FTC Privacy Framework: Time to Stand Up and Take ‘Notice’

Back in 2003, I advocated that e-mail marketers create a distinct policy separate from their privacy policy to disclose all of their e-mail marketing practices.

The goal then was to increase consumer education and transparency with e-mail marketing, notably with e-mail list sharing.

Fast forward more than seven years to the FTC’s recent privacy report, and the marketing industry is being urged once again to review and update industry practices. The FTC and other policy makers have been calling, in particular, for privacy and data use notices to be “clearer, shorter and more standardized.” While the FTC is still defining what this means, and expects that the industry will provide appropriate feedback on this preliminary report and proposed framework, here are some issues to consider in advance of the final framework.

First-Party vs. Third-Party Marketing

The FTC report makes a clear distinction between consumer acceptance of first-party marketing practices versus other marketing practices, which is a good start toward building consensus. The report goes so far as to state that it is not necessary to require users to give consent for each and every type of first-party or “customer-related” marketing practice, such as e-mail product recommendations based on prior purchases or sharing data with e-mail service providers (ESPs) who assist with marketing efforts on behalf of a first party. However, when it comes to sharing data with affiliates that are not under a common brand, the report recommends enhanced disclosures and user choices, which may be a bit more controversial.

For the most part, the e-mail industry is well ahead of the report’s recommendations where third- party e-mail sharing typically includes a clear notice at the point of collection – as is the case with most co-registration practices. However, if companies are engaged in third-party e-mail sharing, as may be the case with most sweepstakes that require users to simply consent to a privacy policy at the point of e-mail collection, then the time may have come to reconsider that practice and provide a clearer e-mail sharing policy statement distinct from the privacy notice.

Permission Is Neither Black nor White

While reviewing my past contributions to ClickZ, this column about e-mail permission is not only still valid, but is now re-enforced by the FTC in the report, when it states that:

“Indeed, a clear, simple, and prominent opt-out mechanism may be more privacy protective than a confusing, opaque opt-in.”

This doesn’t mean that all marketers should start pre-checking boxes that are currently unchecked, but rather ask someone who is not in your company or industry, like a parent or child, to read the consent language and see if it makes sense upon the first reading. The goal should be to have language and a format that’s clear and understandable. This may take a focus group, or even consider testing it as is typically done with landing page optimization, to ensure optimum usability.

The Real Task: Making Marketing Notices a Common Standard

The FTC is asking pointed questions from the industry about the types of notices and choices marketers should be offering to consumers. Even so, the FTC makes some prescriptions that would signify their direction, such as a reference to the Gramm-Leach-Bliley Act “layered notices” that has received some adoption by the financial services industry in the form of a “food label” type privacy notice. The FTC goes farther in asking marketers to consider how such a standard could apply to all of the ways companies collect and use data for marketing from offline to online to mobile and beyond, which is a daunting task. However it’s eventually decided, marketers have a responsibility to their customers and consumers to review their current notices, and figure out better ways to make them more transparent and relevant. One way is to emulate the best forms of notice from relevant companies in your sector. Whether by mandate, collaborative best practices, or by “following the leader,” I strongly believe such a standardization effort will take shape just as the industry accomplished the standardization of simply having a website privacy policy just over 10 years ago.

Final Word: Make Your Voice Heard

The FTC report is a first step in re-focusing the industry on unresolved consumer protection and privacy issues, but the agency needs to hear from stakeholders in the commercial sector about whether its framework actually makes sense. This comment period is only open until January 31, 2011, which may be challenging for most marketers to consider until after the holidays have passed. Please note that there are so many aspects to the questions being asked that could negatively impact marketers. Companies must engage directly with the FTC so that these issues can be solved in lieu of federal or state legislation that could be dramatically worse than the proposed framework.

Engage others in commentary online here on this column, through your own social media channels, or better yet – join your relevant trade association that can foster collaboration with others and file comments on your behalf. Whatever you do, don’t allow the FTC to finalize a framework that may directly impact your business without your voice being heard.

Related Reading:

ClickZ: FTC Wants Do-Not-Track for Online Ads by Kate Kaye

ClickZ: House Meets to Discuss Do-Not-Track, John Kerry to Propose Privacy Bill by Kate Kaye

Related reading

Overhead view of a row of four business people interviewing a young male applicant.