Privacy – More or Less

As marketers, we should be gravely concerned about the questions of privacy and the ethics surrounding collection and use of what many email recipients consider private information. Please bear with me as I continue my commentary on the topic

As marketers, we should be gravely concerned about the questions of privacy and the ethics surrounding collection and use of what many email recipients consider private information. Please bear with me as I continue my commentary on the topics.

The line between business and marketing email is often blurred, and what affects one nearly always affects the other. Not surprisingly, privacy—and the lack thereof—is of heightened concern to businesses and individuals alike these days. With new and frequent discoveries concerning alleged abuse by both government and private agencies, this shows no signs of diminishing.

Google Is on the Hot Seat
It’s easy to despise Google. The company is a ridiculously successful behemoth that collects an immeasurable amount of data they then choose to use, sell, share and—seemingly arbitrarily—withhold in their quest to profit from what many recipients of email believe to be private thoughts, browsing experiences, correspondences, search phrases and more.

In two separate cases, Google’s collection and use of email data is being challenged.

In the first, a group of private email users have claimed Google illegally intercepted, read, and mined information from their private email correspondence in order to better understand the recipient’s profile and deliver targeted advertisements. (Wait. That sounds a bit like what I do as a marketer …)

In September, California Judge Judy Koh rejected Google’s bid to dismiss the case based upon their argument Gmail users had agreed to allow interception by accepting the company’s terms and privacy policies.

As the legal wrangling ensued, the lawsuit lost a bit of steam when the judge ruled these plaintiffs could not band together in a class-action suit because the proposed classes of people in the case aren’t sufficiently cohesive. Her ruling may well impact a number of other email-privacy cases in which she will be asked to rule, including lawsuits against Yahoo and LinkedIn. (In other cases, Facebook and Hulu are defending their right to monetize their members’ data.)

In a submission to the court, Google has said users of Google’s email service Gmail should have no “legitimate expectation” that their emails will remain private. A “stunning admission” of the extent to which internet users’ privacy is compromised, proclaims Consumer Watchdog (CW), a US pressure group.

This causes me to ponder: Yes, of course, Google collects more information than we do—but is it simply because they can? If we, as marketers, had the ability to collect to the same degree, would we? Is the difference between Google and my company the temperance with which the small business (compared to the conglomerate) would collect? As I said in my last blog, Spider Trainers—and other marketers—should proceed carefully, respectfully, and exercise care in not just what to collect, but how to use it. But is that a distinction without a difference to the average recipient?

Students’ Consent
In a similar lawsuit, students in California have come toe to toe with Google claiming the company’s monitoring of their Gmail violates federal and state privacy laws. This case, being heard by the U.S. District Court for the Northern District of California, was brought by nine students whose emails were subject to Google surveillance because their accounts were provided in part by Google in their Apps for Education suite; a suite touting more than 30 million users worldwide, most of whom are students under 18.

Google admits to scanning student emails to serve students targeted advertisements even though display ads are not shown in Apps for Education. Contained in a sworn statement, Google “does scan [student] email” to “compile keywords for advertising” on Google sites.

What’s different about this case is the age of the typical recipient. FERPA (Family Educational Rights and Privacy Act) issued in 1974, ensures the privacy of records of students under the age of 18 and, as big as Google is, they should not be immune to legal constraints of this act. Like the previous case, the students are seeking class-action certification for the case.

This begs the question: Are marketers immune? Perhaps in our B-to-C events, we too must be mindful of the age of our audience. Certainly we know that we are collecting more than most of our recipients imagine. What preteen suspects that emails from her favorite store are actually vehicles for accumulating information about her buying behaviors in order to send her more relevant email offers?

Extending Acceptance
The pivotal topic in many of these Google and Gmail users discussions should be this: Even if the sender understood and agreed to the terms and conditions, that consent could not and should extend to the recipient who has not consented and who is probably unaware their data and profile is being assimilated from these communications. The Electronic Privacy Information Center (EPIC) is also concerned about Google’s ability to build detailed profiles of Gmail users by augmenting email-collection data with information collected by Google’s search-engine cookies, though Google denies such cross referencing occurs.

The Government
For most adults, searches are easily defined. If law enforcement suspects of us wrongdoing, they get a warrant, search our house, our car, our locker, and then seize the evidence of a crime. With an email account—be that Gmail or any other—it’s different. Emails are seized first and then searched for evidence. It’s similar in approach to the argument of the Obama administration for collecting every American’s phone records—law enforcement doesn’t know what is relevant until they have reviewed it all. In other words, it’s a fishing expedition on a grand scale.

So, it’s not just the private sector misbehaving if a federal judge has found it necessary to admonish our own justice department for requesting overly broad searches of people’s email accounts—nearly all of whom have never been accused of a crime. It’s widespread, but worse; all data collectors are at risk of being painted with the same brush. It’s coming to this: If you’re collecting data, you must be committing some sort of offense in the form of invasion of privacy, and perhaps even acting illegally. (Wow! All I wanted was to send you a personalized dog food coupon because you have three mastiffs and a poodle named Fred, Pete, George, and Ginger.)

In this case against the justice department, Judge Facciola concluded prosecutors must show probable cause for everything they seize – especially since it is possible for companies to easily search for specific emails, names, and dates of content relevant to an investigation. It’s therefore not necessary to ask for all electronically stored information in email accounts, irrespective of the relevance to the investigation.

Education
It’s going to become necessary to become educators—we marketers must educate our clients on appropriate collection and use in order to delineate what we do from what is happening with Google, NSA, Yahoo, and others. Without our input, and our self-regulation, it is quite possible that we will be spoon-fed rules of engagement—and likely that those rules will reduce future access to less than what we have now.

With the caching of images and relegation of email to specific tabs, Google is already getting in between us and our recipients by intercepting data to which we’ve already become accustomed. It’s a slippery slope to be sure, but we do have an opportunity to steer this downhill roll in a direction that will protect our ability to be good marketers in a healthy balance with the privacy of our recipients.

In Other News…
In an ongoing case, a U.S. appeals court has again rejected Google’s argument that it did not break federal wiretap laws when it collected user data from unencrypted wireless networks for its Street View program.

In the U.K., the High Court ruled Google can be sued by a group of Britons angered when using Apple’s Safari browser by the way their online habits were apparently tracked against their wishes in order to provide targeted advertising. Google asserted the case is not serious enough to fall under British jurisdiction.

Microsoft is feeling the heat after acknowledging it read an anonymous blogger’s emails in order to identify one of their employees suspected of leaking information. The FBI was involved only after the emails had been read.

Maybe I need a new blog: Privacy Erosion.

Will There Be a ‘Snowden Effect’ on Marketing Data?

I didn’t even want to write this headline or blog post, given the fault-filled linkages some people make between marketing and something completely different from marketing. But it never seems to fail: Whenever some big news event captures the media’s attention, politicians’ attention surely follows. And when it has to do with consumer privacy, the results for the private sector—and use of marketing information in particular—are rarely favorable

I didn’t even want to write this headline or blog post, given the fault-filled linkages some people make between marketing and something completely different from marketing.

But it never seems to fail: Whenever some big news event captures the media’s attention, politicians’ attention surely follows. And when it has to do with consumer privacy, the results for the private sector—and use of marketing information in particular—are rarely favorable. This is true even when the responsible use of marketing data has NOTHING to do with the scenarios presented in the news.

U.S. legislative history is strewn with such evidence, linking (erroneously) marketing with some sensational occurrence other than marketing. Here are just three of them:

  • An actress is murdered in Los Angeles (1989). It turns out the murderer hired a private investigator to get her address from the state motor vehicle department, and then stalked and killed her. A bevy of state and federal anti-stalking laws are passed—but Congress passes an additional one, the Driver’s Privacy Protection Act (1994). Would you believe, state motor vehicle registration and license data is curtailed for marketing purposes (data that had been worth millions to the states, never mind losing the beneficial impact to automotive and insurance marketers and consumers), even though such data had nothing to do with the crime?
  • A child is kidnapped and killed, again in California (1993). A grieving father goes on a publicity rampage against presence of children in marketing databases—even though the horrible crime had nothing to with marketing, and even with state law enforcement officials testifying in public hearings following the crime that perpetrators of crimes against children most often stalk their victims physically (from an era prior to social media). Nonetheless, California and national media go after compilers of marketing data related to children. The stage is set later that decade for new privacy restrictions for children’s marketing data online.
  • Judge Robert Bork is nominated by President Reagan for the U.S. Supreme Court (1987). An enterprising reporter manages to publish a list of video titles rented by the nominee (all of them benign, by the way). A concerned Congress—no doubt thinking of its members’ own video rental history—passes the Video Privacy Protection Act (1988), shutting down marketing access to video titles from customer rentals/purchases.

And this summer, we have the National Security Administration revelations from Edward Snowden regarding public surveillance of U.S. citizens in the name of anti-terrorism. Now, we can only guess on what potential debilitating effects may be ahead for marketers, but you can bet some politicians or regulators are drumming beats for a response.

Privacy law in America should be about protecting individual liberty from abuse of information by the public sector—and leave the private sector alone, except in cases where there are demonstrable or probable harms from data misuse or errors. Such is the case with personal financial, credit and health data, for example, where the U.S. government wisely has taken a sector, pragmatic approach.

But Snowden’s government surveillance revelations could very well have a “chilling” effect on more broad marketing data collection and use, too. Politicians, in the name of protecting consumer privacy, may very well rush to curb data-driven marketing activity, rather than tackling the much-harder and real culprit, that is, spying on innocent Americans (and government acquiescence of such activity).

Concurrent to the NSA revelations, the Federal Trade Commission increasingly is vocal on “data brokers” and marketing activity—and trying to link data collection for marketing purposes to non-marketing purposes. Yet, it is dishonest, disingenuous and spurious to do so—and doing so fans fear and hypotheticals, instead of rational thought. There is no relationship between responsible data collection for marketing purposes—which only delivers benefits to the economy, and tax revenue, too—and data used for insurance and premiums, hiring purposes, and certainly the federal government’s activities to monitor internet and telecommunications in order to profile or detect would-be terrorists.

Marketers—for 40 years—have operated under a successful self-regulation code of notice, consumer choice, security and enforcement—and central to this is the use of marketing data for marketing purposes only. That’s as true online as offline. Where would we be without consumer trust in this process?

It may be very appropriate here to legislate what government may access—and how they may access—when it comes to personally identifiable information for surveillance or anti-terrorist purposes. But don’t even utter the word “marketing” in the same sentence. Let marketers continue with self-regulation: We offer consumers notice and opt-out, we focus strictly on marketing purposes only—and everyone benefits in the process.