Friday, May 05, 2006
There was some timely and topical information in the iTechLaw session on Current Issues in Online Marketing, and my notes follow. I'm just capturing the highlights here, and have inserted an aside or two in brackets.
David Bender, Online Marketing and Privacy
Privacy can be a strong marketing issue. Recommends an article by Martha Rogers and Don Peppers, called Return on Customer. Privacy is an important means to build customer trust and cut down customer "churn." Also references an article from the Ponemon Institute. Purpose of the survey was to determine the perceptions of people who received security breach notices, occasioned by losses of data or network security holes. The survey sought the reactions of those who learn their data may have been compromised. The survey revealed that 19% of recipients had or would terminate their relationship with the company, 40% were considering termination, 58% lost confidence in the company. 52% thought the notice was confusing/ineffective (email, customers assumed it was spam; phone, assumed it was telemarketing; mail, assumed it was junk). 36% thought the potential injury wasn't properly explained, 41% believed the company was holding back information, 5% had retained lawyers to seek recourse. Emphasizes the importance of avoiding these situations through proper security. If one of these situations does somehow nevertheless come up, you have to make the communications timely. Only one good reason for any delay: you may be required to wait by a law enforcement agency in order to investigate the facts. The communication has to get across the fact it's an important message and not junk mail. You have to consider how much it is worth to you as a business to retain your customers when choosing the means of communication. Companies who used a form letter/email were more than 3 times as likely to lose the customer than those who drafted personal messages. It has to be comprehensible. It has to explain what types of information has been compromised, to whom, and what kind of injury is likely to result. Think about providing extras, such as free credit monitoring and a toll-free hotline. Key point: 12% of respondents to the survey said their confidence in the organization increased when their perception was the situation had been handled properly.
Better to prevent something from happening, but there are good ways and bad ways to deal with the situation and it can make a big difference in what a company's customer base will look like after the event.
Jay T. Westermeier on Liabilities of Search Engines in Key Word Advertising
Jay thinks this is one of the more exciting topics addressed at the conference. The whole field of Internet advertising is balooning; by 2010 it's expected that $55 billion will be spent on online advertising worldwide. Keyword advertising is the biggest component. The legal battle with respect to the use of trademarks as keyword triggers is one of the major issues in the law today. To review, keyword advertising = the ability to link ads to particular search terms. Adword programs are a little different, but still based on context and trigger terms, and potentially trademarks as trigger terms. Jay did some sample Google searches for Motorola, Dell, and Microsoft, demonstrated how advertisers are using the search term/trademarks to link ads to searches. Google and Yahoo have different policies concerning trademarks as search terms.
Playboy v. Netscape involved Netscape's and Excite's use of "Playboy" as keywords triggering delivery of ads. Court (9th Circuit) found there was enough evidence of initial interest confusion to grant a preliminary judgment. The evidence was focused on the ads, that were not well marked and it was difficult to tell the ads weren't actually associated with Playboy. We never got a precedential decision out of this; the case settled.
In the 2nd Circuit, SaveNow software used the "1-800 Contacts" mark, and there were pop-up ads related to user activities. But the ads weren't publicly available (displayed only in client software), so no confusion.
Geico v. Google: Geico failed to meet its burden on likelihood of confusion. Recent Merck case involved ZOCOR mark, and in Edina Realty case, use of the search term was a use in commerce and violation of Lanham act. Wells Fargo and WhenU cases (earlier); no infringement. Pure machine linking function. Laptraveler case: postdomain use of mark not infringement (i.e., something.com/laptraveler).
Yahoo no longer allows bidding on keywords containing competitor trademarks. Implementation will be interesting/a challenge. This issue is a dilemma and cries out for trying to reach a balance between trademark owners and advertisers. Have to retain goodwill and quality associates with the mark, have to also let the business of Web search and the enormous and growing advertising economic market go forward.
Matt Gold of the FTC, on the Role of the FTC in Online Marketing
Views expressed here are his own, not the FTC's. FTC receives about 200,000 online fraud complaints/year. Largely involve offline problems that have just migrated online. "Old wine in a new bottle." In 1997, FTC concluded that the problems of the Internet were the same problems seen in the offline world, though the Internet could amplify the problems (pyramid schemes, etc.). Those conclusions still bear out today. Recent cases have involved miracle cures and online opportunities, for example. In the late '90s though, other sorts of problems started cropping up, started seeing new things unique to the online world such as modem hijacking (long distance calls), pagejacking (tricking visitors onto sites they didn't intend to visit), and mousetrapping (disabling the back button, not letting a visitor out).
The FTC has an Internet lab in Washington, D.C., set up apart from its computer network. They also have "virgin" computers there, can test programs suspected of spreading spyware or other wrongdoing. The FTC does education by participating in consumer.gov, enabling people to find information from various government agencies based on subject matter. Dot Com Disclosures is relevant info for companies. The FTC also has created about a dozen fake ads online. One is for a phony product called NordiCaLite. The person who clicks through learns, courtesy of the FTC, they could get scammed by responding to an ad like this. [Someone must have found and aggregated all these, yes?]
Spyware: slippery definitional issues, but it has to be something that installs without consent and can cause harm (changing home page; degrading performance; loss of Internet access, modification of system files, etc.) The FTC uses its Section 5 (general) authority to regulate, which means they must prove it unfair or deceptive. Generally the FTC uses the unfairness prong. FTC v. Seismic Entertainment Productions, Inc. is an example. Changed default search engine, installed adware, both charged as unfair practices by the FTC. Spyware also generated ads for a product that allegedly would remove the spyware (but of course didn't work). Case filed in New Hampshire, ongoing.
FTC v. Odysseus Marketing Inc. Kazanon installs additional programs (in addition to itself). There was a disclosure, "the typical EULA, very very long," and the FTC asserted this did not constitute adequate disclosure. Showed screen shots of comparative Google searches, Kazanon kept the look and feel, but changed all the sponsored links that displayed.
Françoise Gilbert on SPAM and Compliance Issues
Marketing channels take many facets, need to consider mail, fax, mail, wireless, as well as email spam. [Let's not forget doorknob spam.] CAN SPAM Act: focuses more on commercial email, the primary purpose of the message dictates whether it's commercial. If so, it can contain no false or misleading messages, there must be an opt-out, the opt-out must work and be implemented within 10 days. There can be aggravated violations of the Act by using tricks such as creating multiple email accounts or harvesting addresses. Enforced by FTC and state attorneys general. Recent cases have focused on people negligent in their implementation of the Act, basic requirements not satisfied. The size of the penalties have been large: Jumpstart $900,000, Optin: $2.4 million. Much bigger than the penalties imposed under earlier laws. Important to get across to companies that the risks associated with violations is very high.
Compliance: it's important to implement procedures. There should be a CAN-SPAM compliant email marketing policy, privacy policies, document retention policies. Policies should be simple and easy to implement, but should take into account there are a number of gray areas where decisions should be left to legal rather than an aggressive marketing staff. There's a provision in the CAN SPAM act allowing for opt-out to be more granular and have a menu of options; this can be an affirmative marketing tool and should not be ignored.
Datran Media LLC case, prosecuted by the NY state attorney general's office. Datran purchased address lists but didn't do proper due diligence as to origins, addresses came from sites who had told customers their information would not be sold. Holding: a written warranty or representation can't be relied on, the purchaser of such lists must independently review, investigate, and confirm the information was legally obtained.
Subcontractors: companies who delegate their advertising and outreach to third parties should have provisions in their service agreement about proper due diligence and compliance with anti-spam laws.
Must consider consequences of anti-spam compliance in connection with M & A as well. Need to consider whether transferring customer databases is prohibited by CAN SPAM, for example. There's an exception for customers who provided affirmative consent to transfer when originally supplying the information. Past violations may accrue to acquiring company and should be taken into account. Think too about consequences of merging databases and differences in policies toward interacting with customers: can policies of a small company be required to alter the policies of a large/global acquiring company? It's possible.
David Schellhase (Senior VP and GC, salesforce.com) on Legal Issues in the Online Service Subscription Model
Comments are David's views and not those of salesforce. Also, he's not aware of any reported decisions significantly related to this new and still developing business model (i.e., selling software as a service). There are both legal and commercial issues around software as a service, and commercial issues that are disguised as legal issues. Salesforce does software on demand and Web delivery. The identity of the entity delivering your applications and functionality is the primary difference from old software delivery models. Companies outsource and/or supplement their IT departments by using salesforce. Subscription terms can be long or short term. Again, old wine in a new bottle. The kind of agreement you sign looks a lot like a traditional enterprise software license, with some new twists. The issues that come up in customer negotiations are mostly commercial, not legal. But there are legal issues such as privacy and data protection, limitation of liability, warranty, policing behavior of customers and users (indemnities sometimes important). Privacy and data protection: the data on salesforce's service comes from all over the world, and winds up replicating data of international companies on servers in the U.S. EU privacy considerations, customers concerned about privacy concerns and exposure of data to U.S. government, potentially. Salesforce tells customers it will comply with properly issued subpenas, so they're on notice. Limitation of liability: salesforce does this by contract, has customers indemnify against third party claims. The customer has a similar problem going in salesforce's direction (gives up control of data management, etc.) Limit salesforce uses is 1.5 times a customer's annual fee. Warranties: look like most enterprise software warranties, the service will work in accordance with the documentation. What gets warranted though is a moving target. Policing customer behavior: there is some element of monitoring that goes on. Salesforce monitors a customer's use of the system, but not the data itself. User identity issues: is a user on the U.S. denied parties list? From an embargoed country? Difficult points in the customer agreement are indemnities, confidentiality. Service level agreements: online software providers frequently asked to give assurances that the service will be available for some limited number of hours daily or monthly. Oracle learned six years ago that just offering money back if not delighted is not enough. Disaster recovery: industry is still evolving standards as to what constitutes an acceptable amount of downtime and when a customer is brought back up. Getting data out at the end of the relationship must be dealt with. Future directions: there's no much regulation here yet, but David anticipates there will be. Salesforce anticipates it will do $450 million this year. Thinks that service level agreements will slowly go away and service providers will be perceived as a utility with similar expectations on the parts of all involved. [See Google: gmail, calendar, gtalk, etc.]
Unless otherwise expressly stated, all original material of whatever nature created by Denise M. Howell and included in the Bag and Baggage weblog and any related pages, including the weblog's archives, is licensed under a Creative Commons License.