Quick! Name one piece of major federal legislation on online privacy that passed this past year.
Nothing comes to mind? Don’t feel bad. Not much has happened in terms of imposed new regulations on the subject.
But that’s probably going to change. As increasing headlines about data breaches make the populace antsy and regulations in other countries highlight the lack of policies stateside, U.S. legislators will feel greater pressure to address the issue.
“The Internet was born here in the U.S.,” Dennis Dayman, Chief Privacy Officer at Eloqua, notes. “We’re the last ones to implement true privacy and security measures on using it.”
Broadly speaking, governments like the EU and even Canada treat online privacy as a fundamental human right requiring broad protective regulations. The U.S. is patchy, at best, with some states adopting basic protections. “In the U.S. businesses can do anything they want,” said Tom Bartel, Chief Privacy Officer at email reputation vendor Return Path. “The U.S. right now is looking for the industry to self-regulate.”
The days of pure self-regulation may be on the wane, however. There is pressure from outside the country since the EU has more strident protections and may want to revisit the current Safe Harbor provisions in place that allow businesses to share personal data generated in the EU with people in the U.S. Additionally, late in the year Canada passed the C:28 bill which requires opt-in permission for sending commercial emails, supplying an easy way to unsubscribe to commercial messages and requires senders to identify themselves.
As tougher legislation is imposed in the north and the east, governmental agencies in the U.S. are examining a new of standards as well. In December, both the Federal Trade Commission and the Department of Commerce issued reports with recommendations for improving privacy standards. This is on top of a presidential administration that reportedly wants to spearhead stronger privacy protections.
It’s easy to read the tealeaves: something is going to change. The question is what those potential changes might look like.
Here are three batted around policies that are gaining traction:
Opt-in becomes the new opt-out. Many marketers already use the opt-out model where the onus is on the consumer to express their desire not to be contacted with further messaging. With others like Canada going with an opt-in model, there could be significant pressure to do the same here. It could involve either implicit or explicit permission.
“It’s always best to do opt-in,” Dayman said. Why? For one, it doesn’t have to be rocket science. Clearly stating in a registration form that the user is opting to receive messaging (coupled with the ability to unsubscribe later) will often suffice. Plus, approval beforehand can have a direct and positive correlation on your email deliverability rates. (For a rundown on this relationship check out the Eloqua Grande Guide on Deliverability and Privacy hot off the press.)
Privacy policies are written in plain English. It’s difficult to get through a week online without agreeing to two or three privacy policies. And how often do consumers actually read these long and arduous policies? The modern privacy policy is complex and wrapped in legalese. Whether it comes through industry self-regulation or an act of Congress, it wouldn’t be shocking to see the issue of simplifying or, at the very least, translating policies addressed in a more meaningful way.
For vendors, this shouldn’t be such a painful task. “Make it clear to the consumers and state your case” for why you need their information and how you will improve the relevancy of messaging sent to them, Bartel said. “I’m not sure that’s hard for businesses to do.”
“Do Not Track” gets on track. The FTC’s recent report supported making a do-not-track feature available through browsers. The do-not-track option is likely to be one of the more fierce debates surrounding online privacy. Consumers can typically set browser settings for greater privacy, but the means to do so isn’t always obvious. The FTC has indicated it’s not happy with how industry has regulated itself.
Do-not-track is a favorite of pro-privacy groups seeking stronger legislation. Opponents claim it would have a negative impact on behavioral and targeted advertising. “Do-not-track itself sounds simple, but in practice would have to be remarkably well-considered and take into account a number of questions,” said Reed Freeman at partner at law firm Morrison & Foerster. “Unintended, negative consequences, of course, should never outweigh the positive effect any bill was intended to accomplish.”
Change is in the air. But most experts in the field believe online marketers shouldn’t fret. Some predicted the CAN-SPAM Act passed in 2003 would have a disastrous effect on email marketing. But, Dayman said, often legislation helps clear out the junk ruining the party for everyone. “Were able to clean up bad practices or practices that were getting in the way,” he said.
And organizations could avoid being subject to whims of Congress by adopting progressive privacy policies on their own. Said Bartel: “Generally, speaking I think that industry should always evolve their own set of best practices, and best practices should always be higher evolved than law.”
View Comments
