Look at your email practices and make sure you are not stepping over ethical boundaries by assuming permission that has not been given.

Whenever I think I’ve seen it all after 20+ years as an email professional, a brand does something to surprise me – and often not in a good way. 

As we work our way through the COVID-19 experience, companies are striving for revenue any which way they can. Most are doing it by ramping up their existing channels. Some are blowing out everything they can in a desperate attempt to make their numbers. 

But today I’m going to talk about what happens when a company goes too far. 

Before I start with the story, I need to state that this was my experience, along with a dear friend who replicated what I had done. I do not know the extent of either party’s volume on these practices nor the selection criterion (if there is one), but I share this because what happened to me goes against everything that we profess about the email space.

Primary among those beliefs is that email marketing should be permission based.

Now, I realize that I might be hypersensitive to this because I know what companies do with data. I have no expectations of privacy. But here’s the situation.

I’m building a new house, and I have to buy things, like a commercial stove, a refrigerator and an outdoor barbecue kitchen. I’ve been doing a lot of research, watching videos and visiting lots of websites, many for the first time. That’s how I found myself on the BBQ Guys site, which had an interesting mix of the products I’m looking for.

I was in my element, poking around the site, checking out product pages. Then I had to break off my hunt to take a conference call. When I came back to my inbox later, I found this email from the BBQ Guys:

A screenshot of a social media post Description automatically generated

The email showed my entire browsing history. As a consumer, my first reaction was “What the …?” But as an email marketer, I thought “What the HELL is this?!”

At first glance, this looks like your typical browse-abandonment email. Browse abandonments walk a little closer to the creepy-data line than cart-abandonment emails, but they’re acceptable if you’ve already given the brand your email address.

And there’s the rub. I never opted in to the BBQ Guys email program. So, how did they get my email? 

The answer is in the return email address. It’s not from the BBQGuys, it’s from some company called SafeOpt. I can only guess SafeOpt must have bought my email address from someone, and BBQ Guys contracts with SafeOpt to send email to browsers like me.

Then I asked a friend to replicate my behavior and see if she got the same experience. BAM!  She got the same email with her history and had not signed up. Further, she did not immediately opt-out and got this follow-up email:

3 reasons why it’s wrong and can cost you customers and sales

1. It’s beyond creepy.

A creepy data experience is seeing companies use your information that you did not give them.  From a business standpoint, creepy data is the use of data that your subscribers or customers don’t assume you have.

It would be getting a “happy birthday” email from a site I shop at regularly – if I had never given the brand my birthday. Or, back in 2012 when the Obama campaign told me whether my friends were registered to vote.

I have had many creepy data experiences. I’ve written about them several times, including this post on Marketing Land: “What’s the future of consumer data now that Facebook is pulling back?

Creepy data is even creepier these days because of all the data breaches at familiar brands like NameYourDepartmentStoreHere.com, as well as access to this data from reputable firms. Emails like this from BBQGuys/Safe-Opt strike at the core of consumers assessment that their data is compromised.

You could argue that the BBQ Guys’ use of my email address is relevant because the email I got related to my behavior on the site. But it’s actually creepy because I didn’t ask to receive email or give them my address. I clicked the “No Thanks” button on the huge popover that appeared only seconds after the homepage loaded, asking me for my email address as part of a contest. 

See the problem? I said no upfront, but the company decided that I really did not know what I was thinking. They were the ones who should decide their value to me. That, friends, is just plain wrong.

Is this legal under CAN-SPAM? Yes, but …. 

I’m sure people from SafeOpt will justify their business model by saying CAN-SPAM allows opt-out email contact. And, yes, it’s legal. But I will also remind you that CAN-SPAM is the bottom rung in deliverability and privacy compliance. Above that are blocklists, ISPs, ESPs rules of conduct along with international and state regulations.

Claiming that their actions are legal under CAN-SPAM is a hollow argument and don’t get me started on CCPA with this. The fact is they emailed me without permission and have my email address somewhere in their database, and I didn’t give it to them. 

Your email address is your digital Social Security number. That’s why you need to protect it as much as you can and fight back when you see it being used in ways you don’t expect or want. You use it in banking, getting a mortgage, buying a car, opening an account, shopping online and a hundred other ways. SafeOpt has my digital SSN and is using it in ways I didn’t request it. That makes me angry. 

2. A good shopping experience, ruined

Now this brand is just spamming me. I was ready to spend some serious money with these folks. But, because they sent me this unsolicited email, I’m freaked out. I don’t know their ethics, their data practices, why they contracted with this company.

On top of it all, I now see their ads everywhere. I pull up Gmail, and there’s an ad. Google News? An ad. Facebook? Yep, an ad. Heck, it’s all over NextDoor.  

I understand that retargeting is an important tool in a digital marketer’s messaging arsenal, but this is overload. I’m not showing intent to purchase, like putting something in a cart and then abandoning it. All the company had was my browser behavior. 

What I take away from this experience is that I don’t want to do business with this company. I don’t know how stable it is if it’s wasting money on advertising like this. The brand ruined a relationship because of its overly aggressive marketing. 

They were like the brand version of a bad used-car salesperson. I don’t care how sexy the car is. I’ll go somewhere else if I have a bad experience at the dealership.

3. People are more worried about data abuse today.

In this time of COVID, economic turbulence, politics and elections, everyone is on edge. I haven’t been out to a restaurant since early March.

I understand companies are trying everything they can to make back the money they lost through lockdowns, quarantines and consumer skittishness about going out in public places. 

One reason why we email marketers focus so much on acquisition is because we want people who want our information – the people who sign up for our emails. I didn’t sign up for the BBQ Guys email before I left the site because I wasn’t interested enough at that point to buy. 

But the company assumed that the ability to uncover my email address from someone besides me automatically gave them permission to contact me. It might be legal, but it’s incredibly unethical.

Wrapping up

You could construe this column as a rant. I’m perfectly open to that. But before you do, look at your own practices in email, social media or mobile. Does what you do make you look desperate, too? You could be stepping over ethical boundaries, assuming permission that hasn’t been given.

I get that companies are suffering business losses from COVID. But that doesn’t entitle them to email me – or anybody – when we don’t explicitly ask for it.

The SafeOpt guys are not safe, and they are not opt-in. Now, they did respect my unsubscribe, so 1 point for them. But they’re already at -1000, so it doesn’t matter. And my friend, who neither opted in nor used the SafeOpt unsubscribe, has not received any follow-up emails. Yet. 

I’d like you to take two lessons away from my experience:

1. Speak up. When you see things you know aren’t right in digital marketing, stand up and say it.

2. Audit yourself. Look at your own program, and make sure you aren’t over-reaching. Back in the days before CAN-SPAM, the FTC said self-regulation was the preferred path. For the most part, the email industry regulates itself, and our entire ecosystem depends on it. 

Services like SafeOpt are what give email marketing a bad name. Maybe you think it’s a brilliant tactic. But this is why consumers hate email.

Originally posted on MarketingLand.com