A Marketers Guide to Email Compliance – Understanding Data Privacy
There have been several data privacy laws like GDPR, CCPA, PIPEDA, LGPD, and more, enacted in the past few years by various countries around the world. They are followed so customer data is handled correctly by businesses, organizations, and third-party service providers.
Derek Lackey, Managing Partner at Newport Thompson and a well-known data privacy expert in Canada, and Dennis Dayman our host of the podcast discuss privacy laws across countries and their impact on consumers and marketers alike in this highly insightful final podcast of season one.
We answer some questions related to privacy and email laws:
- Why do we need data privacy laws and how do they impact email?
- How important is consent for privacy?
- How do these laws empower consumers and change the way they share data with brands for marketing purposes?
- What is the scenario of email and data privacy laws?
About Derek Lackey
Derek Lackey is the managing partner of Newport Thompson data and privacy consulting firm based in Toronto and is a voluntary chair at the Response Marketing Association of Canada.
He runs a content curation platform blazon.online, and more recently, bestofprivacy.com where he shares articles from across the internet that are factual and demonstrate a novel point. He's also the author of an ebook, CASL Compliance - A Marketers Guide to Email Compliance for Canadians.
The need for data privacy laws and how they impact email
Dennis started off with a perfect question: "Why do we need laws to govern email communication?". With Derek's 20+ years of experience, he offered a brilliant answer.
Why do we need laws to govern data privacy and digital communication?
When "email" started as a platform in the 90s, the generally accepted marketing was "mass marketing". For a marketer, the mindset was to send out an ad to as many people as possible.
And that was it. People scraped emails from across the internet and sent out bulk emails to everyone, without knowing if the person is interested in an offer or not.
For a marketer back then, more was better.
But with email marketing, more emails aren't necessarily better if the engagement with your emails is low. What matters is how many of those users engage with your emails.
The platform was designed to replace physical mails and connect with people on a personal level. Back when personalization technology didn't exist, the same email was sent out to everyone, and that beat the purpose of the platform.
So to prevent the bulk spam that became common, laws like CASL were put into place by the Canadian government. However, it took over 10 years to implement the laws.
Until then, mailbox providers had to ensure that the spam problem was kept in check so user don't abandon the platform.
How do these laws impact email marketing?
In 2020, anyone who has touched email marketing knows that these laws apply. Be it GDPR, LGPD, CASL, CCPA, or any other country specific law. It's well-known now.
So how and when do these laws impact marketing for you?
The answer to this question lies in your understanding of the userbase. If you have a userbase of Canadians, you can comply with CASL and PIPEDA, and you're fine. GDPR is not necessary.
But if your audience is in Europe, GDPR is an absolute must.
Again, there are exceptions to these laws which can help you losen up a bit.
For example: CCPA has said that if you are under 25 million in revenue, and keep less than 50,000 data files this law doesn't apply.
You can read through the laws of the country that you're targeting and find out if any exceptions apply for you.
The fundamentals of sending emails remain the same:
- Seek permission
- Send emails that your customers want
- Remove user data of users who requested for it
Understanding the relationship between consent and privacy laws
Derek goes into detail about consent in his book CASL Compliance and his article on the 5 types of consent.
Consent is hard to get. You need somebody who's really leaning in on your brand to consent to have you send them emails.Derek
He talks about the 5 different types of consent according to privacy laws:
- Express Consent
- Implied Consent – Existing Business Relationship
- Implied Consent – Existing Non-Business Relationship
- Implied Consent – Conspicuously Displayed or Referred
- Personal Relationship
Express consent is the gold standard if you can get them to opt-in for the same. With expressed consent, your customer is essentially telling you that he/she is interested in getting marketing emails from you.
But getting express consent at all times is difficult, and all laws understand that and have made arrangements for the same.
However, the priority will be on legitimate interest. Have any of your customers shown a specific interest in a type of marketing email that you sent out?
If they did, go ahead and send them some more value additions similar to the previous one. The likelihood of them engaging with those emails is much higher.
With that said, let's talk about the withdrawal of consent. How should marketers react if customers want to withdraw their consent to receive marketing emails?
How do these laws change the way consumers share data with brands for marketing purposes?
Dennis brings up another topic on consumer empowerment due to the implementation of new data privacy laws.
The consumer is getting more educated and they're holding brands to a higher bar
Back when the laws were loosely implemented, we could continue to send out emails irrespective of the customer's wish to receive them.
However, as consumers are becoming more aware of these issues, they expect brands to respect their privacy even more. Brands can no longer pick data from any feed and start emailing them without being questioned on privacy issues.
Even now, some consumers find targeted advertising really convenient while others may find the same to be creepy.
And when the news about Cambridge Analytica came out, consumers have begun guarding their privacy even further.
If a marketer wishes to use consumer data, what is the best way to go about it?
Derek brings up a question that many budding marketers are concerned about, "Should you use the data on your consumers to share valuable content with them?"
If you're about to do something with the data, you need to ask yourself, "If I were on the other end, if I were one of the people receiving this message, would I prefer this?".
Nowadays, a lot of emails are sent based on what the brands want rather than what consumers expect or would like to hear about.
As brands thrive on giving consumers what they want, you need to know if the data you're collecting is going to benefit the consumers or just the brand.
Another great example that Dennis talks about is the "Grandmother test". Before sending out an email, just ask yourself if you'd send the same email to your grandmother or not.
Unnecessary emails fall into the category of spam, and sooner or later, you're going to have a lot of people leave your email lists.
What is the scenario of email and data privacy laws and their consequences?
Since the issue doesn't show up to be concerning enough, many countries are yet to adopt these laws on data privacy. For this reason, individual provinces have taken up ownership to implement these laws.
But some laws like CASL cannot be withheld on smaller scales and require cooperation from the country.
The fear with these laws is the frivolous lawsuits that might accompany them. And so when implementing these laws, there is special care taken to ensure there is minimal ambiguity in what's right and what's wrong.
For example, a lot of ambiguity can be attributed to implied consent where you signed up to a platform or visited a store and added your email address to their list.
The store has a two year period to email the customers who visit the store and share the email addresses.
And with strong laws, most of the lawsuits can be resolved right at the private lawyer's office.
If someone comes up saying "A brand just email me without my consent". The lawyer can ask a series of questions and then say something like "Okay well, you visited their store and submitted your email. The store has implied consent for 2 years to send out emails. You can explicitly ask to stop the emails but the lawsuit is invalid".
And that should solve most of the lawsuits right off the bat.
With a lot of marketers resorting to older techniques of marketing in the masses, it's necessary to strongly implement laws and maintain fair use of the platforms.
Spam will only distance consumers from platforms making some highly valuable platforms unusable. If you're interested to read more podcast summaries, do check out the blog on busting 5 email marketing myths with Laura Atkins - a respected thought leader in the email space and Dennis.