The IAB has published proposed e-mail marketing standards. Looking for indications as to what is “best practice” in this increasingly popular marketing channel?
Topic: Selling On-line
Who: The Interactive Advertising Bureau
When: January 2002
When it comes to privacy policies, the suggested standards set out no less than 18 separate requirements that must be met. These include a stipulation that a "notified single opt-in" method be used for data collection. "Opt-in" is defined in what is now effectively the industry standard way, as "an approach in which a user who desires to be added to a list must request, actively, such as by checking a box on a web page, to be added to the list." Separately "notified opt-in" is defined as "an approach in which, after a subscription has been received and entered, a confirmation e-mail is sent to the subscriber containing (i) the source of the subscription request (ii) instructions on how to unsubscribe from the list, and (iii) instructions on how to report that the subscription request was in error.
Privacy policies must also give a clear opportunity, in each e-mail, enabling the user to stop further e-mails. When such a request is received by the e-mail sender, this must be acted upon within 48 hours if the request is made on-line, or 5 working days if it is off-line. Privacy policies should also, the standards suggest, indicate whether particular types of data requested are essential to the transaction between user and data collector envisaged, or purely voluntary. The consequences of failing to provide any particular type of data requested should also be stated. Also disclosed at the point of collection should be the means by which data regarding the user are collected including cookies, clear-gifs or other similar indicators. Another suggestion is that individuals should be given a clear indication as to how frequently e-mails will be sent, assuming the individual opts in to their data being used for the purposes of sending future commercial e-mails.
Why This Matters: By requiring a blanket adoption by its members of an "opt-in" approach so far as commercial e-mail messages are concerned, the IAB continues to differ from the current policy of the Direct Marketing Association. The "opt-in" approach also imposes a much stricter requirement on on-line personal data collectors than current UK law, although it is more in line with current proposals in the draft EU Communications Data Protection Directive. If the IAB's proposed standards are adopted, then it is to be assumed that all IAB members will be bound, on pain of expulsion from membership, to follow them. It remains to be seen whether its membership is prepared to go the extra mile and move to a "best practice" opt-in regime, some 2 years in advance of any movement of EU law in this direction.