In lesson eleven of Revinate’s email certification course, Kristina Haga, Senior Hospitality Marketing Strategist, reviews the laws around email that protect citizens from unwanted correspondence. (Since laws vary by country, and even state, marketers are encouraged to speak with a lawyer to verify that they’re operating in compliance with laws.) In general, here are the laws governing email and the main points of each law:
CAN Spam (USA) – You can email people without their permission until they opt out. But when they opt out of your communication, you must stop emailing them.
CCPA (USA) – The California Consumer Privacy Act allows California residents to ask businesses to disclose what personal information they have, going back one year, and what they do with their information. They can request that their personal information be deleted and not sold.
Applied Consent (Asia) – Businesses can only send information about similar products and people may opt-out of emails.
GDPR (Europe) – There are four main pillars to GDPR
- Proof of Consent – Consent requires a positive opt-in. Silence, pre-checked boxes, or inactivity will not be accepted as consent. Individuals must be clear on why they will have to provide personal data and for what it will be used. It’s mandatory to keep evidence of how and when you request, obtain, and document consent.
- Right to Data Portability – EU citizens have the right to access and request a copy of their own personal data at any time. They can update, delete, restrict, or move their data to another organization without interference, under any circumstances.
- Right to be Forgotten – Under the GDPR, individuals have the right to request a controller delete all of the information known about them and end further distribution of the data.
- Right to Refuse Profiling – This gives EU citizens the right to avoid being targeted specifically based on their data. Profiling, as defined by the GDPR, requires an outcome or action of some sort as a result of personal data processing. Fortunately for hotels, they can exclude guests from marketing segments.
Revinate worked closely with hoteliers to prepare for GDPR to take effect in 2018. You can find detailed information on the Revinate Blog if you would like to review the regulations.
Other terms you should be familiar with as you explore the laws of email:
Explicit Consent: A contact has provided explicit permission to be emailed, whether through a form or by checking the box on a paper form, such as upon check-in.
Implicit Consent: A contact has done business with you (eg stayed at your hotel or eaten at your restaurant) and has legitimate interest in your products or services.
Data Controller: The entity that determines the purpose and method of processing the personal data. In this case, the data controller is the hotel.
Data Processor: The entity that processes data on behalf of the data controller. Oftentimes, data processors are vendors and contractors for hotels. In this case, the data processor is Revinate.
Data Subprocessor: The entity that processes personal data on behalf of the processor in order for them to complete their work. An example is Send Grid, helping hotel marketers with their email deliverability.
If you didn’t learn anything new from this blog post, you might be ready to take the email certification test today. If not, continue watching the lessons. There are 14 lessons in the course. Complete them today.