Here’s a confession that I bet not many company bosses are prepared to make publicly: we’re still sending unsolicited bulk emails.
Call it crazy and suicidal post-GDPR but believe me it’d be crazy and suicidal not to. Let’s face it, spam works. It works better than throwing money at Google and Facebook. It works better than enhancing one’s profile by blogging 🙂 And if it didn’t work it wouldn’t be a problem. So in my mind the question isn’t a practical one, it’s an ethical and legal one.
Like many such issues, a lot of it is down to interpretation. So who’s right? The professor of English who wrote to us “f*ck off and die you f*cking spamming c^nts.” The professor of haematology who wrote “I don’t recall you getting my permission to send me marketing emails. That’s now illegal.” Or the professor of clinical epidemiology who wrote “I wish to recommend your training strongly to colleagues.”
This is a true story that I’m calling the Tale of Three Professors…
I’ll say this for our first correspondent: he had an impressive grip of the Anglo Saxon vernacular. But, that aside, did he (and it usually is a he) really need to be quite so explicit in his request to be removed from our mailing list? It’s not like we tried to sell him Viagra. Or a night of unbridled passion. Maybe that was the problem. We’re a training company. Selling training, not little blue pills. Not so very different to the education his university is selling.
The first prof’s complaint (if that’s what you can call it) arrived before GDPR came into effect in May 2018. It was a golden age where we took the admittedly relaxed view that most people didn’t mind receiving the occasional unsolicited marketing email and even those, like him, who did were well worth the hassle. The gearing was something like one complaint to every 10,000 emails. Needless to say we removed his name from our prospect list (after pointing out that his institution might take a dim view of its servers being used for such colourful language) and haven’t heard from him since.
Our less bilious haematologist complained post-GDPR. So is, as he claims, sending a marketing email without the receiver’s consent illegal? Depends who you ask. It boils down to how you interpret something in GDPR called legitimate interest. The term is loosely defined – perhaps deliberately – as something that is in a business’s best interest to do. Chasing an unpaid invoice by emailing the head of accounts is clearly a legitimate interest – irrespective of whether or not the head of accounts has given you permission to send them that email. What is less clear is whether marketing and, in particular, sending an unsolicited email, constitutes a legitimate business interest which, in effect, trumps an individual’s right to privacy. We’d need a fourth professor – a student of law let’s say – to answer that one.
They’d need to consider whether there’s a “relevant and appropriate” relationship between the data subject (the person you’re emailing) and the data controller (you or somebody in your business). Using the invoice example from before, clearly there would be such a relationship. But just because we’ve worked with one institution does that relationship extend to similar individuals in similar organisations? In other words could we rely on legitimate interest to justify sending an email to a member of staff in university B because we’d worked with a member of staff in university A?
Under GDPR our imaginary fourth professor would also need to bear in mind that legitimate interest has to be balanced against the receiver’s rights or freedoms. I’d argue that receiving one or two unsolicited emails does nothing to significantly infringe the receiver’s rights providing one offers clear and easy instructions how to stop receiving future offers and doesn’t continue to send unsolicited material after a stop request.
Our final correspondent is, in essence, exactly why we reach out to new customers. “Reach out” is, I’ll readily admit while I’m in confessional mode, a euphemism for send an unsolicited email to. But that’s exactly how we reached out to him. He’d not heard of ACM Training before. Did some research. Asked around. Took a punt. Came along one of our public training sessions. And so began a long and fruitful relationship with him and his institution. I’d argue (and I’m convinced he’d agree) that ACM Training has benefited financially and his university has benefited educationally from our training.
We need more of him, especially now. Open-minded individuals who don’t see the world in a binary way: all unsolicited email is spam; all businesses who send unsolicited email are bad; all unsolicited offers are dodgy; all spammers are scammers…
Business has had a tough time of it over the past few years and Government incompetence over the handling of Brexit is making it tougher still with many companies sitting on their money at least until there’s some clarity over the UK’s position in Europe. And GDPR has only made it even harder.
I’m not after sympathy. All I ask before you get shouty or sweary or legalistic is that consider the alternatives:
- So you don’t want what we’re offering or you have a rule never to buy anything from anybody who’s ever sent you an unsolicited email? That’s okay. We get that. It was always a long shot anyway.
- Spare a thought for the sender. Just like you, they’re trying to pay their bills, feed and clothe their families and have enough left at the end of the month for a few luxuries.
- Reaching out to potential new customers in all sorts of ways is a legitimate and necessary function of business. Sending emails is one of those ways. Without it employees and taxes don’t get paid. Companies go broke. The economy suffers. And ultimately roads don’t get fixed, hospitals don’t get built and universities don’t get research funding.
- Ask yourself if you’re (a) genuinely not interested in the product or service being offered or (b) potentially interested but not right now. If the answer’s (a) then go straight to point five. If the answer’s (b) then skip to point eight.
- Delete the offending email. It takes under a second. Even if you have to delete 50 that’s still a lot less time than writing to complain.
- Follow the remove procedure. Reputable companies will display it prominently and act upon it swiftly. Disreputable companies won’t but then writing to them won’t work either.
- Bear in mind that you may have several email aliases pointed to the same address and, if so, ask for those to be removed too.
- If after all that you still get unsolicited emails from the same source then by all means complain to the sender and, if that doesn’t work, to the ICO.
- Be open minded. Not all unsolicited emails are phishing for your bank details, offering little blue pills or a night of unbridled passion with the man/woman of your dreams (delete as appropriate). Some are selling goods and services that you might actually want or need or offer better value than your existing supplier. So at least have a look when you have a spare moment. And then, if you’re really not interested, go back to point five.
- There always has to be a point ten. Nobody has nine point lists. Five, yes. Twenty, yes. But nine? No.
Since posting this quite a few of my business friends have made an important additional point: that when it comes to e-marketing there’s a world of difference between B2B (business-to-business) and B2C (business-to-consumer). The rules, they say, were written largely with the consumer in mind and that the dimmest view will be taken of those companies that post GDPR continue to bombard individuals at their personal (my italics) email addresses. Many companies will, they believe, continue to send unsolicited email to corporate addresses.
So, once again, it comes down to interpretation. In this case what constitutes a personal email address. Is email@example.com personal? Or, because it was provided to him by the University of Anywhere by dint of his work there, a corporate one? We’ve taken the view that an email address that an individual has to set up – e.g. firstname.lastname@example.org – is personal and we try our very best not to send to these unsolicited. But if the address is issued by your organisation’s IT department and you’ve only got it while you’ve got the job then it’s corporate. Of course, the line between the two isn’t neat. So we’re not expecting the complaints to stop anytime soon!