The Internet is all abuzz with news about the EU’s updated GDPR (General Data Protection Regulation) that goes into effect this month (May 2018). The concern for most Indie authors and small business owners is that they know and follow the regulations so they don’t get fined.
GDPR is a European regulation, not a regulation for the United States. However, if you do business with people in Europe such as selling books directly to Europeans or sending marketing emails to people residing in Europe, then you must abide by the GDPR in your practices.
In a nutshell, the GDPR requires that you engage in “permission marketing”. This means that in order for you to send marketing communications to individuals in Europe, they must give you permission to register them in your database. In plain English this means that people must sign up for and agree to receive your email notifications. So, if you are already receiving permission from people to send them emails, basically you are in compliance with GDPR. To learn more about how GDPR effects authors with email lists, you can listen to a great podcast on the topic at: https://selfpublishingformula.com/episode-117.
US’s CAN-SPAM Act
In the United States, the CAN-SPAM Act regulates email marketing. Currently, the regulation does not require that you get recipients’ consent before sending them commercial emails. However, the CAN-SPAM Act does require that you provide an “opt out” to the recipient in the email and that you list your physical address in each email you send.
While the CAN-SPAM Act does not require that you receive people’s express permission to be added to your mailing list, it is best practice and strongly recommended.
The Issue with Customer Data
The GDPR is all about keeping customer data safe. After multiple data breaches (think about the recent Facebook data scandal), the governments around the world appear to be taking a strong stand on helping ensure that people’s personal data remains safe and that individuals remain in control of when and how their data is used.
Another big item in the news recently had to do with Google denying Concordia Publishing House the ability to enter a religious ad in the Google Ads program. At first, the issue looks like another censorship of religious freedom. However, upon closer inspection, the matter has to do with retargeting ads and this topic of customer data and how it is used.
Here is how retargeting works. Google tracks which sites you visit and then use this information to allow companies to show ads to people who have visited their website. In other words, if I view a certain book on Amazon, Google tracks that. Amazon can then pay Google to place an ad for the book I viewed in front of me when I am browsing the Internet. The idea is that the more exposure I receive to a product I have showed interest in, the more likely I am to purchase that product.
It turns out, Google does not allow expressly religious ads to be included in their retargeting program. They know that people’s data is sensitive, so their retargeting ad policy states:
“Advertisers can’t use identity and belief categories to target ads to users or to promote advertisers’ products or services.”
For a great in-depth explanation on why Google believes that identify and belief data is sensitive, you can read the article by Levi Nunnick at: https://medium.com/@levinunnink/no-google-is-not-attacking-cph-a20350e12453.
With GDPR, ad retargeting programs will need to get customers’ permission to show them retargeting ads since this involves their personal data.
Personal data and how it is used will continue to be an evolving area for anyone involved in collecting people’s data (including email addresses) for marketing purposes. I do not believe there is any reason for angst over this issue. Using best practices will help keep you in compliance with all laws.
Don’t miss out on any of the great information shared in this blog. Subscribe to receive each post in your email box. Just click here.