradigm of trust in global postal service provision.
Traditionally providing a document-based global communications network, the UPU is currently shifting its activities into the digital realm with the introduction of its own top level domain, .post.
The new data protection compliance framework is part of this move, providing the basis upon which the UPU hopes to establish posts as trusted mediators within a digital communications ecosystem. The data protection compliance framework is a clear and forward-thinking regulation and supports this development.
IN BRIEF: At the 25th UPU Congress in Doha, 2012, the UPU officially adopted its data protection compliance framework, allowing personal data, gathered to provide a physical, digital or financial postal service, to be made available to 3rd parties or used for any other purposes only with the express permission of the user.
This removes the current basis for the business of address and list brokers. Confidentiality, protection and security of personal data are the cornerstones of the UPU service provision.
Walter Trezek is the Chairman of the Consultative Committee (CC) of the Universal Postal Union (UPU).
- Home ›
- Data Protection ›
- Compliance
Does this article cover a topic relevant to your business? Access the CLS Business Lounge for the market intelligence you need to stay ahead of the crowd. Find out more
READY TO UPGRADE?
Secure your seat in the CLS Business Lounge – premium market intelligence & insights + one-on-one business support each month.
Recent Articles
-
The evolution of postal tariffs: past, present & future
May 25, 23 04:16 AM
Postal tariffs from the 1970s to the present: how terminal dues and changing rate systems reflect international development and shape the global postal network. -
VAT in the Digital Age (ViDA): next digital disruption in ecommerce
Jan 30, 23 07:40 AM
The EU’s 2023 ViDA (VAT in the Digital Age) reform impacts ecommerce, with e-invoicing, single VAT registration, and mandatory use of IOSS for B2C imports. -
Postal customs clearance procedures and the EU VAT Ecommerce Package
Jun 15, 22 04:52 AM
Exploring changes to postal customs clearance procedures and VAT payments following the 1.7.2021 EU VAT Ecommerce Package.
How Big Data Tools Will Revolutionize Communication Logistics
The communication logistics industry is adopting Big Data tools to revolutionize business processes, making them faster, smarter and more efficient.
Data Protection Regulations: Good News For Direct Marketing Mail!
GDPR & trust frameworks enable physical direct marketing mail to be more specific, targeted and profiled, bringing better marketing investment returns (ROMI).
Online Data Protection: The Core Of New Postal Service Provision
Online data protection is at the core of the new service provision of postal services as global, data-driven communication logistics networks.
Data Protection: The Core Of New Postal Service Provision
Data protection is at the core of new postal services as they move from item-driven to data-driven providers of global communication logistics networks.
READY TO UPGRADE?
CLS Business Lounge: Get the market intelligence & insights you need to thrive in a disruptive business environment.