Historically, the complaints people had about email were about spam, not privacy violations. This goes back to the times before GMail became dominant and spam filters were weak. Marketers would buy email address lists and clutter inboxes with mass mailings. And as a result, the US passed the CAN-SPAM act
That was almost 20 years ago and the rules and fines seem quite lenient today. The act actually allowed sending emails without permission as long as senders stuck to a few rules:
Don’t use false or misleading header information.
Don’t use deceptive subject lines.
Identify the message as an ad.
Tell recipients where you’re located.
Tell recipients how to opt out of receiving future email.
Honor opt-out requests promptly.
Monitor what others are doing on your behalf.
Then ad networks and social media and smartphones happened and companies started tracking a LOT of information about consumers. As a result much stronger privacy rules are currently being put into place such as the European GDPR
Even though GDPR is much broader than CAN-SPAM, which only applies to email, it’s interesting to compare the two. Where a possibility to opt-out was enough for CAN-SPAM, GDPR requires an explicit opt-in. And potential fines have shot up from a maximum of $43,280 under CAN-SPAM to up to 2% of an offender’s entire global turnover under GDPR.
Clearly the targets are Facebook, Google and other large social networks, but newsletters also contain personally identifiable information and track readers. And most email service providers make use of the following for tracking:
- Tracking pixels: These are tiny images, invisible to the newsletter reader, and tagged with a unique code that connects the image to an email address, and allows to determine open rate when the image is loaded.
- Tracking links: These are links that open a tracking URL before opening the actual link, also tagged with a unique code that connects the link to an email address, and allows to determine the click rate.
- Possibly some additional tracking mechanisms such as UTM parameters that are added to a URL to determine the source of a visitor, or page load tracking of archive pages.
While this is nothing compared to Facebook following its users around everywhere using third-party cookies or Google maintaining complete search and GPS histories, we as newsletter authors need to think about whether this is the right thing to do.
At Revue we’ve recently had several customers asking us for the possibility to turn tracking off and made that possible for our publishing clients.
The first was nonpartisan, nonprofit newsroom The Markup
who had tried and failed to turn off tracking on Mailchimp and did a great job documenting their quest
for a privacy conscious newsletter provider:
After going back and forth with Mailchimp for several days, we started shopping around for another email provider. We eventually found a tiny Dutch startup called Revue, which agreed to our request turn off all user tracking. The founder told us we were the first customer to request it. (We tested it and it worked this time!)
After dead-end conversations with multiple global ESPs (Email Service Providers), our CMO Chris Solcer opportunely met Martijn de Kuijper, CEO of Dutch startup Revue at TNW Conference in Amsterdam. Martijn shared that the team at Revue, an editorial newsletter tool for writers and publishers, was in the early stages of developing privacy solutions for their partners. A few months later, with the launch of Privacy Please! approaching, Chris reconnected with Martijn who was now ready with a solution. Revue had created a way to disable all tracking and could prove, through testing, that their solution delivered a truly private alternative.
Turning off tracking and publishing a newsletter without data such as open rates and click rates is probably not right for everyone at this time. So for now this is optional. But it’s nice to see some early movers paving the way for better privacy with newsletters also.