Data protection

Data is the backbone of the subscription economy. Businesses analyse it to identify trends and key points in the subscription cycle, enabling better forecasting, the maximisation of opportunities and the management of risk.

Their subscribers expect data-driven personalised services, with bespoke communications, recommendations and deals tailored by behind-the-scenes AI. But any mismanagement of data can cause both reputational damage and serious regulatory problems for a subscription business.

It is vital that companies understand how to process data compliantly well in advance of launching a subscription service, as a first step to ensuring that appropriate systems are in place and staff are appropriately trained.

Personal data 

Businesses providing subscriptions collect certain types of personal data, such as names, billing addresses and email addresses. As well as ensuring that data is handled securely, they need to implement other data protection measures. This may involve devising a data retention policy, ensuring privacy by the design of the development and application of data analytics for their subscription business model, and anonymising certain data associated with expired or terminated subscriptions after a set period.

Subscribers can have qualified rights to erasure (‘the right to be forgotten’) that businesses should prepare for and be able to comply with. Further, certain data portability rights also allow subscribers to obtain and reuse their personal data for their own purposes across different services. Businesses should ensure that they understand and can comply with such rights.

Personal data used by subscription businesses in different jurisdictions and industries, from financial services to the healthcare and insurance industries, can have differing requirements and nuanced considerations, as well as different value ascribed to it as a business asset and potential risk if there is a data breach. 

Direct marketing

The amount of data obtained from subscriptions enables targeted and personalised advertising and marketing, typically driven by ever-more-sophisticated algorithms. But using data in this way also means a business has to observe additional – often extensive – data and consumer protection requirements.

In the UK, for example, direct marketing is covered by rules including the E-Commerce Regulations, the Consumer Protection from Unfair Trading Regulations, the CAP Code, the DMA Code, and data protection and e-privacy laws.

There is considerable scope for subscription businesses to fall foul of direct marketing rules, particularly where subscribers have opted out of receiving marketing messages or not opted in to receiving them – creating the requirement to ensure that permitted service communications with them (for example, about renewals) do not contain content which might constitute marketing.

Any communications with former customers – for example, offering them the opportunity of a fresh subscription – also needs to be approached carefully, as similar pitfalls are likely to exist.

When facing declining subscriber numbers, some businesses could consider taking advantage of the data available to it for advertising purposes by launching a separate ad-supported tier of an existing subscription service. In recent years, certain businesses providing subscription video-on-demand (SVOD) services have announced a lower cost advertising-based video-on-demand (AVOD) subscription alongside their full price subscription. Offering a cheaper subscription by using advertising could help a business to deaccelerate declining subscriber numbers and improve competition in the market.