Viral e-mail marketing
One widespread business practice that is not covered explicitly in the PECR law is ‘viral
marketing’. The network of people referred to in the definition is more powerful in an
online context where e-mail is used to transmit the virus – rather like a cold or flu virus.
The combination of the viral offer and the transmission medium is sometimes referred
to as the ‘viral agent’. Different types of viral marketing are reviewed in Chapter 8.Privacy verification bodies
There are several initiatives that are being taken by industry groups to reassure web users
about threats to their personal information. The first of these is TRUSTe
(www.truste.org), sponsored by IBM and with sites validated by PricewaterhouseCoopers
and KPMG (Figure 3.2). The validators will audit the site to check each site’s privacy
statement to see whether it is valid. For example, a privacy statement will describe:
how a site collects information;
how the information is used;
who the information is shared with;
how users can access and correct information;
how users can decide to deactivate themselves from the site or withhold information
from third parties.
A UK initiative coordinated by the Internet Media in Retail Group is ISIS (Internet
Shopping is Safe) (www.imrg.org/ISIS). Government initiatives will also define best prac-
tice in this area and may introduce laws to ensure guidelines are followed. In the UK, the
Data Protection Act covers some of these issues and the 1999 European Data Protection
Act also has draft laws to help maintain personal privacy on the Internet.
We conclude this section on privacy legislation with a checklist summary of the prac-
tical steps that are required to audit a company’s compliance with data protection and
privacy legislation. Companies should:1 Follow privacy and consumer protection guidelines and laws in all local markets. Use
local privacy and security certification where available.
2 Inform the user, before asking for information on:
who the company is;
what personal data are collected, processed and stored;
what is the purpose of collection.
3 Ask for consent for collecting sensitive personal data, and it is good practice to ask
before collecting any type of data.
4 Reassure customers by providing clear and effective privacy statements and explain-
ing the purpose of data collection.
5 Let individuals know when ‘cookies’ or other covert software are used to collect infor-
mation about them.CHAPTER 3· THE INTERNET MACRO-ENVIRONMENT
provision clarifies this. The law states: ‘where such storage or access is strictly necessary
for the provision of an information society service requested by the subscriber or user’. This
indicates that for an e-commerce service session cookies are legitimate without the need
for opt-in. It is arguable whether the identification of return visitors is ‘strictly necessary’
and this is why some sites have a ‘remember me’ tick box next to the log-in. Through doing
this they are compliant with the law. Using cookies for tracking return visits alone would
seem to be outlawed, but we will have to see how case law develops over the coming
years before this is resolved.Viral marketing
A marketing message
is communicated from
one person to another,
facilitated by different
media, such as word of
mouth, e-mail or web
sites. Implies rapid
transmission of
messages is intended.