EP #16 Email Data Privacy Laws and Compliance

EP #16 Email Data Privacy Laws and Compliance

About this Podcast

There have been several data privacy laws like GDPR, CCPA, PIPEDA, LGPD, and more, enacted in the past few years by various countries worldwide. They are to be followed so that the customer data is handled correctly by businesses, organizations, and third-party service providers.

These laws provide the users’ rights to understand how their information is being collected, used, and can raise a complaint about it if any rights are being violated. 

In this week’s podcast, we have Derek Lackey, Managing Partner at Newport Thompson, and a well-known data privacy expert in Canada. Dennis Dayman and Derek Lackey discuss privacy laws across countries and their impact on consumers and marketers alike in this highly insightful final podcast of season one.

They Discuss:

  • What is the real reason these data privacy laws were required, and how do they impact email?
  • How will these laws impact a marketer’s ability to collect information about the data subject or user?
  • How important is permission marketing with regards to privacy compliance?
  • How will these laws empower consumers and change the way they share data with brands for marketing purposes?
  • What have been the consequences of email spam due to privacy laws?
  • What are the future trends you see developing in the data and email privacy?
Episode Transcripts

Dennis Dayman Well, hello and welcome to another brand new episode of, ForTheLoveofEmail podcast by Netcore Solutions. As I’m Dennis Dayman, your host of these podcasts and the Netcore team has been hard at work to bring some great stories and advice from different experts around the world. And this week is no different.

[00:00:18] Unfortunately, we are now wrapping up season one of the podcasts with this episode. We’re going to be coming back and several weeks to start season two. But this is our last one in this kind of sad because we’ve been working hard on this throughout the pandemic and this year.

[00:00:34] For this last episode, though, we thought we would bring you a noted data privacy expert, Derek Lackey. For those who don’t know who Derek is, he is the managing partner of Newport Thompson data and privacy consulting firm based in Toronto and his volunteer role as the chair of the Response Marketing Association of Canada, he’s providing a ton of leadership in the area of privacy online.

[00:00:58] He was also the publisher of Blazeonline, a curated portal. That’s featuring great content for marketers. And most recently the bestofprivacy.com. He’s also the author of an ebook, CASTLE Compliance – A Marketers Guide to Email Compliance for Canadians. And I’m sure more than just Canadians, as I’m thinking about even further now, and he’s educated in marketing from the University of Toronto.

[00:01:23]Derek has been applying his creativity to this strategy while he’s been really. placing a strong emphasis on those results. And at one point in time, seven of the nine brands that were handled by that full-service ad agency were number one in the categories of Canada.

[00:01:38] So it shows just how much work and pride that he takes in that. So, Hey, Derek, welcome to the podcast. I’m glad that you’re here and, and I’m sure that this is going to be a great ending to our season, but welcome to the podcast.

[00:01:50] Derek Lackey Thank you, Dennis.

[00:01:52] Dennis Dayman Yeah, it’s great to have you. So, there have been several data privacy laws, I think as our listeners know, right.

[00:01:58] That had been an act in the past few years. And we’ve been talking a little bit about this through our series. and it’s not just, sort of, countries like Canada, but other countries around the world and now here as we’re hearing, even States are doing that, and they’re being followed.

[00:02:11] Right. so that consumer data is, is being handled by. by businesses in a correct manner and organizations in third-party providers, because in previous episodes, we’ve talked about the issues of privacy and sort of why we’re starting to see the issues that are arising, with consumers dissatisfaction and misplaced confidence in what brands are doing with their data.

[00:02:32]For those that are listening again, right we’ve talked a little about what GDPR is in the EU. like I just said here in the United States, we now have CCPA in the state of California and Derek for you guys, right? You have a couple of different laws.

[00:02:45] You have CASTLE, which is an email regulation. It does address privacy, but you also have PIPEDA. And then we’ve also recently seen LGPD in Brazil and, tons and tons of more countries that are now working on this and laws are providing rights to the users to understand how their information is being collected and used and how they either can edit, correct, or even delete and then file a violation if they feel that that’s what’s happening.

[00:03:09] So these laws we know today, As you and I talked to people, especially in marketing that they can apply and will apply to email marketing when it comes to things like email addresses because well email addresses or PII, right. Or any other sort of information that the brand might collect on consumers to target them in a better manner.

[00:03:28] Which seems a little bit, I think Derek, you would probably agree that as we talk to marketers, they go, will you tell us the target people better, but then you make me go through all these other hoops and whatnot. But, it also goes down to how these brands are now using as well, email service providers, or service providers to then send emails, collect that data.

[00:03:46] And again, some of these rules could even apply, to those, service platforms that you’re using. So obviously for a marketer, what impacts marketers have in terms of how they’re collecting emails.

[00:04:01] So let’s talk a bit about this and I’ll kind of jump in with the first sort of question here is, what is the real reason that you think that these data privacy laws were required and how are they impacting email?

[00:04:14] Derek Lackey Yeah. Great question. I have a theory. Being a marketer all my life, I’ve kind of watched marketing, taken a back seat when digital came in.

[00:04:25] So if I go back to the late nineties, email marketing in itself started. We all started, I think it was around 96, 97 when I got my first email address.

[00:04:42] And it was fairly shortly after that we started to figure out, Oh, we can reach these people through their email.

[00:04:52] Right. But, if you go back then the context of any marketer. Was mass marketing. We were all after more eyeballs, right. Bottom line. Right, right. So, it’s only natural that we applied that  mentality or that mindset to email marketing more is better. Of course, more is better. Right. And, and what we’ve learned in 20 years of abusing.

[00:05:22] Email marketing and digital in general, is that more isn’t necessarily better. Engagement is better and It took laws like CASTLE so to kick in. I mean, think about it, CASTLE was started by Matthew Vernaut, who is with your organization. He was on the team that started talking about CASTLE with the government in 2004.

[00:05:51] So now get the time set. So let’s say 98 was the beginning within six years. The Cadadian government realized this is a problem that has to be addressed by regulation. Now, unfortunately, as the government’s go, it was passed in 2010 and came into force in 2014. So it took 10 years to put it in force.

[00:06:18]But it, the conversation started early and I believe that that mass marketing mentality is really what started email off on the wrong foot. I think we’re starting to figure it out now. I start most of my webinar presentations. and I do, probably once a week. I start many of them on, when I’m talking about CASTLE, with two very interesting slides.

[00:06:47] One is a trust arcs map of the world of who has the strongest consent regimes. And Canada and Australia are amongst the two strongest. And then the next slide is IBM’s report in 2019, I believe they did a benchmark study, and Canada and Australia have the highest open rates of any countries in the world.

[00:07:12] And is that a coincidence? I think not. It is working.And by the way, Dennis that’s, unenforced relatively, right? So the private right of action, which was meant to give the public the stick to enforce this with businesses that were removed in 2017. So, we have little, all CRTC with a staff of four or five people on the CASTLE enforcement team trying to enforce an international law about emailing Canadians.

[00:07:49] So, interesting context.

[00:07:53] Dennis Dayman Yeah. What’s kind of funny, as, like you, you and I have been doing this 20, 25 years now, but it’s a, you make a very valid point, which is that we never really understood that. the early days, if you will, of email, right. In terms of like, like I’m in the same boat as you, right.

[00:08:09] I started having my first email address and in the mid-nineties, I think you mentioned before that, to be honest, and, and it was just more of a way for me too, to, to connect and contact with others out there. But the current email system, and we’ve said this before in the podcast is a 30 plus-year-old system that was never developed for this sort of strain and traffic.

[00:08:28] And also as you’re talking about fraud and spam, right? The authorization, if you will, right? The authority to be, the sender of a message, right. It was just never built that way. And we have said in prior podcasts as well, that again, what we’ve just done to keep the system up and running is we just add layer and layer and layer and layer of new technologies to stop spam and, and other nefarious things.

[00:08:49] And it’s sort of like how sometimes some of these older roads that we drive on today that were built in the sixties and whatnot. If you look at them on a deeper level, you’ll find five, six, seven, eight layers of asphalt or other things that have been put on top of it to patch those holes.

[00:09:03] Right. But the email just was never developed for what we’re using it for. And so that’s made it a real big problem. And then, to your other point, right, we have always known that regulations, unfortunately, and I remember testifying on CASTLE in front of chairman Chong at the time.

[00:09:20]But I remember that as we were sort of coming in and testifying that, like you just said, it was something that had been talked about. It C-27 and C-27 and C-28. And it took us a while to get CASTLE in place. But regulations have always sort of, A lag right on technology because technology moves fast.

[00:09:38] And I would assume that that’s kind of how you’re seeing it as well. Right?

[00:09:41] Derek Lackey Absolutely. I think it would be unreasonable for us, if you look at PIPEDA, When we wrote it in 1999 and 2000, it was passed. It was way ahead of its time. It did a great job of many aspects of it today still apply 20 years later with all this technology.

[00:10:05]And, PIPEDA is not bad. It needs updating. There’s no question. And what, what is required is stronger enforcement. I believe that any law that’s worth passing is worth enforcing. And it’s going to be interesting to see how aggressive the attorney general is with CCPA, for example, because the businesses’ adoption of compliance is a hundred percent tied to their fear of enforcement.

[00:10:38] And I’m sorry, I’d like to be more a glass half full guy, but we won’t react to these laws unless they’re being strongly enforced. I would say GDPR is in the middle of that meter. There’s a little confusion. There’s still some discrepancy from country to country. But CASTLE is not being enforced as strongly as it should be.

[00:11:06] And, still it’s having an immense effect, but can you imagine if it was enforced and companies have to commit compliance, can you imagine how, how much better email marketing would be? We’ve proven it can be better. And I look forward to the day where it is being strongly enforced and companies like… Think about this for a minute, Dennis, where did we think that it was okay to do whatever the hell we wanted with our customer was like, where did marketing get off the boat?


[00:11:45] Dennis Dayman Well, yeah, cause it’s personal technology, right? I mean, you are kinda a couple of computers and a couple of thousand miles away from each other and that’s unfortunate. I’m a marketer. If they were probably looking at that person, he said, would you do what you’re about to do to someone’s face?

[00:11:59] Probably.

[00:12:01] Derek Lackey Exactly. Exactly. It boggles my mind because somewhere along the line, when digital, like we bowed down to digital rather than, and using it as a professional marketer. I truly think with the pandemic that marketers today are in serious trouble because there’s going to be a shift back to the basics.

[00:12:22] And I believe that much of the middle management of marketing today don’t know the basics.

[00:12:29] Dennis Dayman Yeah you’re probably right about that. I mean, they, they still had an, a, we’ve been doing some work and some studies actually, at some other organizations. And I think one of the things that have been brought up is that in the early days, right, you would always in what we’ve talked about before, even on the podcast with that, the CPL was the person that handles it.

[00:12:49] Right. But now what we all know is that everyone is a data steward and what we’re now beginning to realize is that again, marketers, salespeople, IT, whoever it is all should have some understanding of what’s happening when it comes to privacy, whether it’s related to regulation and that data, which, which brings me up to like my next question here, when it comes to laws like CCPA, GDPR, CASTLE, right.

[00:13:12] I know this is a very detailed sort of question, but at a 30,000-foot sort of level, right. You know what businesses need to comply with that would be across the board because we always hear from people saying, well, if I’m doing GDPR, then I must be good with CCPA.

[00:13:29] Or if I’m dealing with CASTLE or PIPEDA, then I should be fine across the board there. But it’s not always that easy. I would say, at least in terms of how I’m looking at things. I was answering somebody’s question this morning. I’m one of the major, main Slack channels that you and I, and others are part of.

[00:13:43] And it was like, well, that’s a difficult question because it could mean this, or it could be this, but when you look at those things, right, when it comes to those laws, what do businesses need to sort of consider at the high level?

[00:13:58] Derek Lackey I would, I would say the first thing is, is where is the message designed to end up? So if you’re targeting Europeans, you’re in Canada, and targeting Europeans, CASTLE has nothing to do with it. You have to follow the rules of the country that were the messages ending up.

[00:14:21] So, when it comes back to the original question here is, are there exceptions? CCPA has said that if you are under 25 million in revenue, and keep less than 50,000 data files this law doesn’t apply. And I thought that was a well thought out approach because I think that most of the spam is not coming from the little guys.

[00:14:48] I think most of the spam is coming from the large organizations and the true malware. One, one of the things I love about CRTC is they while they’re not enforcing companies, as strongly as I would like to see them. They are going after some of the malware and some of the organizations that the.

[00:15:12] And you know that the bots and, and they are, and they have been successful. They’ve had a couple of raids.They’re trying to use the law to go after that, malicious stuff. in GDPR, there are no exceptions. The law and regulations apply to every organization, and CASTLE the same. CASTLE is all about if you’re sending a commercial electronic message to a Canadian, no matter where that Canadian is in the world, you have to obey CASTLE.

[00:15:46] It’s pretty simple and the fundamentals of CASTLE are simple. Have permission. And when you send, be transparent about who you are..

[00:15:58] Dennis Dayman Yeah. Don’t lie about it. Right. Which is what people were doing in the early days. Right? Exactly.

[00:16:03] Derek Lackey Exactly. And as marketers, you kind of look and you go. Yeah. but we did fall into some pretty sleazy habits during the practice. The first stage of the email. in my opinion.

[00:16:19] Dennis Dayman So, I was going to say something earlier when you had said, I think, it was related to CASTLE or PIPEDA, but it was like, we’re in a much better place because of it’s to some extent, obviously, and these laws are only going to be enforced. So much in terms of like what they have budget-wise, right?

[00:16:34] That’s been one of them, yeah, I guess issues, right? It’s like these, these enforcement agencies or the compliance agencies or DPA is whatever you want to call them. Only have so much money to have so many people to, to deal with the millions of billions of people that are on the internet and doing whatever it is that they’re doing.

[00:16:49] And that’s a big reason why we don’t see a whole lot more cases because they’re looking at some of the bigger issues that tend to hit the press, whether that’s a data breach or whether it’s a complete misuse of data, like we’ve seen in some social media platforms, which will remain nameless in this podcast today, but those are the ones that seem to be getting sort of, the oil as they say, right.

[00:17:10] The big squeaky wheels and whatnot. But, I think you said it right, is that I’ve been in CASTLE and have done some things to change. And I remember here in the US right, even when CAN-SPAM came out in 2003, we were all complaining and going, Oh my God, email marketing is done and over with, and that’s it.

[00:17:27] And lo and behold, we were wrong in a sense. I mean, at the time some of us who had been working for internet service providers were happy about it because it gave us a little bit of power to work with the AGS offices to prosecute him. I think AOL was one of the first ISP, if not one of the more successful ones to prosecute using it.

[00:17:44]But, over time, right. CASTLE became a regular sort of part of our day. It’s the same way that when seatbelt laws changed. Yeah. Right. It’d be, we all were like, “Oh my God, seatbelts”. But now it’s part of a regular day. And so, it’s made marketers have to think differently and quality over quantity, sort of mentality, but I’m still hearing from marketers.

[00:18:06] I think. That they’re still kind of concerned about these newer regulations or these other things coming out, and that it’s going to impact what they’re doing, in terms of collecting data. But these laws, at least in my opinion, and I guess the question to you is like, are these laws impacting a marketer’s ability to collect information or the same amount of information, by saying you can’t do that?

[00:18:28] Or is it just laying out, “Hey, listen, we’re not trying to stop this”. This is, we’re not trying to stop the data-driven economy that we all rely on. but these are the things you have to think about. Right. But do you think that, that the laws are impacting their abilities or marketers just kind of going, I don’t want to deal with this

[00:18:44]Derek Lackey In theory, what she’s, what you said should be happening. But I think because it’s not being forced, Dennis, I truly believe that most marketers are, are, are still quietly behaving the way they used to behave and they’re adding big chunks to their list, and they’re not sure where they came from. Really what CASTLE requires, and it is the toughest standard in the world, but it requires you to add a person at a time and know why you’re adding that person, which, which measure of consent they need.

[00:19:26] And you have to be able to prove it. We’re never set up for this much. Like you were saying, the email system, we’re not inclined to this. Most companies, when they set up their email marketing, they just added people. Like they scraped as much as they could. And, if they could get a hold of anything with an at symbol in it, the date onto the list of when there was, there was no, there wasn’t much discretion.

[00:19:56] CASTLE requires absolute accountability, discretion from wise. And you can’t just take big chunks of names and stick them on your list. You’ve got to acquire or yeah.

[00:20:10] Dennis Dayman Yeah, because people are still doing that. I mean, they’re still buying data. They’re still buying. Yeah. And I’m still shocked, to be honest, that the data brokers are still doing what they’re able to get done, or at least some of them are not being forced

[00:20:24] Derek Lackey As president of the Response Marketing Association  I get at least three, four of those a day. Mainly from America, who are trying to sell you a list. and, and I just chuckled because the real emphasis is email. Right. And I’m going like, Okay.

[00:20:43] Dennis Dayman I saw the list of yourself, which I always get like, Hey, we sell these kinds. I’m like, yeah, I worked for that company or I help that company seriously.

[00:20:51] Like that makes no sense. Right. Well then I guess, How is important then, for permission, if you will, in terms of marketing with regards to privacy compliance, right. We’ve all talked about email compliance, CASTLE, CAN-SPAM. Oh my gosh. I keep flipping those around. What does the email launch say right now about someone, without explicit permission to send an email?

[00:21:15] Like, is it, is it as straightforward as, Hey, it has to be explicit across the board or. Are there some exemptions or some rules behind it, because I remember, and I, working on CASTLE stuff, right. There were some things that you could use to your benefit to make sure that you had compliance around this, but how important is permission to privacy?

[00:21:37] Derek Lackey Yeah. Great question. so, the public perception for the general perception in, in my opinion, is that consent is required and that’s not the case. Consent is hard to get. you need somebody who’s really leaning in on your brand to consent to have you send them emails.

[00:21:59] So many other measures are saying in Castle’s case, there’s five being the strictest, law in the world, consent wise for email, there are five measures. So I’ve written a detailed article. it’s also several chapters in my book. But I’ve written a detailed article called the five types of consent under CASTLE.

[00:22:24] And then I broke down each one. So you have, obviously expressed consent is the gold standard. If you have expressed consent, that’s somebody who is leaning in and wants to hear it from you. Your open rates are going to be good. Your engagement rates are going to be good. And, they’re not, they’re not going to respond to everything, but the chances are they like you and they want to hear from you.

[00:22:48] So that’s express consent and, and in a perfect world, you’d always go for that. But, GDPR recognized that with express consent there’s three practical lawful basis for emailing and in Europe and consent. The last one I would choose. I would choose a contractual obligation.

[00:23:13] I would choose legitimate interest. And then I would choose consent because consent is hard to get. but under contractual obligation and interest, it was sad when GDPR first came out by some of the best legal firms that, that direct marketing, which emails part of, could still claim legitimate interest.

[00:23:39] And from what I’m seeing today, it is, it, Europe is more an opt-out based community than an opt-in. Canada and Australia are one of the few opt-in based laws. GDPR the privacy could change that when it comes down, depending on who’s down, who knows, we would have expected the privacy law to be in place two years ago.

[00:24:05]and, and they’re still, arguing over. I think the biggest block to the privacy law being passed is the cookies. Nobody knows quite how to do it. cookies properly. I think we’re getting more clarity on it, but profiling and surveillance techniques are being frowned upon in Europe.

[00:24:28] Dennis Dayman Well, my sole reason my privacy shield died here in the US including, even, to be honest, it goes back further than that of, say, Harvard, right? Because there was the issue of surveillance in the US. And not enough protections for European citizens and other folks. And again, it is the other reason why I’ve been doing a traveling roadshow, or at least I have been about the changing privacy landscape here in the US and literally how it’s changing almost every month, because you know,  the world is no longer what it used to be just even five years ago, in terms of just kind of free flow, use data however you want with that sort of mentality.

[00:25:00] And now again, the consumers are hyper-aware. what’s happening with their information, especially when they turn their TVs on, or open the newspaper, whatever that is and go. Oh, under the data breach or Hey, somebody else’s is then misusing my data. This is upsetting to me. And I remember even when the experience breach had happened, most people were sitting there scratching their heads, going who the heck is Experian, and why did I have my data?

[00:25:23] Right. And not even understanding what their rights are to understand. What happens, but important enough that we know what these regulations are, right? A lot of these laws not just are telling marketers what they have to do in terms of consent. Right. But they also are giving powers and you just said it succinctly about, PIPEDA and CASTLE, right.

[00:25:44] That there is a private right of action mentality or had been right. A private right of action mentality in this where the consumers can now sue. And we see those back and forth and all the different regulations, some have the private bite of the action. Sometimes I’m okay with it.

[00:25:58] And sometimes I’m not okay because I think we’ll see abusers of it, but. I guess in sort of your experience with these laws, right? When it comes to things again, marketers have to consider opt-in and, and those things, but what also did the laws like, if somebody wants to withdraw their consent, how do marketers need to think about that or apply that?

[00:26:19] Right? Cause there are those sorts of things as well.

[00:26:22] Derek Lackey Yeah. Marketing’s about taking care of the customer and if the customer actually takes the time to tell you to stop emailing them, why would you even consider continuing to email? It’s like, of course, you would respect their wish.

[00:26:42] Some people would rather you phone them. Some people would rather you send them a flyer, some people would rather not hear from you. Right. And if, and if they take the time to tell you that. And, and you’re trying to find a sneaky way to keep them on your list because you’re worried about the numbers of your list.

[00:27:02] My God, you’ve got an old back.

[00:27:05]Dennis Dayman Well, I actually, yeah, I’m kind of curious then from your perspective. Cause again, you and I are consumers, right? And so our listeners as well, But yeah. How long these laws empower consumers and change the way that they share data with those brands for those marketing purposes, do you think it’ll change at all?

[00:27:20] Or do you think we’re just gonna keep doing what we’re doing?

[00:27:22] Derek Lackey No, I  think what I’ve seen in the last seven years, particularly around privacy and email, consensus, and stuff. I think the consumer is getting more educated and they’re holding brands to a higher bar. I think the reason we got away with what we got away with, as long as we did was the consumer was unaware.

[00:27:50] But the consumer is becoming extremely aware. You can’t pick up any feed on the internet without coming across a question about privacy. And I think a lot of people thought in the beginning of this like my stuff is out there. It doesn’t matter. What difference does it make?

[00:28:11] But I think they’re starting to realize how their data can be amalgamated into a super profile on them and how that can be used and abused, delivery of advertising. Some, when that first started, I thought, Hey, this is convenient. If I’m looking for golf clubs, suddenly I get ads for golf clubs from everywhere.

[00:28:37] I kinda like this, my wife on the other hand had exactly the opposite reaction.

[00:28:43] Dennis Dayman Wow. That’s weird.

[00:28:44] Derek Lackey She was like, this is creepy. They follow you. You know what she equated it to. And I love this. She said it’s like walking into a good ladies’ wear store and they ask you, can I help you? And you say, no, thanks.

[00:28:56] I’m just looking and. Out from behind a rack, she continues to look at a dress, for example, and out from behind a rack pops the salesperson “Oh, we have that in your size” or “we have it in multiple colors” And it’s like, my wife said, what part of I’m just looking, did you miss? Right? And, and she finds a lot of this new technology for serving up ads, very invasive and she’s offended by it.

[00:29:30] And I find you’re either on one side of the fence or the other, but awareness is making people fall on the other side of the fence when they see what Cambridge Analytica could do with the data. Right. And they went, Oh, I didn’t realize it can do that. Right. And just like, wait a minute.

[00:29:51] They’re using it to change my mind about my vote. Right. I remember seeing the original article in Daz magazine in January, 2017. I believe it was, it was like a whole year before the, the whistleblower Chris, the young programmer. can’t remember his last name. It was a year before he came out. He came out in March, the following year and I read the article in Daz magazine for the English translation of it in January.

[00:30:32] And I’m online, Dennis, and I’m going, anybody else concerned about this? It’s crickets. I published the article BlazeOnline, and I put it out on Twitter and LinkedIn and said, my God, look what these folks are doing with our data. Is anybody else concerned? And I got nothing back, nothing back.

[00:30:58]  I created zero level of conversation because the consumer was not aware, right. Saying Cambridge Analytica did a masterful job at making people aware of what could be done with their data, unbeknownst to them.

[00:31:13] Dennis Dayman Yeah, no, it’s like, no, that’s exactly it. It’s just, yeah. I think people, the average consumers, don’t understand how technology works.

[00:31:22] A lot of it, I think just comes from the fact that we were just so used to turning something on downloading an app and then, moving along and just going, Hey, things are going to be just fine. Right. And this is just how it’s like, it’s like starting a car. Right? Most people don’t think about how complicated a car is.

[00:31:35] They just get in, start it, put it in drive and hit the gas pedal and they go, but then. the minute that it starts to break down right now, not all of us, like I’m a gear head. So I work on my cars myself, but certain people just can’t do that. So what do you do?

[00:31:49] Well, you go off to a professional and say here, go fix whatever it is. And when that’s just what of how it’s viewed from a viewpoint. And it’s funny that your wife sees that creepy because my wife is beginning to see that now as well. Before I joked and was somewhat serious that my wife would give away any part of her PII to get a buy one, get one free coupon for shoes.

[00:32:09] But nowadays, as I, as I meet my device in my office, her shift, so she doesn’t go off when I say her name but Alexa now that is in our houses, right. she’s starting to see things and she’s kind of going, wait a minute. Is that Alexa you need, because all of a sudden, now I’m getting this advertised.

[00:32:25] It’s been on my Instagram feed and this is weird. And I’m like, welcome to how this stuff works. And, and, and she now is beginning to realize, again, how complicated it is and why it’s so concerning to consumers, and why the regulations are coming out. the way they are that consumers should have immediate access to their information.

[00:32:46] The problem still, I think, is that a lot of these platforms still make it hard. I talked before about how Apple was last year? Well, as especially here in the US was marketing privacy and saying that, every device that you have from Apple is your device and the information that lives on that device is yours to keep.

[00:33:04] And we will do nothing to, abuse that privilege and whatnot. But yet to still see your information in Apple, you have to go through a crazy process. And then even the download, if you’ve ever done it before folks try this out. But, if you go download your data from Apple, it’s a little bit unnerving because one, you begin to realize what they know about you, but number two, you can’t make any sense of it because it’s just garbage goop and you’ve got to be a data scientist to get through it.

[00:33:30] So it’s a little bit weird. But with that sort of in mind, then, I’m kind of curious, if a marketer wishes to use that data information about the consumer, then what do you think is the best way that our listeners should start thinking about that daily interaction with people?

[00:33:46] Derek Lackey Great question. Great question. So there’s two standards there for me first is, if you’re about to do something with that data, you need to ask yourself if I were on the other end, if I were one of the people receiving this message with this weird, what, what would I prefer? Appreciate this? Is this a chip in the bank or a chip out of the bank for the brand?

[00:34:15] Right, right. That’s an important concept because I believe that a lot of emails that are sent are chips out of the bank for the brand, rather than chips hit the bank. in other words, it’s, it’s more about what the brand wants them, what the consumer needs or the consumer would like. And I believe that you’ve got to fall on the side of, ask yourself, is this a chip in the bank for the brand

[00:34:42] before you send a message? Or is this message so important to our brand to get out there that we’re willing to risk that even though it’s a chip out of, out of the bank, it’s still worth sending. So I think. Thinking like that. And coming from your consumer’s shoes, rather than your corporate need to get another, you’ve got to fill your number of messages this week, therefore hit send.

[00:35:15] Right? I think that that kind of marketing has got to fall by the wayside. And, I, I don’t think you need it. Explicit consent for everything. But I think you got to ask yourself, what would my audience reasonably expect me to do this right? And if it meets that measure, then you’re at least onsite with most laws, but more importantly, you’re onsite with your consumer.

[00:35:47] Right now it’s I don’t know if you’ve caught the controversy here with Tim Horton’s loyalty.

[00:35:55] Derek Lackey I mean, that was crazy. Like why they needed to know if that author was going to Morocco or whether it was walking into a Starbucks. That’s none of their business. Right? Well, that’s really it.

[00:36:08] Dennis Dayman I mean, yeah, that’s it. I mean, it’s like, you have to ask yourself who’s benefit are you collecting this data for, is it for you as the brand, or is it for the consumer? And if you can’t succinctly answer that question in the positive, if you will, towards the consumer, then you have a problem or it’s the same way that we always talk about applying the grandmother test.

[00:36:27] Would you do this to your grandmother? We’ve been talking about that forever on this podcast, right. but if you make that wrong choice, Then this will be problematic and it’s going to, and as we move forward in the next several years, I think we’re going to continue to see that, which brings me to my next question is in terms of what you’ve seen, in terms of our listeners, what are the consequences on email spam due to privacy?

[00:36:52] It’s like, I mean, I feel like we saw a bunch of stuff happen and then it kind of died a little bit, but do you expect the marketers need to be aware as a Hey here comes the onslaught, right? I mean, we’re getting serious about this. We’re seeing now in the US States are now making their laws, but what do you see around that?

[00:37:08] Derek Lackey We’re moving to the same model here in Canada, by the way. So PIPEDA has not been updated, and there seems to be no political will here to deal with this whole issue. So, the provinces are taking it on. So Quebec and Ontario have both just launched. Quebec a little ahead. They’ve put a proposal out for public opinion.

[00:37:35] Ontario is in the process of developing that proposal. They’re saying, okay, if you, if the federal is not going to take care of it, we will. But if we go back to your question, I think that what’s, what’s going on strongly depends on enforcement. And I think that a single body, like a DPA in Europe or the CRTC here in Canada, cannot be expected to uphold a law, like CASTLE that we do require the private right of action.

[00:38:09] So, that’s the scary part of the private right of action in my opinion is frivolous lawsuits. But quite frankly, anybody who is complying with the law and not spamming, or shouldn’t be worried about it. Because I think that the courts could put the real onus on the lawyer bringing the private right of action to make sure that all of his candidates are qualified and that they meet the measures.

[00:38:39] So in other words, the frivolous lawsuits where somebody wasn’t aware that they met the measure of implied consent because they were a customer of that store. For example, therefore the store does have a two year period where they can email them, and they start railing against the store for emailing them.

[00:38:59] That can be vetted out real easy by the private right of action lawyers. Because they can ask a series of questions and the consumer goes, Oh, you mean they have implied consent on me and the lawyer goes, yes. So your claim is not valid. So you’re not part of this lawsuit. I think that threat of frivolous frivolous lawsuits was the business associations, the manufacturer’s association and retail council, they all scared the daylights out of the government saying, there’s going to be tons of frivolous lawsuits. We don’t know if there would have been quite frankly, right. Because we knew we’d never go down that road.

[00:39:45] But I remember minister Bains said to me, in a private council, he said, “we’re studying the private right of action”. I said, “how can you study something that isn’t”. Right. You, you didn’t. Yeah. You didn’t put it in force. How, what do you mean you’re studying? Are you studying? You would have had to put it in force in order to study it.

[00:40:10] I fall on the side of, we should have put it in force with a three-year review to say, you know if this is causing businesses more problems then we should change it. Right. We should, it tighten what qualifies or, but the private right of action is key. And I think that you’re going to CCPA, it’s not going to be the attorney general.

[00:40:42] It’s going to be the private right of action that has companies stand up straight and pay attention, pay attention. Right, right. Well, I think that’s, again, a little bit of rant about this stuff.

[00:40:56] Dennis Dayman No, but you should, but you should because you have a love for it that I think a lot of people don’t understand, you know what it means.

[00:41:03] I mean, yeah, we have our cheerleaders, if you will, right. People that really understand this stuff and that, and have a passion for it. Right. And, somebody has to be out there talking about it. Right. And sharing their perspectives on us. And if we don’t do this right, as a love for it, like we had said it, 30, some odd years ago, or at least 20 maybe years ago, it’s like, if we didn’t stand up to fight spam, we would have lost complete control of a medium that a lot of us now today truly rely on and absolutely love to use as a, brands and whatnot.

[00:41:36] And we would have been, I don’t know where we would have been to be completely honest, but if, if we hadn’t had passionate people like yourself, fighting for this sort of stuff, It could be a completely different world. So now you have no reason to apologize for being on rants on this thing, because it is important.

[00:41:51] And I think people need to understand this. and, and, and really with that, I, Derek, I want to thank you for being a part of the Netcore ForTheLoveOfEmail podcast. This has been great information. I think hopefully it will help marketers and brands understand that privacy is important and that there are a lot of things that they need to consider and not just in their own country, but other places as well.

[00:42:12]is there anything that you’d like to tell the listeners in terms of how they can get in touch with you again, or maybe read about your blogs or anything? Are there any URLs that you want to throw out there to them?

[00:42:20] Derek Lackey Yeah, sure. Probably the best one. And thank you, Dennis, for that, is, bestofprivacy.com.

[00:42:26]we, we curate the best articles we can find on privacy and what’s going on. And we, we don’t care where they’re from as long as they’re good. And so we try to weed out the fluffy stuff and not post it there. So the bestofprivacy.com is probably the best one for privacy and data protection.

[00:42:48] Dennis Dayman Okay. That’s awesome. That’s awesome. Well, thank you very much for that. Listen, folks. We hope this is again, helps you guys understand and gain some clarity on email and data privacy laws that are out there. as you guys have heard what we’ve been able to learn on how they affect marketing and some of the issues that are going on, and what we’re seeing, and Derek said very passionately, right?

[00:43:07] And what’s going on with consumers and, and this marketing and marketing spectrum that’s out there. I want to remind everybody again, if you guys need help. Right again, check out Netcore, right. As you already know, the Netcore is a global email engagement leader using an AI-powered email delivery and campaign solution.

[00:43:24] And they’ve been working for about two decades now helping their customers deliver the highest ROI that’s out there. As I said earlier in this episode brings us to the end of season one ForTheLoveOfEmail podcast, we’ll be taking a very short break from our regular recording schedule, but we will be returning with an exciting season.

[00:43:43] The second season in just a few weeks. I personally also want to thank the Netcore team for having me be a part of this inaugural series and I also want to thank the listeners if you will, for being a part of this journey with us. Again, we hope that you have found the information helpful and actionable and have broadened your horizons.

[00:44:02]and for those that are just now catching us and realizing you’ve missed the entire season. You know what, don’t forget to subscribe, right? We actually have an archive of net cores, weekly podcasts on Spotify, iTunes, Google Play, Stitcher, or you can visit netcorecloud.com for more information on our season one and those guests and episodes.

[00:44:22] And again, Derek, thank you very much for being a part of this and to everybody else, please stay safe, healthy, and thank you, our listeners. And we’ll be back again with our next season pretty soon. Thanks a lot. Take care.

Unlock unmatched customer experiences,
get started now
Let us show you what's possible with Netcore.