Email is a core communication tool for consumers and, of course, the companies that want to influence and interact with them. However, privacy protection of email messages among consumers, between companies and customers, and basically all other communication enabled by ESPs, remains a pressing topic. That’s especially true with the recent reintroduction of the Email Privacy Act to Congress by Rep. Kevin Yoder (R-KS), the bill’s lead sponsor.
At issue: Government or civil attorneys can issue subpoenas to force email service providers, such as Google or Yahoo, to turn over users’ email messages—and all electronic communication, such as Facebook posts—that are more than six months old. If eventually enacted, the new legislation would set a standard that’s much higher for the government to obtain these messages—requiring warrants to do so. Warrants are harder to get simply because they’re issued only by magistrates or judges.
The recent move has ignited a spirited discussion on how such a law would affect email users, ESPs, and the relationship between the two. “Privacy is an issue that’s taken seriously all across the board,” says Bob Sybydlo, director of intelligence products at Yesmail. “Customers are becoming more and more conscious of the information they’re sharing with brands, and it’s important that email service providers recognize this when helping clients develop personalized, targeted marketing campaigns.”
Companies can use user preferences and actions to target and personalize. But to protect customers’ privacy, Sybydlo says, marketers must understand that emails are content tailored to specific users—not private messages—and he warns that personal information, other than a first name, shouldn’t be included in an electronic message. “Personal communication, transactional messages, credit card receipts, etcetera, however, usually do contain private and personal information, and that is the data that does need protection.” Bottom line, he says, marketers need to treat all electronic communication with a high level of protection and sensitivity.
Linking legislation with modern-day technology
With the preceding passage of the Electronic Communications Privacy Act of 1986—and the update of this reform in the mid-1990s—the guidelines and rules remain dated and disconnected with modern needs and problems, some industry insiders say.
“What we’re really lacking is the common sense to build laws that aren’t predicated on a technology at a given point in time,” says Len Shneyder, VP of industry relations at SparkPost. “But rather focus on our right to privacy, regardless of sector or business vertical, as a basic right that our law and government should protect.”
So a looming question remains: Are there times when the government should be able to obtain users’ private email messages? “The government should only have power over email communication if it’s in a citizen’s best interest,” Sybydlo says. “People deserve privacy—and should have a right to it—but certain measures must be available to the appropriate authorities in times of a threat or suspected criminal activity.”
Shneyder agrees. “I’m sure there are instances when the greater good might be better served if privacy were circumvented,” he says. “But because all governments—at some point or another—overstep their boundaries, email should always fall under a privacy umbrella or Fourth Amendment protections. Having judicial review as a core piece of deciding when the government can view your personal communications regardless of form should be a core principal of our digital society.”
What constitutes a viable reason to coerce ESPs to hand over private messages remains questionable for many. “It’s hard to draw the line between what’s a threat and what’s legitimate,” Sybydlo says. “People are entitled to their privacy, but we all know that whatever we do online is watched. In the event of a major emergency, people are more likely to share more information than in a time of normalcy.”
Ultimately, it’s the users, Sybydlo says, who are at the center of the issue and who should be protected by law. “I think that if the government is in need of personal email addresses, they have to make it a point to explain why,” he says. “With so many cyber-security threats and privacy concerns out there—especially with the technological capabilities we have today—consumers need to be assured that their online information, whether in email or through other channels, is in safe hands.”
Some simple steps to do include describing how and why a business collects users’ information, clarifying opt-out policies, getting seals of approvals through services such as trust-mark sales company TRUSTe, and immediately letting consumers know when a company has made changes to policies. All of these steps assure users that marketers and ESPs are making moves to protect the privacy of all electronic communication.
“ESPs are stewards of their customers’ data,” Shneyder says. “That means they’re stewards of my data, your data, and, ultimately, everyone’s data.”