Ask most email marketers to identify the biggest challenge they face these days and the answer will not be ‘legal compliance’ but ‘deliverability’. Does a recent opinion by EU data protection super group the Article 29 Working Party presage a test case against blocking ISPs?
Topic: Email marketing
Who: The Article 29 Data Protection Working Party
Where: Brussels
When: February 2006
What happened:
Currently, the greatest impediment to effect legitimate email marketing is not statutory control or enforcement, but internet service providers ("ISPs") blocking the delivery of campaigns.
As digital marketers seethed at ISPs' seemingly arbitrary blocking of commercial email, one ISP has recently added insult to injury by offering a delivery service which side stepped these problems, but at a not insignificant price per message.
Has the blocking of email marketing campaigns by ISPs been challenged in the courts to date, anywhere in the world? The answer is that there has been the odd case, for instance in the US and Germany but to marketinglaw's current knowledge, none of them have involved direct action by an email marketer against an ISP. But there is still palpable dissatisfaction on the part of email marketers at ISP behaviour and into this digital cockpit has stepped the Article 29 Data Protection Working Party.
Authoritative opinion
This party is a group of representatives of the data protection watchdogs in each of the 25 EU member states. From time to time it focuses on topical issues and issues and publishes "Opinions'. These do not have force of law as such, but they clearly have an authority and distinctly persuasive authority given their source. The latest such Opinion was 'on privacy issues related to the provision of email screening services'. In other words, the focus of their Opinion is the email deliverability issue.
In the scene-setting section of the Opinion, the Working Party comments that the interception, opening, reading and delaying of ordinary letters or putting up barriers to the sending of letters have all been considered to be interfering with the rights to privacy enshrined in Article 8 of the European Convention on Human Rights.
By the same token, communication partners that use emails may reasonably expect that their communications will not be inspected by third parties, private or public.
Against this, the Opinion notes subsequently that under Article 4 of the Privacy and Electronic Communications Directive ("E Privacy Directive"), ISPs are entitled to 'take appropriate technical and organisational measures to safeguard security' of their services.
Against this background then, a question arises, the Opinion goes on, as to whether the scanning of communications in which ISPs are commonly engaged in order to carry out a variety of purposes is compatible with EU law.
Limited "safeguarding of security" justification
The party's first position is that the setting up and use of filtering systems by email providers for the purpose of detecting a virus might be justified by the obligation to take appropriate technical and organisational measures to safeguard security as provided for in Article 4 of the E Privacy Directive.
Turning to the screening of emails for the purposes of filtering spam, however, the Opinion is more ambivalent.
If the sheer volume of spam creates a threat to the proper functioning of network services, then again it may be arguable that Article 4 of the E Privacy Directive justifies relevant screening by ISP. The same argument would apply on the basis that screening might arguably allow the ISP to properly perform the service it contracts to provide to the recipient of the emails.
"False positive" threat
Having said this, the Opinion goes on to express concern that filtering results sometimes in 'false positives,' in other words legitimate and solicited messages are not delivered because they are deemed to be spam. In this context, the Opinion considers that the action of filtering and withholding email that is supposedly unwanted may entail not only an invasion of freedom of speech but also a violation of Article 10 of the European Convention of Human Rights (the right to free speech).
Opinion's strong recommendations
In the light of these considerations, the Opinion goes on to 'strongly recommend' email providers to take into account the following recommendations:-
(a) the Working Party ("WP") encourages the practice consisting of giving subscribers the possibility to opt out of scanning their emails for spam purposes, the possibility to check emails deemed as spam in order to ascertain whether they are indeed spam and the possibility to decide what 'kind' of spam should be filtered out;
(b) the WP also encourages the development of filtering tools that end users can install or configure, either in the terminal equipment or in third party servers, which will enable them to control what they want to receive and what they do not want to receive;
(c) the WP also reminds email service providers engaged in screening emails for spam purposes of their duties under Article 10 of the Data Protection Directive to inform subscribers of their policy so far as spam is concerned in a clear and unambiguous way, failing which there may be breach of data protection law involved.
Screening for detecting predetermined content
The Opinion then focuses on situations where ISPs reserve the right to screen and even to remove any predetermined email content. The WP is here concerned that in using this sort of filtering, ISPs become censors of private email communications, for example blocking communications whose content may be completely lawful, thus raising fundamental questions of freedom of speech, expression and information. The WP reminds us here that ISPs are under no general legal obligation to monitor predetermined or alleged harmful content.
In the circumstances, here the WP is of the opinion that ISP email service providers are prohibited from engaging in filtering, storage or any kinds of interception of communications and the related traffic data for the purposes of detecting any predetermined content without the prior consent of the users of the services, as required by Article 5.1 of the E Privacy Directive.
'Did they read it?' Services
The Opinion then looks at the development of new kinds of software products and services such as the so-called 'Did they read it?' service.
This aims at tracking email opening, where the recipient of the emails in question has no possibility to accept or refuse the retrieval of the information gathered as to for instance how many times a message is read, when or if it has been forwarded to others.
The WP expresses the "strongest opposition" to this processing because personal data about addressees' behaviour is recorded and transmitted without the unambiguous consent of the addressee. 'No other legal grounds justify this processing' the WP unambiguously states.
Why this matters:
In some places this Opinion seems to point in both directions, but in many areas the document is quite strident in its criticism of ISP screening practices. It remains to be seen whether this will fortify email marketers in their efforts to tackle the deliverability issue head on with ISPs – and perhaps provide them with sufficient ammunition and encouragement to launch a test case, either here in the UK or maybe elsewhere in the European Union.