Friday, 9 September 2011

No implicit consent! Dos and don'ts for email addresses you find on the web

Like many people with an online presence, I have my email address plastered up on the web for all to see. I do it because I do want people to get in touch for business or friendly purposes.

However, there are a few myths out there about what that "means" for the purposes of taking a copy and using it for you own ends.

After a long email conversation with a man who got a few aspects of this very wrong... I thought I'd put up a quick list of dos and don'ts for using email addresses found on the web.

The myth of "Public domain"

A lot of people have the wrong idea about the web. They assume that because you can freely access a website... that means it's covered by the magic blanket called "public domain' that lets you take anything you find and use it yourself... including email addresses.

This is not true.

Let me give the example of a "public building" such as a free museum. A public building is open to any members of the public. but just because they don't charge entry, does not mean you can come in and take the artworks off the shelves and take them home. They still belong to the museum.

In this same way - just because you can easily come to a website, does not mean that anything you find there is yours for the taking. Your stuff is actually copyright. All of it!

What copyright means is that another person cannot just grab your stuff (whether the pictures words or even personal details such as email) and use it without your permission. Specifically, they cannot copy it, and especially cannot use it and put their name on it. It is *not* free for public use.

Anything you write or create is *automatically* covered by copyright law. If you create it, you own it. Automatically. You don't even need to say "copyright". It already is the moment you first wrote it down. This goes for a poem you write on the back of a napkin, a drawing you scribble in your diary or a website you build and keep on your own server.

Now, some people aren't as aware of copyright law as others... so there's this convention of putting a copyright notice on your website... just to make sure people really know that this stuff belongs to you. Just like the little roped off areas in a museum - they don't really stop anybody, but make it clear that entry is unwanted.

It actually isn't necessary - your stuff is still copyright without that notice - but I see the sense in it, and do it on my own website, just as a reminder to newbies that "you can look, but don't touch".

So, what actually is public domain and how do we put things in it?

If you've ever used wikipedia, and actually had a go at editing a page... you'll know that you actually have to agree by their terms and conditions... including agreeing that anything you contribute no longer belongs to you - and has been put in the public domain. A notice on the site declaring it as public domain isn't enough (because people frequently don't read notices). You actually have to check a box and hit "submit" before they'll accept that you have agreed to their terms.

This is how things get into the public domain... by you clearly agreeing it as such.

On flickr you can put things into the public domain... or share them using the creative commons license (which does roughly the same thing at the most forgiving levels)... but again, you must physically do something to put something in the public domain... and everything else is considered copyright.

... but you should now understand that you actually have to *actively* do something to make your stuff go into the public domain. The default case is that your stuff is not available for anybody to just grab for themselves.

What does this mean for email addresses?

Well, email is tricky in some cases. You have put your address out there as a method for people to get in touch with you. So you can't then complain if they do.

However, there are some obvious social implications of exactly how that works... and there are definitely some legal implications surrounding the concept of spam.

Firstly: it is illegal to send any unsolicited email to a person.

Your consent must be given to get in touch with you, and even if you put your email address up on the web, there is *NO* implied consent for that. You have not given up any rights by making it publicly viewable.

If I put my email up on my website and literally write next to it "use this to contact me about business opportunities"... and then get spam about pills... I can legally say that this was unsolicited. It is quite clearly *not* what I asked for.

If I get spam about "work from home using your computer"... then it's more of a grey-area. It is in fact email about business opportunities, and I can't complain about that. So - make it clear what your email is there for.

but if somebody tries to send you any other kind of "helpful free information"... you now know that they are misbehaving.

Secondly: you cannot be automatically signed up for a newsletter that you did not subscribe to.

The exact legality of this varies depending on your country. But in the UK - you cannot be automatically signed up for a mailing list that you have not requested.

...unless you actually left your email address with the company that is signing you up.

ie a company that you have voluntarily handed your email address over to (say, during purchasing online) can sign you up for *their* personal email newsletter, without asking. But they *cannot* hand your email address to a third party[*] for spam or mailing lists. You have to have given a company consent for them to get in touch with you... and consent is not transferable.

Also - a company cannot come to *your* website and *take* your email address and use it for their mailing list. You have to have handed the email over to them.

Now there's a grey area here that companies often know about, but individuals don't... you don't have to have handed your email address over for the express purpose of signing up to their newsletter. You could have handed it over just as yet-another-mandatory-field in their uber-long registration form. It doesn't matter. They are legally allowed to use it... as long as they provide an opt-out mechanism.

But companies shouldn't do this anyway!

Companies should not abuse their mailing lists by opting people into newsletters.

People are busy enough as it is, with a metric crapton of mailing lists from work, social groups, friends and family. They don't need one more. It is considered rude to opt people in to your mailing list without asking their permission first.

It is damaging to your brand!

I totally understand wanting to get your message out to people... and I am *not* against getting in touch with your hard-earned customer base. So what I suggest you do is adopt an *opt-in* (rather than opt-out) policy.

Write the email-equivalent of a warm-call: "this is new widget that we're offering, we have this neato newsletter about it, and we think you'll be really interested because you were interested in widgets from our company before... are you interested in signing up?"

Then let them choose to ignore it if they wish!

Will you get fewer "subscribers"? YES! but will it make a difference in actual turnover? UNLIKELY! the people who were going to ignore your message were going to ignore it anyway. You've just bugged them for a few more months before they finally caved and hit "unsubscribe". and probably get annoyed at the horrible unsubscribe interface (like everyone does), further damaging your brand in their eyes.

What you're left with instead is a set of people that are *ACTUALLY INTERESTED* in your product.

Take a moment to think about how valuable THAT would that be to you!

Think of it as an effective way to find your tribe of true believers... and maybe get yourself a copy of Seth Godin's book Tribes, while you're at it.

To sum up:

An email address on the web does not mean that you can spam it, or sign it up to even a really useful, helpful newsletter. There is *no* implied consent. Feel free to get in touch, but make certain that it's:

  1. appropriate to the person and
  2. opt-in only

* Third Party opt-ins Note that a lot of company online purchasing processes have one of those nearly-hidden checkboxes talking about "third parties" for exactly this purpose... they are a sneaky way of pretending that you "opted in".


Jodie Miners said...

Thanks for that article, I have been wanting to write something like that myself.
For me the crappy thing is with business cards. I think I need a disclaimer on my business card saying. "I give this to you to make personal contact with me about business opportunities, it does not entitle you to add me to your mailing list".

Why people think that me handing them my business card is permission to go on a mailing list, I don't know. :(

Taryn East said...

Wow - I hadn't even thought of business cards. I don't go to enough of the kind of events where I need to hand one out, but I can definitely see that as another potential place for people to abuse your information. :(