Privacy Law and Policy Reporter
Office of the Data Protection Registrar (UK)
This is a Discussion Paper published by the Office of the Data Protection Registrar, United Kingdom in May 1997, ‘Privacy Enabling Technologies: Suppression Markers in Internet Addresses’. Comments may be directed to Rosemary Jay, Legal Adviser, Office of the Date Protection Registrar, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or by email to firstname.lastname@example.org (General Editor)
There is an increased interest in using Internet addresses for direct marketing. E-mail addresses can be used for marketing ventures in the same way that postal addresses can. An e-mail address can be targeted after a user has visited a site. The site owner may record the e-mail addresses of visitors to the site and subsequently send e-mails with advertising content to the visitors’ addresses. Additionally site owners may decide to pass on the lists of addresses of those who visit their sites to others who may use the information to send marketing material. E-mail addresses can also be collected by visiting discussion groups, bulletin boards, news groups etc, and obtaining the e-mail addresses of participants. Such information may then be used either for the obtainer’s own marketing or to rent out the lists of those addresses to others. In other cases e-mail addresses may be collected or monitored for other reasons such as market research.
Clearly some individuals will not want to have data about them collected or to received unsolicited promotional e-mails as a result of visiting particular sites or taking part in particular groups. The question arises as to what they can do to prevent this happening. Although in countries with Data Protection laws other considerations also arise, part of the solution could be the introduction of a mechanism whereby individuals can make their wishes clear to those who might use the Internet to collect data or to send them unsolicited marketing material.
In the UK those obtaining information which they intend to rent out or use for non-obvious purposes are obliged to notify the individual of that fact when they first obtain the information. However that is not a universal requirement nor does it replace the need for effective suppression mechanisms. In traditional postal direct marketing Robinson Lists have developed. The UK equivalent of the Robinson List is the Mailing Preference Service (MPS). These lists work by an independent organisation maintaining a central register of the surnames and postal addresses of those individuals who have notified them that they do not want to receive direct marketing material. The names are made available on tape or disk to direct marketers. Marketers ‘clean’ their mailing lists by running their lists against the MPS file and applying a suppress marker to anyone whose surname and address appears on the MPS file.
Marketers are not required to apply MPS suppression to lists of their own customers but should apply it to any more general consumer lists they use for promotional mailings. The system in the UK has grown enormously over the last ten years and provides an effective mechanism for suppressing the names and addresses of those who object to receiving unsolicited marketing literature.
More recently a Telephone Preference Service (TPS) has been introduced through which consumers can similarly register that they do not wish to receive unsolicited, telephone marketing calls. A fax preference service is under development. In many countries the concept of Robinson Lists is incorporated into relevant industry standards and codes of practice. Additionally in some European jurisdictions Robinson List mechanisms are backed up by regulatory regimes, for example in the UK the Data Protection Registrar can take action against data users who fail to honour suppression requests.
As the use of addresses on the Internet for direct marketing grows the question of how an MPS/TPS equivalent can be developed and applied arises. This paper sets out an outline proposal for a way of dealing with the suppression of marketing material at the choice of the consumer. It deals only with suppression not with obtaining information in the first place.
Robinson Lists are national lists whereas the Internet is international. In considering a solution we have to aim for one which can work internationally.
The Internet is not owned or controlled by any one group. It is largely self policing. It has developed its own etiquette and behaviours policed by the responses of individual users. In such an environment a suppression system is more likely to be effective if it is one that is owned, driven and used by individuals rather than imposed by a governmental or regulatory body. The concepts of individual freedom and free speech are fundamental to the Internet. A successful suppression system must not unduly inhibit the rights of individuals to speak or trade freely
A suppression system should also be capable of being incorporated into a variety of industry standards and codes of practice and taken into account in different regulatory regimes. It should therefore by simple and universally applicable.
A simple and universally applicable mechanism would be for consumers to be able to indicate and communicate their wishes directly in their e-mail addresses. The essence of the information on a Robinson List is that the person does not want to receive unsolicited mail at a particular address. There seems to be no reason, on the Internet, to divorce that message from the address itself. There should be no need to keep separate lists which have to be matched and transferred. If the message that the individual does not want to receive unsolicited mail, and therefore does not want his or her information retained or used, can be put into the e-mail address it fulfils the test of being internationally available, simple and owned and controlled by individuals. It would also be capable of being backed up by regulatory sanctions in those jurisdictions where that was appropriate. For example in the UK if a direct mailer failed to honour an indication in an address the Registrar would be able to take regulatory action against him. In other jurisdictions it might be the basis for an individual civil action.
The means by which a consumer indicates in the e-mail address that he/she does not want to receive unsolicited mail could be some form of ‘privacy marker’. The technical aspects of e-mail address construction and use are obviously complex but it appears that the part of the e-mail address to the left of the ‘@’ is chosen by the user. Could there be a convention that some agreed character immediately before the ‘@’ indicates the user’s wished in connection with unsolicited marketing material? For example J.Smith+PRIV@XYZ.UK would contain no such indication. The marker need not be culture specific; it could simply be a string of letters as long as it became universally recognised.
The concept of a marker could allow for a variety of messages in addresses. For example an address in the form +PRIV@ ... might indicate that an individual does not want any information sent to him or her. Alternatively he or she might use +PER@ ... to indicate that he/she does not want the address passed on to others, although he/she would not object to information from the site owner.
Markers could allow the individual the freedom to make different choices about different contacts. An individual might put a marker on visiting one site but not put the marker on when visiting another or he might use different markers on different sites.
If common and universally recognised privacy markers were available they could be combined with suppression programmes also made publicly available which site owners could run against their lists and use to suppress or erase any addresses having the relevant privacy markers.
In the longer term if the concept proved feasible then it could perhaps be extended to incorporate indications of other areas of choice.
The aim of the proposal is to promote a method whereby ordinary individuals can prevent the receipt of unsolicited, promotional e-mails. It would require a wide degree of understanding and acceptance by users to be effective. There could be other solutions to the problem that would prove equally or more effective. However, the purpose of this paper is to foster discussion.
What are the cultural and social issues? Is this a proposal that Internet users would adopt? Does it fit in with the culture and norms of the Internet environment? How could the proposal be taken forward? Is there a body that would be able to develop and launch such a scheme? How does it fit with other initiatives in this area? Are there other proposals that would achieve the same result more effectively?
The Registrar would like to see the concept considered, possible as a Request for Comment or by one of the groups working on Internet Privacy and will be putting this paper forward for consideration.