law
Eric Goldman is Associate Dean of Research, Professor of Law and Co-Director, High Tech Law Institute, at Santa Clara University. And he blogs about legal stuff, often stuff relating to the internet and privacy. I find his blog a must read. So he’s a good guy to turn to when you want quality analysis of the RNC’s first round loss in their lawsuit against Google. And here it is, perhaps a bit delayed, but still worth reading.
Mike Masnick from Techdirt’s got a scathing breakdown of how the judge just wasn’t buying what the RNC was selling; derisively detailing their failure to prove Google bias against right-wing political senders. It’s definitely worth a read. He closes with saying that with election season upcoming, maybe that will spur the RNC to appeal the ruling. Who’s he kidding? We know this isn’t the end of it.
As mentioned earlier, the FTC recently announced a proposed settlement with Experian, taking action against them for allegedly sending commercial emails while claiming those emails were transactional in nature. Meaning that users effectively couldn’t opt-out from email messaging that was ultimately believed by the FTC to be commercial in nature.Writing for the Ad Law Access blog, Gonzalo Mon, advertising lawyer at Kelley Drye & Warren, explains more about what’s going on here and what marketers should be aware of — the top point being, be very careful about what you call transactional. The “primary purpose” measure is something that the FTC takes very seriously. A short but important read, in my opinion.
Remember that the RNC had sued Google, alleging that RNC emails were being unfairly dropped into Gmail spam folders due to political animus on the part of Google? Well, so far, things aren’t going in the RNC’s favor. Judge Daniel Calabretta said that while it was a “close case,” the political committee had not “sufficiently pled that Google acted in bad faith.” The judge is leaving room for the RNC to re-file, so I’m sure this isn’t the last we’ve heard of this. Read more here and here.
Previously I’ve talked about the affirmative consent standard found in the US federal anti-spam law (CAN-SPAM). I’ve found it very useful test when trying to understand if a process is appropriately opt-in our not. Wondering if GDPR has something similar? It does.For various reasons, the UK and the EU have slightly differing versions of GDPR, but the UK’s Information Commissioner’s Office provides us with a pretty good guide for email marketing permission standards, and I think it’s a good starting point to learn about opt-in requirements EU-wide.The ICO explains that “Consent requests need to be prominent, concise, easy to understand and separate from any other information such as general terms and conditions.”Opt-in is key — see “What methods can we use to obtain consent?” for more details. No pre-checked box, not hidden in terms and conditions, and make it easy to understand.The handy website GDPR.eu, put together by Proton AG
There’s a term you don’t hear every day: electronic mail fraud. Apparently it’s just one of a litany of charges brought against four employees of a company called Adconion. Per Brian Krebs: “The government alleged that between December 2010 and September 2014, the defendants engaged in a conspiracy to identify or pay to identify blocks of Internet Protocol (IP) addresses that were registered to others but which were otherwise inactive.”What we have here are (alleged) bad guys (allegedly) engaging in fraud to obtain big chunks of IP addresses which were then (allegedly) used to send (alleged) spam. Yuck.Bad guys ruin everything for the rest of us. One of the big reasons ISPs and MBPs are suspicious about mail from IP addresses with no significant mail history is probably because of garbage like this. Using large swaths of IP address space (more than 65,000 IP addresses) and attempting to evade spam
“Is this message transactional, or is it commercial?” That’s a question I get asked quite regularly as a deliverability consultant. Note that I am not a lawyer, so I can’t give you legal advice. I can, however, provide my layman’s interpretation and encourage you to investigate for yourself, suggest to you where you need to look, and you can throw it all to your legal counsel, for a final ruling on the matter, if needed.Assuming you are based in the US and are sending (only) to US-based recipients, the US federal CAN-SPAM law applies. The text of the law itself (section 3) provides a fairly straightforward definition of what constitutes a transactional message, and the FTC later published even more helpful clarifying definitions — which is what you should read, memorize, and bookmark for future reference. It starts with this. It’s transactional, if the primary purpose of the email message is:to facilitate, complete,…
I saw somebody ask recently how best to label their email marketing messages as an advertisement. Their intent was to comply with CAN-SPAM, the US federal anti-spam law. Though I am not a lawyer and this is not legal advice, allow me to clarify it with my layman’s pants on, since CAN-SPAM misunderstandings and myths abound and this is an easy one to help folks understand.According to CAN-SPAM, you do NOT have to label your email as an advertisement, if you have “prior affirmative consent.” Meaning, if all your email is opt-in, you only send marketing messages to people who have explicitly signed up to receive such email from you, then you’re good. You don’t need to label the mail as advertising.But don’t take my word from it — here’s the relevant detail, straight from the fine folks at the Federal Trade Commission (FTC):”If recipients have given their prior affirmative consent…
What is COI/DOI? It’s just address validation and permission verification — you send a welcome or verification message and the recipient has to click on a link to prove they want the subscription. And it’s not a new thing, here’s me talking about it on this very blog fifteen years ago.I consider the terms “double opt-in” and “confirmed opt-in” are interchangeable. I find that most of the time, internet security and anti-spam folks call it COI, and marketers and some deliverability folks (like me!) call it DOI. When doing so, they refer to the same process of requiring an active response to the initial welcome or verification email.There are a lot of good reasons to implement COI/DOI, but today’s specific question is — does Germany “require” it? Ultimately this is a legal question, and I’m not a lawyer, so I’m not qualified to answer legal questions. So this is not legal…
Compliance with spam laws is still a necessary thing, you know. And failing to follow the rules can get really, really expensive.A few weeks ago, the Australian Communications and Media Authority (ACMA), the Australian regulator of media and communications, announced that online gambling company Sportsbet will have to pay $2.5 million (AUD) in fines and that they have “committed to refund customers around $1.2 million (AUD)” to settle spam allegations.The ACMA investigation “found Sportsbet sent more than 150,000 marketing text messages and emails to over 37,000 consumers who had tried to unsubscribe. Sportsbet also sent over 3,000 marketing texts that had no unsubscribe function.”Read more about it here from the ACMA (and you can find the enforcement notices here).[ H/T: Highstakes DB ]