Defining Permission


There's this phrase out there called "permission-based email marketing." Not everybody understands what it means. And certainly, some folks purposely misuse the terminology, in an attempt to hide the fact that their practices may be at odds with true informed consent. (Bad actors regularly misuse terminology; there's currently a Spamhaus-listed "data compiler" who incorrectly seems to think that "data cleansing" means "mailing to a big list of invalid addresses and spamtraps to see what bounces.")

To that end, I wanted to share how I define "permission-based." I believe that permission-based means:
  • Recipients are told at the point of sign up who is going to mail them and how often.
  • The statement regarding whom will be mailing you is not buried in a privacy policy, legal agreement or set of terms and conditions.
  • Recipients don't end up on a list accidentally; their email address ends up only on any list(s) that they intended to sign up for.
  • The opt-in process is not "forced" on all visitors to your site -- I'm not sure that it's truly permission-based if you require that sign somebody up for a list, just so they can access your site or download your whitepaper.
  • Email addresses are not appended, bought or sold.
  • The "affirmative consent" standard found in the US Federal "CAN-SPAM" law is met.
These are all important, but allow me to call your attention to the last point. From the perspective of the spam-receiving consumer, CAN-SPAM is an imperfect law. After all, it doesn't prohibit spam. It in fact allows a sender to send unsolicited commercial email (aka "spam"), as long as you follow a few simple rules. Regardless of this flaw, there's a very useful bit buried within -- the "affirmative consent" standard. It actually provides a useful definition of what constitutes opt-in. It states:

"The term 'affirmative consent', when used with respect to a commercial electronic mail message, means that- (A) the recipient expressly consented to receive the message, either in response to a clear and conspicuous request for such consent or at the recipient's own initiative; and (B) if the message is from a party other than the party to which the recipient communicated such consent, the recipient was given clear and conspicuous notice at the time the consent was communicated that the recipient's electronic mail address could be transferred to such other party for the purpose of initiating commercial electronic mail messages."

In plain language, this means that the informed consent standard is met if the signup was initiated by the subscriber, consent was requested and given, and that the subscriber is being told who they are going to receive mail from, if it is not the party to which they provided their email address. (I'm not necessarily excited by the allowance for data transfer, but if it's going to happen, "clear and conspicuous notice" is a pretty good way to do it.) That, to me, is how you define a process as permission-based.

(Want to read more thoughts on permission? Laura Atkins has a round-up here.)
Post a Comment

Comments