The email industry largely represented a lawless Wild West for many years, with senders calling the shots. But an increase in both the availability and use of personal data combined with a rising number of data breaches have ushered in a new era of regulation driven by consumer privacy rights.
Between 2000 and 2017 there were two primary email regulations: Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) and Canada’s Anti-Spam Law (CASL). Details on each include:
Then, in 2018, data breeches abruptly shifted consumer attention to the lack of transparency for how personal data might be captured, stored, and used. Not only did Facebook confirm hackers stole highly sensitive data from 29 million customers, several other brands were also hacked during the year, including: Marriott Hotels; MyFitnessPal; Google+; Ticketfly; Cathay Pacific; T-Mobile; Orbitz and British Airways. As a result, consumers’ trust of brands using their data changed, as did their willingness to provide personal information to brands.
Amid a year filled with data breaches, new legislation was rolled out to address the growing importance of data security. In May 2018, the General Data Protection Regulation (GDPR) went into effect. GDPR applies to all companies processing the personal data of people residing in the European Economic Area (EEA), regardless of a company’s location. With GDPR, companies are accountable for their collecting and handling of people’s personal information, while individuals are granted more power to access and control information held about them. When it comes to email opt-in, GDPR requires that brands collect affirmative consent that is “freely given, specific, informed, and unambiguous” to be compliant.
Other countries around the world took notice and drafted their own versions of privacy legislation on the heels of GDPR, including the Australian Privacy Act Amendments; Chinese Draft Regulations on the Classified Protection of Cybersecurity; and Brazilian General Data Protection Law, scheduled to go into effect February 15, 2020.
In the U.S., bills and bill drafts related to consumer data privacy have been introduced or filed in at least 25 states and Puerto Rico within the past year. America’s first privacy law, the California Consumer Privacy Act (CCPA) is scheduled to go into effect January 1, 2020. CCPA will allow consumers to force companies to disclose what personal information they have collected and provide consumers with the right to force companies to delete that data and refuse its sharing with third parties. Companies will also need to provide up front disclosure about what data they collect. While CCPA is a state law, it covers out-of-state merchants who sell to Californians or display a website in the state.
For marketers, the rising tide of consumer privacy legislation has clearly changed the rules of the game. These changes come at a time when the availability and use of consumer data has already increased consumers’ expectations about their customer experiences. A survey by data company YouGov found that 47 percent of consumers had higher expectations about their customer experience as a direct result of sharing personal information with companies.
Consequently, consumer preferences and privacy have a significant financial impact on email program success; and therefore, play an increasing role in email program strategy.
According to email marketing platform provider Campaign Monitor:
If you haven’t already established a plan to be regulation-ready, now is the time. Here are three key features that every plan should include:
In the new era of consumer privacy legislation, it is critical to gain subscribers’ trust by demonstrating your ability to protect their data. By planning ahead, marketers will be prepared to use that data to provide highly relevant, individualized experiences.
Disclaimer: Nothing in this post should be considered legal advice. Marketers should work closely with their company’s privacy and legal teams for insights and direction about legislation compliance.
This post originally appeared on MarTech Cube.