If you’re engaged in digital marketing, there’s a good chance you could make a decision that could put your firm in legal jeopardy if you’re not careful. In this video, I’ll go over some of the laws that most commonly impact digital marketers.
CAN-SPAM
As most of us are keenly aware, spam is a huge problem. Well, not that type of spam. This type of spam. Our email inboxes are overflowing and scammers use these deceptive emails to prey on people. CAN-SPAM, or Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 was designed to eliminate these annoying emails from our lives. Obviously, this law hasn’t been entirely successful, but regardless it’s a law we must follow. An important thing to know is that the CAN-SPAM covers all email, not just bulk email. It can be a one-off individualized email and still be considered spam and covered under this law.
There are two categories of email messages that the law designates: transactional and commercial. Transactional emails are those that arise from some form of pre-existing relationship between the recipient and the sender of the email. Examples of these messages include purchase receipts, shipping notifications, password change notifications, product recall, and others. These messages are exempt from CAN-SPAM as long as the information contained in the email isn’t misleading. Commercial emails are those that are traditionally considered “marketing” messages, the promotion of products or services, or the cross-selling of additional products or services. Even if an existing relationship already exists between the recipient and sender, these emails must comply with CAN-SPAM.
What are the requirements of CAN-SPAM? The webpages for the act on the Federal Trade Commission website lays it out well.
- Don’t use false or misleading email header information – in other words, don’t doctor the from, reply-to or hidden header information to mislead.
- Don’t use deceptive subject lines
- The email must be identified as an ad some how – there doesn’t have to be a huge “advertisement” banner across the top of the email, but somewhere in the email it has to acknowledge that the ad is commercial or promotional in nature. It’s ok to bury it down in the footer of the email.
- Tell recipients where you’re located. – this means you have to include an address in the email. The footer is the usual place.
- Tell recipients how to opt out of receiving future emails – You need to provide an unsubscribe functionality. All email marketing platforms such as Mailchimp, Emma, CampaignMonitor at others do this.
- Honor opt-out request promptly – since most business sending promotional emails use email marketing platforms, this really isn’t an issue. Unsubscribes are handled automatically.
- Monitor what others are doing on your behalf – if you hire a firm to manage your promotional emails, just because someone else is doing it doesn’t mean your don’t have full liability if they do something wrong. Make sure your partners are staying is legal compliance.
What happens if you don’t follow these rules and you send spam. If you are found in violation, you could be on the hook for $16,000 per email. That’s $16,000 for each and every email that you send that not in compliance with CAN-SPAM. Obviously, if you are involved with email marketing in any way, you’ll become very familiar with the CAN-SPAM act.
ACPA
Next, is the Anti cybersquatting Consumer Protection Act of 1999. This law is designed to protect trademark holders from having domain names of their protected marks registered and held captive by “cybersquatters”. Cybersquatting is the bad faith, abusive registration and use of the distinctive trademarks of others as internet domain names with the intent to profit from the goodwill associated with those trademarks. In other words, you cannot register domains as “real estate” that you intend to profit by at a later date. The penalties are about what you would expect, but the reality is that even though you might have this law to protect you, it might take the legal system far longer to resolve and cost far more in legal fees than if you just paid the cybersquatter what they want, which of course is not ideal. This is a common issue and one not even royalty is immune to.
ADA
The American’s with Disabilities Act of 1990 is most-widely known for the changes it made to help those with disabilities full access to retail and governmental facilities. What many people don’t realize is that the ADA also has provisions for how website operators need to facilitate full access as well. That means visually impaired consumers need to be given the ability to navigate content on the site utilizing accessibility software. This law is important to consider if you’re involved in the designing or implementation of websites. Web content should be accessible to the blind, deaf, and those who must navigate by voice, screen readers or other assistive technologies. Unfortunately, there is no clear regulation defining website accessibility. This has led to a spate of lawsuits claiming infringement when actual infringement isn’t necessarily clear.
Next, we’ll look at some laws that impact digital marketers from a consumer privacy standpoint.
GDPR
The first and most talked about law is the GDPR, or General Data Protection Regulation. This is a European Union regulation, so why does that matter for digital marketers in the US?
This law went into effect May 25, 2018 and it applies to “organisations located within the EU but also applies to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects.” In other words, even if your firm is located outside the EU, if your website is open to EU citizens and collects data on them, you need to have a privacy policy that sets forth what data you will be collecting and why. The maximum fine for breaching the GDPR is €20 million or 4% of annual global revenue and data subjects have the right to seek compensation for damage. Obviously, a sum large enough to get the attention of any firm, which explains the flurry of privacy policy update emails and cookie data collection notifications on websites.
Believe it or not, the United States does not have a comprehensive law like the GDPR that protects the privacy rights of consumers online. There has been talk about adopting one for years now, but so far nothing has happened. But that hasn’t stopped some movement at the state level.
CPPA
The California Consumer Privacy Act went into effect January 1, 2020. Much like the GDPR, even if your firm is not located in California, the requirements of the law can still apply if your firm does business with California residents. This new law provides California residents with a variety of important privacy rights including being able to request information on what businesses are collecting about them, knowing whether their personal information is sold, and many others. Intentional privacy violations are subject to a $7500 fine. Unintentional violations are subject to a fine up to $2500.
COPPA
In 1998, congress passed COPPA or the Children’s Online Privacy and Protection Act. This law was designed to protect against businesses collecting the private information about children under 13 without parents’ permission. Any violation of this law could be subject to a $16,000 fine. That’s actually per child per violation, so a website gathering data on hundreds of kids could quickly rack up huge fines if they are prosecuted.
So far, Tiktok has paid the largest penalty for violating this act.
Now, are these all of the laws that you need to be aware of? No, not by a long shot. There are many other laws that require your attention if say, you’re doing a product give-away on social media, storing or acting on patient healthcare information, dealing with copyright issues, or employee screening. This book, Navigating Social Media Legal Risks by Robert McHale is a great resource for anyone engaging in digital marketing. It’s a great reference to have on your shelf when you have a question about something you do as a digital marketer that might effect you legally.
Because what we do is very public and often entails the capturing of personal information from consumers, we need to be intentional with regard to our activities and follow the letter and spirit of the laws that govern us. Whether its CAN-SPAM, ACPA, ADA, or whatever other alphabet soup you want to talk about, it’s important for you to know that legal minefields abound and the best way to prepare yourself is to be informed.