The Debate Over Federal Privacy Laws and Regulations has taken a crazy turn as consumers are increasingly concerned about their privacy. States like California enact strict and stringent privacy laws at the local level.
As such, there is more thought to what a federal privacy law should look like and how much it would protect. consumers. Complying with the strictest policies is a good source of inspiration for determining the right strategy to protect your brand and your customers. This is not only a preventative way of avoiding trouble, but, more importantly, it will create the best and most reliable experience for your customers.
The Descending Approach
Surprise that the General Data Protection Regulation (GDPR) is the most stringent privacy regulation in force in the world. European Union. The fact that it covers such massive markets as the UK, Germany, France and the rest of the EU means you can not ignore it. The who in "who is covered" by the law is based on the physical location: a French citizen residing in Los Angeles is not covered by the RGPD; however, a Mexican expatriate living in Germany would be covered as it is one person concerned with the data in the European Union.
All this seems simple enough, right? Not so fast. Imagine these two people have a @ gmail.com address. How would you know where they are located or their national origin simply on the basis of an e-mail address without geographical designation, as in a top-level domain @ Yahoo.fr?
Instead of focusing on Carmen Sandiego, where the world is, should aim to establish policies that comply with the strictest privacy laws. Not for fear of the heavy monetary burden of non-compliance, but because it's just good for business. This is the new standard on how brands should manage and take into account customer data. It is also the law in a growing number of countries around the world.
Let's briefly look at what consent means under the PMR: consent under the GDPR must be given freely, whether specific, informed and unambiguous. However, prior to the release of the General Privacy Report, Europe had the 2002 Directive on the Protection of Electronic Privacy, which dealt more directly with electronic marketing and set the standard for the protection of privacy. consent. The double opt-in is a solid way to comply with the appropriate consent and control requirements for the GDPR and the Online Privacy Directive. It is important to note that a directive does not apply directly to European Member States. An EU directive is rather an obligation for every EU country to enact laws at Member State level implementing the EU directive. As a result, there are differences between Member States, some being stricter than others in the way they apply the Directive. In the case of consent rules for electronic marketing, Germany tends to be the strictest by generally requiring a double opt-in. However, double opt-in is not the only requirement – things such as pre-ticked boxes are anathema in the RGPP – so you need to think about all the ways you currently get consent and if that consent is accepted with the different consent frameworks.
If this seems too far from companies outside of Europe, think again. Companies are voluntarily introducing dual opt-in schemes for new subscribers. This approach ensures that regardless of the client's place of residence, consent is obtained in accordance with international privacy laws.
But there is another reason for this: uninformed consent may result in higher and certainly lower complaint rates. commitment. Recipients who do not realize they have chosen to receive communications from a company that deliberately or unconsciously conceals their consent are much more likely to mark messages as spam. With inbox placement being a user-centric and engagement-focused exercise, consent is at the heart of creating and maintaining your email program.
Consent and confidentiality rules, many companies choose to eliminate the oldest and worst performing segments of their lists . This approach is a direct manifestation of the "less is more" approach to data management and email marketing. Being present in each inbox is not a recipe for success. On the contrary, it creates a risk that can affect your entire program.
The Winds Turn
States such as California do not expect the federal government to adopt more stringent privacy regulations. The FTC recently completed its review of the CAN-SPAM Act of 2003, which controls the aggression of unsolicited marketing. The conclusion of the 10-year review is that no change is necessary despite the massive evolution of the digital marketing market and the adoption of policies such as the Canadian Anti-Spam Law (CASL) and the RGP in Europe. The FTC essentially concluded that the US could remain an optional framework for e-mail rather than directing it to an optional best practice.
In the 2018 election, Californians passed the California Consumer Privacy Act. (CCPA) which brings California closer to a European framework in relation to the policies of the FTC. The law puts more emphasis on what happens to consumer data by controlling the sale of these data and giving them the choice to prevent their sale and use.
Under ACCP, responsibility for the proper collection, storage and processing of consumption data now shifts to those companies that have important data in or at the center of their operations. It allows Californians to determine the type of data that the company can have about them, to give them access to this data and to allow them to refuse the sale of their data. Businesses with revenues equal to or greater than $ 25 million will be required to comply with the CCPA, purchase or receive annually for commercial purposes the personal identification information of 50,000 or more people, or draw at least 50% of their annual revenues from the sale of consumer personal information. The law, as it is currently drafted, is aimed at large companies for which the personal data of the consumers are at the heart of these activities or represent a considerable amount of data.
But consent is only the tip of the iceberg when it comes to RPGs. The way data is stored, manipulated, transferred and reduced are all the main facets of the GDPR. Similarly, CCPA focuses on sharing and selling – and in some cases collecting – data from California residents, while broadening consumers' rights and access to their data. The short answer is that personal data and our ability to keep our private data become more and more important. The right to privacy is a fundamental human right under European law, which is ideologically different from the way we think about privacy in the United States – but the world is changing, and change is driven in part by the seemingly free collection of PII.
The data allowed the success of a myriad of activities and gave birth to a wide range of technologies informing us of everything from the performance of our cars to our sleep. However, it is impossible to discuss the benefits of Big Data without mentioning data breaches, scandals and the vast array of personal data that are all driving significant changes not only in our markets, but also in legislatures. India and Brazil have recently created their own privacy protection framework. These changes outside of the first world countries announce important milestones to take into account when considering the type of compliance framework that will guide your membership practices, data processing and methodologies. Users' access.
A cautious approach is to ask your legal advisor for specific privacy advice and support to determine how your business might be affected by future changes. One thing is certain: it is not the global network of the 90s. We are in a new era and the world is creating new laws to tackle the difficult problems that have arisen through storage and the use of computers. analysis of large data sets. The only question is: how will your company go its way?
The opinions expressed in this article are those of the invited author and not necessarily those of Marketing Land. Associated authors are listed here .
About the Author
Len Shneyder is a Veteran of Electronic Mail and 15-Year Digital Messaging and Vice -president relations with industry at Twilio SendGrid . Len acts as an evangelist and promoter of best practices, in addition to generating thought leadership and insights based on industry trend data. Len represents Twilio SendGrid on the board of the M3AAWG (Messaging, Malware, Mobile Anti-Abuse) Working Group as Vice President and Co-Chair of the Program Committee. He is also a member of the Advisory Committee of Members (MAC) of the Email Experience Council, where he holds the position of Vice President of the organization. The EEC is part of the Direct Marketing Association of America, a nearly 100-year-old organization where it also sits on the ethics committee. In addition, Len has worked closely with the Email Sender and Provider Coalition on issues related to data privacy and email deliverability.