Privacy Advocates Criticize RECA’s Proposed Guidelines

Privacy advocates are responding negatively to the “best practice” e-mail marketing guidelines proposed Monday by members of the Responsible Electronic Communication Alliance, an industry self-policing group made up of major players like DoubleClick, 24/7 Media and CMGI’s yesmail.

The rules announced Monday by the group specify “opt-in” as standard practice — and are drawing fire from industry-watchers as being too lax, and too heavily in marketers’ corner.

“We all want “double opt-in” because there’s just too many ways that you can get signed up when you don’t want to,” said Jason Catlett, president of the antispam firm Junkbusters.

“But of course marketers hate it because it reduces their response rate when people don’t bother to read the e-mail.”

Catlett and others have gone on record in support of the double opt-in procedure, which requires that consumers both select to receive marketing e-mail on a marketer’s site, and reiterate that desire to receive messages through a response to a follow-up e-mail.

The importance, say privacy experts, is that often marketers leave the “Un-click here if you do not wish to receive special offers” selection checked — which the industry considers opt-in. In addition, there’s the possibility that someone will sign another person up without their knowledge. Double opt-in ensures that recipients are aware they will receive messages, advocates say.

Furthermore, while the RECA recommends single opt-in as “best practice,” this does not apply to cases “where a close transactional business relationship exists with the user.” There, “Members may employ, and may permit their clients to employ, opt-out.”

But privacy advocates say the exception’s wording is vague and even potentially undermines the group’s advocacy single opt-in.

“That’s intolerable,” Catlett said, “unless it’s a list of people who wish to receive mail from the parties. You don’t get to date your girlfriend’s best friend and you shouldn’t send opt-out e-mail to lists of customers that you buy.”

In response to questions about the appropriateness of single opt-in, RECA president Christopher Wolf said the guideline were malleable in the face of situations requiring greater, or fewer, levels of verification — as determined by marketers.

“The guidelines represent single opt-in as a baseline, but there is a sliding scale based on the transactions and relationships,” Wolf said Tuesday. “This is a practical relationship, which protects consumers. A one-size fits all solution doesn’t take into account the reality of the marketplace.”

“I expect that will be better defined as we go along here, but the concept is clear. Where there is a pattern of contact with consumer and there is sufficient notice, then a check box that a person would uncheck would be appropriate in some circumstances.”

Wolf agreed that the guidelines potentially leave a lot of choices regarding verification to the discretion of marketers — but that marketers would respect the flexibility.

“The organization can’t make the decision for every company,” Wolf said. “But these are some serious companies, and the guidelines are going to be upheld in good faith. They’re serious about giving consumers choice.”

Privacy advocates do approve of several RECA rules, however. The guidelines say e-mails must include language telling recipients how to register complaints and unsubscribe — tougher rules than those proposed by the FTC to Congress, and currently under consideration.

The RECA proposal also states that if a marketing company receives a user’s e-mail address from another company, the marketer may send that user an e-mail that invites the user to

subscribe, and the e-mail must indicate the referrer.

While calling the regulation “a good thing,” Catlett said he felt that transparency is nonetheless “no excuse for a bad practice. Just being up front about a bad practice doesn’t make it tolerable.”

As with the FTC rules, the proposals also state that customers should have access upon request to their personal information, as well as a simple means for contesting and correcting inaccurate or incomplete information.

Interestingly enough, the FTC’s rules regarding profiling and online marketing are based in part on earlier recommendations by another industry self-policing organization, the Network Advertising Initiative, comprised of ad networks including DoubleClick, 24/7 Media, CMGI‘s ad network and technology company Engage and CMGI ad server AdForce.

At the time, many online marketing companies applauded the FTC’s decision to adopt industry-proposed guidelines and recommend them to Congress.

Wolf has said he hopes to win the FTC’s endorsement of his organization’s guidelines.

But Catlett said industry self-policing simply “doesn’t work,” adding that the laws currently under consideration — specifically, HR3113, based on the FTC’s recommendations — “actually has fairly weak provisions that wouldn’t cause these companies any difficulties.”

At the time of their adoption, privacy advocates blasted the FTC regulations’ guidelines as being too heavily in favor of marketers for requiring “opt-out” rather that “opt-in” as the default practice for profiling and marketing e-mail.

Catlett also criticized the RECA for failing to get the opinion of anti-spam and privacy advocates, or to include them in the association.

A spokesman for RECA responded by saying the organization’s rush to organize itself and to draft guidelines made it difficult to consult privacy advocates before issuing the rules — but that it hopes to work with them in the future.

News Around the Web