More Rules and Regulations for Content Marketers

So, content marketers, let’s talk about the regulatory environment more broadly, because one thing is for certain: the web, as wild and woolly as online discourse may be, is no longer the Wild West. Online marketing is now being held to a much higher standard.

Privacy protection, accessibility, and copyright —  oh, my!

Last time around, we talked about data privacy regulations as they apply to non-transactional sites. As confusing a landscape as those regulations currently present, they’re not the only regulations with which you need to be aware and compliant.

So, let’s talk about the regulatory environment more broadly, because one thing is for certain: the web, as wild and woolly as online discourse may be, is no longer the Wild West. Online marketing is now being held to a much higher standard than it has been, so you’ll want to be sure you have a plan in place to build your site by the book and to remain compliant. Otherwise, you risk spending more time talking to lawyers than to prospects.


If you built your website without accessibility in mind, chances are you’re not going to be happy when your website developers tell you what it’s going to cost to make it compliant. In many cases, it can make more sense to start from scratch, given the investment involved.

On the plus side, the cost to design and build a new website with compliance in mind is only incrementally greater than building that same site without WCAG Level AA compliance as your goal.

There is some extra work to be done, but for the most part, compliance requires a change in mindset for designers and some slightly different coding tactics for the dev team. Once that’s in place, it’s really only a matter of making sure new content additions are made in a compliant manner. (Image alt tags must be included, for example.)

You’ll want to include an accessibility statement on your site that includes a way for visitors who are having trouble consuming your content to contact you and seek remediation.

Privacy and Data Protection

As we’ve discussed, you need a privacy policy and you need to abide by it. If you haven’t told people that you’re planning on selling their email addresses to the highest bidder, you probably can’t. (Regulations differ by jurisdiction and industry; check with a lawyer.)

Once you have a collection of data, you need to take steps to keep that data safe, both in storage and in any transmittal or other use. Again, your industry may have specific compliance standards that you have to meet, and you may need to document the protections you’ve put in place.


If you don’t own it, don’t publish it. This should be obvious, but often marketers make mistakes that can be costly.

Images are the most common area where errors occur. Doing a web search and then publishing any old image you find is a recipe for disaster. Going through a respected stock image library and paying for the images you use is the safest approach.

If you’d prefer not to go that route, you can use the Google Advanced Image Search tool. It is an excellent way to search for images to use in your digital marketing if you filter to include only those that are “free to use, share, or modify, even commercially.”

Don’t even think about trying to use an image from a stock image library without licensing it. They can and will find you. They can and will demand payment, usually well beyond what the initial license would have cost. (Also worth noting is that technically, for most stock image libraries, any image you use should be licensed under your firm’s name rather than by your design agency. That approach is also just smart business, because you may not always be working with that design team.)

When copy is purloined, it’s even easier to track down. Even if you get away with it, the search engines may very well penalize you for publishing duplicate content. There are other ways to get on the search engines’ bad sides, so be careful if you’re republishing content from other sources, even if it’s content that you have the right to republish.

Finally, think twice before stealing code. It’s an open source world, but that doesn’t mean you’re free to take and use anything you find in your travels. At the very least, attribution may be required. Most code libraries, snippets, etc., may require license fees — regardless of how they’re used. Some require payment only if you want updates or support. This can be harder for marketers to police, so be sure to have a regularly scheduled review with your dev team.

Spend Time on This

These regulations — and whatever may be coming down the pike in the future — make investing in digital expertise ever more important. Your team needs the time and mandate to stay on top of what regulations apply to your business and best practices for remaining compliant.

Why GDPR Matters More Than You Think

The GDPR grants European Union (EU) citizens power over their personal information, giving them a literal off-switch for how their personal data is used. While this gives more control to consumers, it creates more work for marketers and potentially more litigation. This matters more than you think.

GDPR is here, and yet the world still spins. For some all is well, for others all is not well. Nonetheless, let me take this opportunity to share with you a story.

Fresh out of graduate school I was on a mission to prove myself capable in the business world. I took a position as number two at a privately held accounting firm. This was the halcyon days of Sarbanes–Oxley. Google was not yet the dominant species and your personal information was as likely to be in a file cabinet as it would be on a server. Back then, protecting customers’ digital information was a certain form of alchemy. An alchemy I was able to practice during my first tax season.

For the uninitiated, tax season is a non-stop cavalcade of social security numbers, W2s, receipts, and bank routing numbers. We were a midsize firm, hosting our own servers, with twenty thousand or so clients. We looked like a tasty (and easy to acquire) target for the nefarious sort. In the middle of my first tax season, we became a target.

Our founder came crashing into my office, and of course, I was with a client. He yelled in a panic, “We’re being hacked! What do we do?” As I calmed our client’s nerves, assuring them their information was safe; I walked into our server room, and turned off the power. I then calmly turned to our founder and said, “Now they are not hacking us anymore.”

We had an off-switch.

A way to protect our data by simply removing our system from the source of the problem: connectivity. In a lot of ways, that is the spirit behind the European Union’s (EU) new data privacy law, the General Data Protection Regulation (GDPR). The GDPR grants EU citizens explicit power over their information and the right to decide what companies keep, how it is used, and whom it can be shared with. It also grants the right for EU citizens to take their information back (and in essence removed from a company’s servers). For a fantastic primer on GDPR compliance for marketers, check out Heather Fletcher’s guide.

It is an off-switch for the storing and use of personal information.

More Control for Consumers

The GDPR is not just about protecting privacy. It is about shifting control of personal information into the hands of consumers and away from businesses. A strangely anti-libertarian move that introduces conflict between data retention laws in regulated industries (such as banking and securities in the U.S.) and the individual rights it grants to consumers (something the inevitable case law to sort out). The intent is clear; consumers should have control over their personal data, not corporations.

While the implications for marketing are not yet be fully known, the GDPR requires (massive) changes to systems. Especially niche ones that specialize in consumer data and analytics. Entire industries may vanish and new ones are already emerging. The impact of the requirements, and how they are enforced, effects marketing technology as it is now, and how it is developed. Not to mention the impact on the development of AI, machine learning, and other emerging marketing technologies.

This is not conjecture, the GDPR text specifically calls this tension out. In the provision on Legitimate Interest one section reads, “Abiding by all this likely drastically reduces the amount of personal data a controller or processor is able to freely process both due to subjects not opting in and the loss of prior collected data.” The framers of the GDPR expect a sizeable decrease in the personal information that can be used in marketing. Opening the door for a new set of regulations FinServ marketers need to manage.

More Regulations for Marketers

Ahh yes, the fiery ritual of regulatory compliance. The ebb and flow of pushing boundaries and finding leverage points in regulations. Teetering on that fine edge marks the life of a marketer in the FinServ industry.

Raise your hand if you have had an excellent marketing piece rejected because it did not pass regulatory muster.

While the job for marketers is to find creative and engaging ways to generate interest in products and services, for many in the FinServ industry, it is their compliance officers job to make sure it is within the legal boundaries of what is acceptable. GDPR may make the relationship between marketing and compliance more crucial.

Up until now, all FinServ marketers had to worry about was regulators liking what we say about our products and services. With the introduction of stricter consent rules, comes the introduction of more regulations.

Organizations impacted by the GDPR, will now have to demonstrate compliance in new areas, including audit trails for how data is acquired and consent was earned. The costs associated with this are enormous. As much of the data that is collected and processed, exist on disparate systems. For some companies, it may be cheaper to pay the fines, then to do the work to come into compliance.

More Gray Areas for Litigators to Sort Out

I take a great amount of joy in using data to solve organizational problems, especially in marketing. There is something about eradicating opinions with a well-executed A/B test. Better yet, using historical customer behavioral trends to build predictive models and forecasting tools. For those who do business in the EU, however, those scenarios are now a bit more difficult.

While gray areas are found in most of the GDPR, a couple of provisions introduce gray areas for common marketing practices. The two provisions that may yet reek havoc on marketing are the profiling and processing provisions.

GDPR compliance requires that individuals be able to opt out of being subject to automatic decision making, which already includes the use of cookies on websites, but can also mean personalized marketing. Further, individuals must also give consent to their information being processed, whatever that means.

While it is uncertain how the inevitable lawsuits and regulatory challenges will shape these areas, what is clear is that the GDPR was designed to force change. This means that EU citizens can say no to being part of marketing automation, and no to their information being augmented by third party services. Both common practices in digital marketing.

You need not be clairvoyant to see the litany of litigation that will challenge these provisions. Especially when business start shutting down or are fined for doing legitimate activities with consumer data. At the very least, many of us will need to start keeping an audit trail of where, how, and why we obtained information about our customers. Just in case.

A New World of Marketing Possibilities

To my boss at the accounting firm, my solution to our hacking problem was unorthodox and revolutionary. It was something that he would never have thought of. A course of action that was as creative as it was pragmatic.

It was literally an off-switch that changed the way we dealt with hackers.

And what do marketers do best? We take constraints and limitations and exploit them, find the leverage points and go. While the GDPR introduces new limitations, it also opens up a whole new world of marketing possibilities we do not know yet. There GDPR is here and make no mistake, while the US may not adopt all of what the GDPR is, similar controls will make their way across the pond.

Consumers will be given an off-switch for their data and that changes the game.

So Why Does GDPR Matter More Than You Think?

Whoever figures out the leverage points within the GDPR and how to use them as an advantage in marketing gets to define how our game will be played.

Vendors in the Interactive Marketing Space React Positively to New FTC CAN–SPAM Rules

Vendors from the interactive marketing space are reacting positively to the news from earlier this week that the Federal Trade Commission has approved four new rule provisions under the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM).

According to the FTC, the provisions–which are intended to clarify the Act’s requirements–address four topics:

Vendors from the interactive marketing space are reacting positively to the news from earlier this week that the Federal Trade Commission has approved four new rule provisions under the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM).

According to the FTC, the provisions–which are intended to clarify the Act’s requirements–address four topics:

(1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender;

(2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements;

(3) a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under U.S. Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and

4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.

Quinn Jalli, Chief Privacy Officer for online marketing firm Datran Media said he believes that legitimate marketers will embrace the new regulations, as they significantly reduce the complexity of complying with the law in a joint-marketing scenario.

“The FTC’s position is well in line with the prevailing philosophy in the industry, and the new regulations align the law with common-sense expectations,” he said. “[The new regulations] are a win for marketers and consumers alike.”

In a press release, Matt Wise, CEO of Q Interactive, an interactive marketing services provider, also announced support for the FTC’s revised definition of e-mail “sender”.

“Since CAN-SPAM’s inception, there has been pervasive confusion in the marketplace over responsibility for including opt-out links in e-mail, which has led to inconsistent execution of the unsubscribe process, increased risk of unsubscribe list abuse, additional and unnecessary costs for advertisers, and an overall reduction in the efficiency of the medium,” Wise said in the release.

Q Interactive said that under the revised ruling, companies advertising with e-mail can now designate a single e-mail “sender” responsible for adhering to the rules of CAN-SPAM, which include having the “sender’s name in the e-mail “from line” and providing a working opt-out link and physical address.

The FTC’s revised “sender” definition, Wise said “eliminates the confusion and frustration over multiple opt-out links for consumers and makes it as easy as possible for them to unsubscribe from unwanted e-mails, which, in essence, is the primary purpose of the CAN-SPAM Act.”