The Legality of GetEmails
November 15, 2019
How do I speak to my legal team about GetEmails?
For our legal packet that we designed specifically to be presented to legal teams, click here.
Once people understand Email-Based Retargeting and how it works, the first reaction we usually get is “Is this legal,” or “my legal team is going to go over this with a fine-toothed comb.”
So we’ve decided to create a guide to speaking to legal teams about Email-Based Retargeting.
We think it’s best to split the conversation into five parts:
- What is Email-Based Retargeting
- The technology behind it
- What a “partner database” is, and how people are opting-in to it (example website and language included)
- What the CAN-SPAM law actually is in the US
- Whether GDPR, CCPA (California), or the new Nevada privacy laws apply
1. What is Email-Based Retargeting?
At GetEmails, we use the following definition for Email-Based Retargeting:
Email-Based Retargeting uses identification technology — usually a pool of persistent cookies — to identify anonymous website visitors.
Those visitors are matched to a partner network database of contact records (with opt-ins), and the end user is sent email addresses of people who are not already on their list.
The last part of the definition, “….of people who are not already on their list,” is what separates Email-Based Retargeting from all technology before it, such as Cart Abandonment, Category Abandonment, and Behavior Triggered Email.
With Email-Based Retargeting (unlike Display Retargeting), the end user pays once and owns the contact record forever. As long as there’s an opt-out link in the email, the end-user can email that contact record for as long as they wish.
How is this opt-in Email Marketing? Keep reading.
2. The technology Email-Based Retargeting uses (and the legality of that technology)
Email-Based Retargeting is a two-part technology.
The first piece is identification of anonymous traffic.
Our guess is that if you are speaking with your legal team, you are large enough that you have already built something like this into your website.
Here is the legislation:
Once a website visitor is identified, he or she is matched back to a database of third party opt-ins that our partner network of publishers has acquired, and we keep up-to-date and accurate.
3. What is a third party opt-in? Who are these “partners?”
These websites are typically lead-gen websites that drive traffic to landing pages, then sell data to vendors. We give you the partner website URL and opt-in date with every contact record, so you can verify the privacy policies yourself.
For information about the language on our partner websites, click here.
Here is an example of one of our partner websites, and what happens when a user hits the website.
Step 1: User fills out an opt-in form of a partner website, typically a lead-gen site. For this example, we are using timelypayday.com.
“As a condition of registration, registrants agree that timelypayday.net may share their PII with the Network Sites and unaffiliated third parties. If you do not agree that timelypayday.net may share your PII with such entities, you may not register on timelypayday.net, and if you are already registered, you must immediately terminate your account, by following the instructions in ‘Opting-Out of Further Communications.’”
4. What actually is the CAN-SPAM law in the United States?
It’s different than you think. We wrote a long-form post about this. Click here to read it.
5. How is GDPR, CCPA (California), and coming Nevada privacy acts relevant to Email-Based Retargeting?
Email-Based Retargeting is not GDPR compliant, but the database is only USA contacts, so it’s not relevant.
The next question we usually get is “what about the California legislation that is coming down the pipeline?”
The state legislation for California, Nevada, and Vermont has nothing to do with opt-in email marketing. Similar to CAN-SPAM, it’s all opt-out.
For our complete legal packet which addresses all of this to pass along to your legal team, click here.