U.S. Congress Planning Broader Email & Digital Marketing Enforcement and Regulatory Power for the FTC

The recession has made citizens more attentive to scams, especially those that promise easy money or frighten people about the banking system.  This accelerates the already large regulatory agenda of the U.S. Federal Trade Commission (FTC), whose role as a “civil prosecutor” includes regulating and enforcing protections from online offers, advertising and email marketing.  Congress is also stepping up, and two major initiatives around privacy protection and the role of the FTC are in active play.

Partnering with all of us in the email industry and watching to make sure we properly self-regulate remains a key component of the FTC’s plans, says Lois Greisman, Director, Division of Marketing Practices for the FTC Bureau of Consumer Protection, who joined our annual Email Experience Council legislative update webinar on May 19th.  “Our goal is to stop fraud and scams as quickly as possible, to shut down offenders, and, where appropriate, seize assets and reimburse consumers,” she said in the webinar.

The recording of the full event is available in the eec Research Store and is free for eec members.

The U.S. CAN-SPAM Act of 2003, which regulates permission practices for email marketing, continues to be a key anti-fraud tool for the FTC.  Greisman noted several successes in prosecuting spammers and other deceptive practices and said enforcement continues to be a major priority.  “CAN-SPAM has worked well to level the playing field among legitimate online marketers,” she said.  She also added that she was not aware of any active proposal by the FTC or Congress to expand or change the law.

However, there are two active proposals of new legislation that could have significant impact on email marketing and the email industry as a whole.

  1. Online Privacy Protection Bill A “Discussion Draft” of a bill to require notice and consent to any individual PRIOR to collecting or using personal information was released in early May in the US House of Representatives from Representatives Rick Boucher (D-VA) and Cliff Stearns (R-FL).  Industry and consumer groups alike are not happy with the draft, including the DMA.  Although it may seem at first that the so-called Boucher Bill was just about online behavioral advertising conducted by large marketers; it turns out that it’s very broad and far-reaching on privacy and data security.  During the webinar, Jerry Cerasale, VP, Government Relations for the DMA, gave a very good overview of coverage, exceptions and terms of notice.  Basically, it impacts nearly all kinds of “first party” senders as well as any other company that has access to that data as a “third party.”  It proposes coverage of an extensive list of “unique and persistent” personal data on consumers.

    “One potentially bad impact this could have on the email industry concerns the scope of covered data, including email address, IP address, and other unique, persistent identifiers,” says panelist Tom Bartel, CIPP, VP, Receiver Services at Return Path.  “If the exceptions for transactional and operational purposes and for service providers are not effective and clear, this bill could interfere with many industry collaborations.  This includes IP-based reputation systems – data that determines if email messages reach the inbox or not.  It may also impact the operation of Feedback Loops provided to email senders by mailbox providers like Yahoo! and Hotmail.  These feedback loops are a key component in how the industry keeps bad actors out of the email ecosystem."

    Both Representatives Boucher and Stearns have indicated a willingness to work with industry and have requested comments on the bill, due by June 4th.  Cerasale said the DMA will be commenting.

  2. Expansion of FTC Powers: Congress is also considering significantly expanding the powers of the FTC as part of the Wall Street Reform and Consumer Protection Act (HR 4173).  There is not a corresponding bill in the Senate, although Cerasale said in the webinar that one may be introduced later this year. 

    Part of the proposed regulation would give the FTC “unbridled authority” to create rules around “unfair or deceptive acts or practices” for many industry sectors.  Cerasale expressed concern about this, and said that more checks and balances are needed.  It is also unclear how this expansion will impact emerging technologies like social or mobile, he said.

    Another part of the proposed bill increases the FTC’s enforcement powers to seek civil penalties.  “That may be helpful in catching spammers and other abusers of email marketing,” said Rick Buck, CIPP and VP, ISP Relations and Privacy at e-Dialog.  “Marketers who feel they are exempt from prosecution because they are legal under CAN-SPAM may be following the letter of the law, but not the spirit.  I encourage everyone to go beyond the legal requirements and aim to provide email experiences that are welcome and engaging to subscribers.”

    The FTC’s Greisman said only that, “We welcome any support from Congress that helps the agency be more effective and efficient.”  There are some “tools that we lack which Congress may grant us the power to use,” she said.

    A third element to this proposed legislation is on responsibility/liability of the delivery provider (broadcast vendor, ESP, MTA Vendor) if their clients do not follow CAN-SPAM or other regulations.  “This aiding and abetting aspect is very concerning,” said webinar panelist, Dennis Dayman, VP, Privacy & Online Security at Eloqua.  “Blurring the lines between purveyor and sender may place an undue penalty on others in the ‘chain of responsibility’ for all brands involved in online advertising or other online acquisition efforts, like third party email senders and publishers,” Dayman said.

Greisman also reported in the webinar that there is no significant update on the behavioral targeting protection guidelines that the FTC has had out for comment for over a year. “Nothing will happen without input from industry,” she said.  Since the mandate from the FTC has been, “self regulate or else,” the webinar panelists Buck, Bartel and Dayman had a number of suggestions for marketers to follow best practices, including:

  1. Ensure transparency in disclosure and notice of permission and use of data.
  2. Be very clear about opt out vs. opt in.  CAN-SPAM requires only an opt-out, but that is the “bare minimum,” Buck advises.
  3. Update your Privacy Policy and provide prominent links.
  4. Audit your data usage practices.
  5. Be clear on use of data in all web forms and at the point of collection/sign up.

Marketers and everyone
in the email industry can support the FTC, Greisman said.  She suggests:

  1. File a complaint.  When those complaints are also referred by the DMA, they are particularly helpful, Greisman said.
  2. Make sure your opt out mechanisms are working.  (e-Dialog’s Buck recommends checking this at least annually, and preferably monthly.)
  3. Be clear about the sender and the advertiser relationships.  (Return Path’s Bartel recommends first party senders consider “framing” the content from third parties or advertisers and clearly distinguish between editorial (original content) and advertising.)
  4. Keep data clean, particularly around new sources.  (Eloqua’s Dayman also recommends care around affiliates’ use of data.)

The legislative update webinar was sponsored by Eloqua, e-Dialog and Return Path, with technology sponsor GoToWebinar.  The recording of the full event is free for eec members.  More details on these and other legislative issues important to digital and direct marketers is in the DMA’s quarterly government affairs newsletter, Politically Direct.

– Stephanie Miller
Return Path & eec