Email marketing is like a cockroach. Everyone used to believe it’s like a dinosaur that would go extinct as consumers started using newer handheld gadgets. But like a cockroach, email marketing has weathered the innovative storms and continues to be highly relevant.
That is not to say that the practice has remained unchanged since email first became a thing in the nineties. Spam filters were a major blow to some forms of email marketing. But there’s an even bigger hurdle that has popped up in recent years: privacy concerns.
A number of shocking data breach scandals marked the last couple of years. On top of the list is Cambridge Analytica. The company had a Facebook app that harvested data from millions of accounts, including non-user accounts.
You may wonder how all this plays into email marketing. Following the many data breach scandals of recent years, regulatory authorities have tightened compliance requirements. Email marketers are now facing a new set of rules to play by.
While email marketing remains as popular as ever, continuing with the practice in the coming years would be challenging. Read below to learn more about the unique issues email marketers would soon face and how to possibly overcome them:
Data Aggregation Creates Big Problems for Email Marketing
The drip, drip of privacy scandals facing IT giants like Facebook has upended the digital marketing world. Consumer and regulatory concerns boil down to two major factors here:
- Data collection practices
- Protection of collected data
One of the hardest aspects of email marketing has been collecting contact information of people. In the past, you may have been able to purchase email lists from so-called data brokers. This is the exact type of practice that has come under regulatory scrutiny.
On top of that, marketers and businesses have to worry about how collected data is stored. Consumers might become miffed that a business paid money for their email address. Consumers would certainly become furious to learn that the purchased email address is now in the hands of hackers.
The privacy concerns are not strictly related to email marketing per se. Rather, email gets dragged into controversies surrounding personal data collection online. Scroll down below to learn more.
Data Aggregation Explained
Personal data aggregation or collection is a loose term that can refer to many forms of data. It can include what’s called personal identifiers, which includes names, addresses, and emails. But this umbrella term also includes other forms of sensitive data like medical records and court files.
Most consumers are unaware of where their data may end up. They may give consent to an app to use an email or a phone number. Data brokers can collect information about the same user from multiple sources to creative huge databases.
That is the essence of data aggregation. Check out a free people search website, for example. You would see tons of records including public files and social media profiles. Such collected data isn’t illegal. But most people might not be aware that such information about themselves is out there on the web.
Marketers have long relied on aggregated data to conduct advertising campaigns, particularly online. Email marketers are very likely to rely on third-party databases, or companies like Epsilon, to obtain email addresses for prospective clients.
The problem is, those emails you got off a database may have been unethically sourced. “Unethically” doesn’t necessarily mean stolen. A person may have voluntarily listed their email address to receive promotional emails from a company.
But that company could have sold the email address to a data broker. In this case, the subsequent marketers who purchase the email address from a database don’t have explicit consent from the user for promotional emails.
It can get worse. Marketers sometimes collect massive droves of data. The more, the better, right? The modern consumer, and the regulator, definitely say no.
How It Affects Email Marketing
There are very specific laws email marketers have to stick with that could be violated when using aggregated data sources. Email marketers are expected to obtain consent from the user for sending promotional emails. But this can become complicated when using Big Data.
Email marketers may face backlash when sending emails without explicit consent from users. Here are two prominent examples where this practice led to lawsuits:
- In 2017, the British government
fined Flybe, an
airline, almost £70,000 for sending millions of unwanted marketing emails. The
airliner had sent promotional emails to users who had unsubscribed from a list.
- The same year, Honda was fined in the UK for sending marketing
emails in the guise of customer care emails to users who had not given consent
to receiving them.
In the larger scheme of things, the fines may sound minor. However, the blow to the brand reputation was not.
Companies can face severe repercussions for not protecting email addresses collected for marketing purposes as well.
Here are some of the most prominent examples of email marketing data breaches that should concern any responsible marketer:
- In 2011, email service firm
Epsilon Interactive was hacked and email addresses belonging to some 50
companies were stolen.
Hackers were able to get access to email addresses plus the users’ names. It
put all of Epsilon’s clients at risk of spearphishing attacks.
- In 2017, the email marketing
service, SendGrid, unwittingly exposed
email addresses of clients and users. The breach was not the work of a
sophisticated hacker. Rather, a network configuration issue, according to
SendGrid, was responsible. This happened some three years after the company was
Data breaches involving emails is a serious business. It undermines the trust clients place in a brand. It would also make it notably difficult for marketers to collect emails in the future.
New Regulations Restrict Some Forms of Email Marketing Practices
Personal data collection and data breaches ultimately lead to one major issue: consumer privacy. Governments have worked from the start to protect consumer privacy against predatory marketing practices. Emails have not been spared in this sense.
In the early 2000s, the Federal Trade Commission introduced the CAN-SPAM Act to keep aggressive email marketing at bay. It had three important provisions to ensure customer privacy. The Act establishes that:
- Email marketers must clearly and conspicuously allow
recipients to opt out of getting marketing emails. The option to stop receiving
specific messages and for opting out altogether should be included. And the
option should not get caught in a spam filter.
- Marketers must process all
unsubscribed requests within at least 10 business days since the initiation.
Marketers shouldn’t charge a fee or demand any other information when a
recipient opts out.
- Marketers won’t get a waiver
for legal responsibility if a third-party involved with the campaign engages in
bad behavior. The responsibility of the marketing emails belongs to the company whose products are
featured in the messages.
These requirements may seem lenient by today’s terms. And many experts back then thought so as well. Some even began to mock the Act as the “can spam Act.”
But this was years ago. Email marketing now faces a new regulator that has come out in full force against privacy violations. Enter the General Data Protection Regulation (GDPR) of the European Union.
How GDPR Affects Email Marketing
GDPR is primarily concerned with protecting personal data that consumers entrust to companies. The requirements GDPR has for email marketers is surprisingly simple, and yet fundamentally transformative.
Here’s why GDPR is different from all the prior email marketing regulation:
GDPR requires email marketers to obtain consent from consumers for opting in, rather than opting out. So the focus is not on offering unsubscribing options, but for ensuring that consumers understand they are subscribing to something.
The legislation offers clear rules as to what amounts to consent. According to the legislation’s text, consent should be:
- Clearly affirmative
Here’s what no longer amounts to customer
consent for receiving a marketing email:
“Silence, pre-ticked boxes or inactivity should not therefore constitute consent.”
In other words, if you have clients tick boxes to give consent to receive marketing emails, then those agreements are no longer valid under GDPR. Your marketing team would need to regain consent from the clients.
GDPR and Beyond
You might think GDPR only affects the EU. In fact, you need to stay compliant with GDPR if your services reach EU customers from anywhere in the world.
In addition, some companies are already enforcing GDPR laws on marketers. Facebook and Google are prime examples. Companies like Microsoft are applying GDPR to clients around the world, so marketers should take note.
Even if you don’t fall into GDPR jurisdiction, marketers should expect similar legislation to pop up around the world. Canada’s Personal Information Protection and Electronic Documents (PIPEDA) has undergone substantial updates likewise.
How to Run an Email Marketing Campaign in the Future
It’s best if email marketers update privacy policies in anticipation of GDPR-like legislation from around the world. Staying compliant would not be difficult. Based on GDPR, here’s what email marketers can do to legally send promotional emails:
Obtain Explicit Consent
The GDPR bans pre-ticked boxes. It’s easy to understand why. Consumers may click on the submit or download button without even glancing at the boxes.
The idea here is that marketers must have undisputable consent from recipients before sending promotional emails. Therefore, even if GDPR doesn’t apply to you, you should put its recommendations into practice.
Avoid engaging in dubious tactics to gain customer consent to send marketing emails. Clearly state your intention to forward marketing emails to users first.
Ask Recipients to Sign Up
To avoid embarrassing privacy scandals, try to stick to email addresses on your own list. That is to say, avoid sourcing email addresses from data brokers or unknown databases. Create your own list by asking customers for their email address.
In this age of privacy scandals, email marketers are facing a reckoning. The burden is on marketers now to legitimately collect recipient email addresses and to protect those addresses from hackers.
Email marketing practices have been regulated since the early years. But these regulations have mostly been lax. The advent of GDPR in 2018 changes all this.
Now, email marketers need to follow stringent rules to obtain consent from recipients. This fundamentally changes how email marketing is done.
There’s an upside to all this of course. Staying compliant with privacy legislation like GDPR is surprisingly easy. Being more transparent is good for customers as well as businesses that want to avoid scandals.
Sam Makad is a business consultant. He helps small & medium enterprises to grow their businesses and overall ROI. You can follow Sam on Twitter, Facebook, and Linkedin.