The IAB has published proposed e-mail marketing standards. Looking for indications as to what is “best practice” in this increasingly popular marketing channel?
Topic: Selling On-line
Who: The Interactive Advertising Bureau
When: January 2002
What Happened: Amidst a rising tide of anti-spam fervour, with the EU voting for an EU-wide spam regime in the draft Communications Data Protection Directive, a California Appeals Court upholding a draconian anti-spam law, and Japanese regulators moving in quickly to revise laws governing mail order and direct marketing so as to kerb unsolicited e-mails, the UK and Ireland's Interactive Advertising Bureau has released proposals for e-mail marketing standards. They were developed in conjunction with FAST, the pan European association of trade bodies and companies interested in developing standards. The proposals define key terms and suggest standards of practice, not only in relation to verifying e-mail traffic and other associated data, but also in respect of data collection practices. Here the E-mail Marketing Association of the UK also had a major say, and the "data collection" section of the draft standards seeks to establish a benchmark for best practice. Setting the tone, the first section requires that whether personal data are collected from users off-line or on-line, the data collector must provide users, at the point of data collection, with a clear and conspicuous notice as to the purpose or purposes for which the personal data are collected. At that point the collector must also ensure that the appropriate consent has been sought from the user. There must also be a prominent link to the collector's privacy policy on its homepage and/or on any other web page on which personal data are collected. What's more, the link should be in close proximity to the point at which the personal data is input.
When it comes to privacy policies, the suggested standards set out no less than 18 separate requirements that must be met. These include a stipulation that a "notified single opt-in" method be used for data collection. "Opt-in" is defined in what is now effectively the industry standard way, as "an approach in which a user who desires to be added to a list must request, actively, such as by checking a box on a web page, to be added to the list." Separately "notified opt-in" is defined as "an approach in which, after a subscription has been received and entered, a confirmation e-mail is sent to the subscriber containing (i) the source of the subscription request (ii) instructions on how to unsubscribe from the list, and (iii) instructions on how to report that the subscription request was in error.
Privacy policies must also give a clear opportunity, in each e-mail, enabling the user to stop further e-mails. When such a request is received by the e-mail sender, this must be acted upon within 48 hours if the request is made on-line, or 5 working days if it is off-line. Privacy policies should also, the standards suggest, indicate whether particular types of data requested are essential to the transaction between user and data collector envisaged, or purely voluntary. The consequences of failing to provide any particular type of data requested should also be stated. Also disclosed at the point of collection should be the means by which data regarding the user are collected including cookies, clear-gifs or other similar indicators. Another suggestion is that individuals should be given a clear indication as to how frequently e-mails will be sent, assuming the individual opts in to their data being used for the purposes of sending future commercial e-mails.
Why This Matters: By requiring a blanket adoption by its members of an "opt-in" approach so far as commercial e-mail messages are concerned, the IAB continues to differ from the current policy of the Direct Marketing Association. The "opt-in" approach also imposes a much stricter requirement on on-line personal data collectors than current UK law, although it is more in line with current proposals in the draft EU Communications Data Protection Directive. If the IAB's proposed standards are adopted, then it is to be assumed that all IAB members will be bound, on pain of expulsion from membership, to follow them. It remains to be seen whether its membership is prepared to go the extra mile and move to a "best practice" opt-in regime, some 2 years in advance of any movement of EU law in this direction.