Legal, intent-based advertising
You're leaking revenue…
Our ID Resolution Partner is building a privacy-first, intent-based advertising network that benefits consumers, brands, and publishers through mutually beneficial products.
Disclaimer: This summary is intended solely for informational purposes and is not legal advice or intended to create an attorney-client relationship between any law firm and any recipient. This is not an exhaustive summary of all issues relating to the topics discussed.
Introduction: Using existing technology, companies can obtain email addresses of website visitors who have not disclosed their email address to the website owner. This summary discusses some legal issues related to the use of this technology.
Disclaimer: This summary is intended solely for informational purposes and is not legal advice or intended to create an attorney-client relationship between any law firm and any recipient. This is not an exhaustive summary of all issues relating to the topics discussed.
Introduction: Using existing technology, companies can obtain email addresses of website visitors who have not disclosed their email address to the website owner. This summary discusses some legal issues related to the use of this technology.
CAN-SPAM and Email Harvesting:
CAN-SPAM prohibits email harvesting, which is defined as obtaining email addresses from a website using automated means when the website has a notice stating that the operator of the website will not transfer email addresses for the purpose of allowing others to send emails to the address. Our ID Resolution Partner ensures that the Technology does not collect or provide email addresses from websites that prohibit email address harvesting.
CAN-SPAM prohibits email harvesting, which is defined as obtaining email addresses from a website using automated means when the website has a notice stating that the operator of the website will not transfer email addresses for the purpose of allowing others to send emails to the address. Our ID Resolution Partner ensures that the Technology does not collect or provide email addresses from websites that prohibit email address harvesting.
Opt-Out – Not Opt-In:
While some jurisdictions outside of the United States require an affirmative opt-in to send marketing or commercial emails, the US is an opt-out jurisdiction since the passage of CAN-SPAM. This means marketing emails can be sent to recipients unless and until they have opted out of receiving marketing emails from the sender. Our ID Resolution Partner adheres to this by ensuring that users of the Technology can send emails to acquired addresses provided the recipient has not previously opted-out.
While some jurisdictions outside of the United States require an affirmative opt-in to send marketing or commercial emails, the US is an opt-out jurisdiction since the passage of CAN-SPAM. This means marketing emails can be sent to recipients unless and until they have opted out of receiving marketing emails from the sender. Our ID Resolution Partner adheres to this by ensuring that users of the Technology can send emails to acquired addresses provided the recipient has not previously opted-out.
Legal Compliance:
The sender of marketing emails acquired using the Technology should include an unsubscribe link or other opt-out mechanism in all marketing emails and promptly honor all opt-outs. Our ID Resolution Partner also ensures compliance with CAN-SPAM guidelines by not using false or misleading header information and clearly identifying messages as advertisements.
The sender of marketing emails acquired using the Technology should include an unsubscribe link or other opt-out mechanism in all marketing emails and promptly honor all opt-outs. Our ID Resolution Partner also ensures compliance with CAN-SPAM guidelines by not using false or misleading header information and clearly identifying messages as advertisements.
Monitoring Compliance:
It is crucial to monitor what others are doing on your behalf in email marketing. Even if you hire another company to handle your email marketing, you cannot contract away your legal responsibility to comply with the law. Our ID Resolution Partner ensures that both the company whose product is promoted and the company that actually sends the message may be held legally responsible.
It is crucial to monitor what others are doing on your behalf in email marketing. Even if you hire another company to handle your email marketing, you cannot contract away your legal responsibility to comply with the law. Our ID Resolution Partner ensures that both the company whose product is promoted and the company that actually sends the message may be held legally responsible.
Introduction to CAN-SPAM Act:
The CAN-SPAM Act of 2003 establishes requirements for those who send commercial emails, covering emails whose primary purpose is advertising or promoting a commercial product or service. This includes content on a website. A transactional or relationship message—email that facilitates an agreed-upon transaction or updates a customer in an existing business relationship—may not contain false or misleading routing information but is otherwise exempt from most provisions of the Act.
The CAN-SPAM Act of 2003 establishes requirements for those who send commercial emails, covering emails whose primary purpose is advertising or promoting a commercial product or service. This includes content on a website. A transactional or relationship message—email that facilitates an agreed-upon transaction or updates a customer in an existing business relationship—may not contain false or misleading routing information but is otherwise exempt from most provisions of the Act.
Commercial vs. Transactional Emails:
The requirements of the CAN-SPAM Act differ based on whether the email is a "commercial" email or a "transactional or relationship email." Our ID Resolution Partner ensures compliance with these definitions to avoid penalties.
The requirements of the CAN-SPAM Act differ based on whether the email is a "commercial" email or a "transactional or relationship email." Our ID Resolution Partner ensures compliance with these definitions to avoid penalties.
OPT-OUT and Complying with the CAN-SPAM Act:
Users of the Technology must comply with opt-out requests within 10 business days, and the marketing messages must contain an opt-out or unsubscribe mechanism. Our ID Resolution Partner takes these requirements seriously and implements them in all email marketing practices.
Users of the Technology must comply with opt-out requests within 10 business days, and the marketing messages must contain an opt-out or unsubscribe mechanism. Our ID Resolution Partner takes these requirements seriously and implements them in all email marketing practices.
CAN-SPAM Compliance Tips:
Our ID Resolution Partner ensures compliance with CAN-SPAM by adhering to the following:
Avoiding false or misleading header information.
Using accurate subject lines that reflect the email content.
Clearly disclosing the message as an advertisement.
Providing a valid physical postal address in each email.
Monitoring third-party services to ensure compliance on their behalf.
Our ID Resolution Partner ensures compliance with CAN-SPAM by adhering to the following:
Avoiding false or misleading header information.
Using accurate subject lines that reflect the email content.
Clearly disclosing the message as an advertisement.
Providing a valid physical postal address in each email.
Monitoring third-party services to ensure compliance on their behalf.
Opt-Out and Complying with CAN-SPAM Act:
It's critical to comply with opt-out requests swiftly and accurately. Our ID Resolution Partner ensures that any opt-out mechanism provided is functional for at least 30 days after the original message is sent, and that recipients' opt-out requests are processed within 10 business days.
It's critical to comply with opt-out requests swiftly and accurately. Our ID Resolution Partner ensures that any opt-out mechanism provided is functional for at least 30 days after the original message is sent, and that recipients' opt-out requests are processed within 10 business days.
Disclaimer and Introduction to Legal Compliance:
This information is provided for general informational purposes and does not constitute legal advice. No attorney-client relationship is created between you and any attorney. For specific questions regarding CAN-SPAM compliance, consulting with legal counsel is recommended.
This information is provided for general informational purposes and does not constitute legal advice. No attorney-client relationship is created between you and any attorney. For specific questions regarding CAN-SPAM compliance, consulting with legal counsel is recommended.
Introduction to the CAN-SPAM Act:
The CAN-SPAM Act sets forth requirements for sending commercial emails, ensuring transparency and giving recipients the right to have emails stopped from being sent to them. Our ID Resolution Partner adheres to these regulations to facilitate compliance and maintain trust.
The CAN-SPAM Act sets forth requirements for sending commercial emails, ensuring transparency and giving recipients the right to have emails stopped from being sent to them. Our ID Resolution Partner adheres to these regulations to facilitate compliance and maintain trust.
Commercial vs. Transactional Emails:
The Act distinguishes between commercial emails, which primarily promote products or services, and transactional emails, which relate to an ongoing transaction. Our ID Resolution Partner ensures that all messages are appropriately categorized and comply with the relevant requirements.
The Act distinguishes between commercial emails, which primarily promote products or services, and transactional emails, which relate to an ongoing transaction. Our ID Resolution Partner ensures that all messages are appropriately categorized and comply with the relevant requirements.
Prior Consent / Opt-In Not Required:
The U.S. operates under an opt-out model for email communications, not requiring prior consent. However, our ID Resolution Partner ensures that all recipients have the means to opt-out of communications clearly and effectively.
The U.S. operates under an opt-out model for email communications, not requiring prior consent. However, our ID Resolution Partner ensures that all recipients have the means to opt-out of communications clearly and effectively.
Section 7704 of the CAN-SPAM Act:
This section outlines the requirements for commercial messages, including the need for an opt-out mechanism. Our ID Resolution Partner is committed to upholding these standards to ensure compliance and protect consumer rights.
This section outlines the requirements for commercial messages, including the need for an opt-out mechanism. Our ID Resolution Partner is committed to upholding these standards to ensure compliance and protect consumer rights.
Opt-Out Provisions and Compliance with the CAN-SPAM Act:
Our ID Resolution Partner provides clear opt-out options and complies with all opt-out requests within the required timeframe, ensuring that no commercial emails are sent to those who have opted out.
Our ID Resolution Partner provides clear opt-out options and complies with all opt-out requests within the required timeframe, ensuring that no commercial emails are sent to those who have opted out.
Overview of CAN-SPAM Requirements:
Our ID Resolution Partner adheres to all CAN-SPAM requirements, including not using misleading headers or subject lines, identifying the message as an ad, and providing a clear opt-out mechanism.
Our ID Resolution Partner adheres to all CAN-SPAM requirements, including not using misleading headers or subject lines, identifying the message as an ad, and providing a clear opt-out mechanism.
California Privacy Laws: Understanding the California Privacy Rights Act (CPRA)
Disclaimer: This summary is intended solely for informational purposes and is not intended to constitute legal advice or to create an attorney-client relationship between any law firm and any reader. This summary does not cover all aspects of the CPRA. For specific legal advice, please consult with your attorney.
Introduction to the CPRA: The California Privacy Rights Act (CPRA), an amendment and renaming of the California Consumer Privacy Act (CCPA), was approved by California voters in November 2020. It enhances privacy protections for consumers, adding new requirements for businesses regarding the handling of personal information.
Key Changes and Requirements under the CPRA:
Opt-Out Rights for Targeted Advertising: The CPRA expands consumers' rights to opt-out of the sale of their personal information to include the right to opt-out of sharing their information for cross-contextual behavioral advertising. This applies unless the information involves minors under 16, for whom stricter opt-in rules apply.
Disclosure and Opt-Out Requirements: If personal information is used for targeted advertising, businesses must inform consumers and provide at least two methods for opting out, one of which must be an interactive web form. Our ID Resolution Partner complies with these requirements by ensuring transparent notification and opt-out mechanisms are in place.
CPRA Notices: Businesses must display a clear and conspicuous link titled “Do Not Sell or Share My Personal Information” on the homepage of their websites, facilitating consumer opt-out requests. Our ID Resolution Partner ensures all notices are compliant with CPRA standards, clearly informing users of their rights and the purposes for collecting, selling, or sharing personal information.
Vendor Agreements and Sharing of Information: The CPRA requires specific contractual terms between businesses and their vendors when personal information is involved, particularly in contexts that might be considered a sale or sharing under the new definitions provided by the CPRA.
Definition of Personal Information Sales and Sharing:
Sale of Personal Information: The CPRA defines a sale broadly to include any exchange of personal information for monetary or other valuable consideration.
Sharing for Advertising: The term "sharing" refers to disclosing personal information to third parties for cross-context behavioral advertising, regardless of monetary exchange.
Opt-Out of Profiling and Automated Decision Making: The CPRA provides mechanisms to opt-out of profiling and automated decision-making processes, with additional regulations potentially being established by the California Privacy Protection Agency.
Frequently Asked Questions (FAQs):
Applicability: The CPRA applies to any for-profit entity that collects and sells California consumers' personal information and either has annual revenues over $25 million, handles the personal data of more than 100,000 consumers or households, or earns more than half of its annual revenue from selling consumers' personal data.
Non-Profit and Health Information Exemptions: Non-profit organizations and health providers and insurers that are covered under HIPAA are exempt from the CPRA.
Rights Under the CPRA: Consumers have rights to access, correct, delete, and restrict the use of their personal information. They also have the right to opt-out of the sale or sharing of their personal data.
Privacy Policy Requirements: Businesses must update their privacy policies to reflect the rights and processes established under the CPRA, including detailed descriptions of consumer rights and the categories of personal information being collected, sold, or disclosed.
Legal Considerations: Businesses must ensure compliance with the CPRA to avoid potential legal penalties and to uphold consumer trust. Regular reviews and updates of privacy practices and policies in line with evolving regulations are recommended.
Conclusion and Additional Resources: For more information on complying with the CPRA, or if you have specific questions about how it may impact your business practices, consult legal professionals or visit the official California Privacy Protection Agency website.
Disclaimer: This summary is intended solely for informational purposes and is not intended to constitute legal advice or to create an attorney-client relationship between any law firm and any reader. This summary does not cover all aspects of the CPRA. For specific legal advice, please consult with your attorney.
Introduction to the CPRA: The California Privacy Rights Act (CPRA), an amendment and renaming of the California Consumer Privacy Act (CCPA), was approved by California voters in November 2020. It enhances privacy protections for consumers, adding new requirements for businesses regarding the handling of personal information.
Key Changes and Requirements under the CPRA:
Opt-Out Rights for Targeted Advertising: The CPRA expands consumers' rights to opt-out of the sale of their personal information to include the right to opt-out of sharing their information for cross-contextual behavioral advertising. This applies unless the information involves minors under 16, for whom stricter opt-in rules apply.
Disclosure and Opt-Out Requirements: If personal information is used for targeted advertising, businesses must inform consumers and provide at least two methods for opting out, one of which must be an interactive web form. Our ID Resolution Partner complies with these requirements by ensuring transparent notification and opt-out mechanisms are in place.
CPRA Notices: Businesses must display a clear and conspicuous link titled “Do Not Sell or Share My Personal Information” on the homepage of their websites, facilitating consumer opt-out requests. Our ID Resolution Partner ensures all notices are compliant with CPRA standards, clearly informing users of their rights and the purposes for collecting, selling, or sharing personal information.
Vendor Agreements and Sharing of Information: The CPRA requires specific contractual terms between businesses and their vendors when personal information is involved, particularly in contexts that might be considered a sale or sharing under the new definitions provided by the CPRA.
Definition of Personal Information Sales and Sharing:
Sale of Personal Information: The CPRA defines a sale broadly to include any exchange of personal information for monetary or other valuable consideration.
Sharing for Advertising: The term "sharing" refers to disclosing personal information to third parties for cross-context behavioral advertising, regardless of monetary exchange.
Opt-Out of Profiling and Automated Decision Making: The CPRA provides mechanisms to opt-out of profiling and automated decision-making processes, with additional regulations potentially being established by the California Privacy Protection Agency.
Frequently Asked Questions (FAQs):
Applicability: The CPRA applies to any for-profit entity that collects and sells California consumers' personal information and either has annual revenues over $25 million, handles the personal data of more than 100,000 consumers or households, or earns more than half of its annual revenue from selling consumers' personal data.
Non-Profit and Health Information Exemptions: Non-profit organizations and health providers and insurers that are covered under HIPAA are exempt from the CPRA.
Rights Under the CPRA: Consumers have rights to access, correct, delete, and restrict the use of their personal information. They also have the right to opt-out of the sale or sharing of their personal data.
Privacy Policy Requirements: Businesses must update their privacy policies to reflect the rights and processes established under the CPRA, including detailed descriptions of consumer rights and the categories of personal information being collected, sold, or disclosed.
Legal Considerations: Businesses must ensure compliance with the CPRA to avoid potential legal penalties and to uphold consumer trust. Regular reviews and updates of privacy practices and policies in line with evolving regulations are recommended.
Conclusion and Additional Resources: For more information on complying with the CPRA, or if you have specific questions about how it may impact your business practices, consult legal professionals or visit the official California Privacy Protection Agency website.
Colorado Privacy Laws: Understanding the Colorado Privacy Act (CPA)
Disclaimer: This summary of the Colorado Privacy Act (CPA) is for informational purposes only and is not legal advice or intended to create an attorney-client relationship. It does not cover all requirements of the CPA. For legal advice, please consult an attorney.
Introduction to the CPA: Signed into law by Governor Jared Polis on July 7, 2021, the Colorado Privacy Act is set to take effect on July 1, 2023. This law affects businesses that target and collect data from Colorado consumers, particularly those handling data on a large scale.
Key Takeaways from the CPA:
Scope and Applicability: The CPA targets businesses that either control or process the personal data of over 100,000 Colorado consumers annually, or earn revenue from the data of at least 25,000 consumers.
Data Exclusions: The CPA does not apply to employment records, data governed by specific federal or state laws such as the Gramm-Leach-Bliley Act (GLBA), or data publicly available in government records.
Consumer Rights Under the CPA:
Access: Consumers can confirm if a business is processing their data and can access their personal data.
Opt-Out: Consumers can opt out of the processing of their personal data for targeted advertising, the sale of personal data, or profiling.
Correction: Consumers have the right to correct inaccuracies in their personal data.
Deletion: Consumers can request the deletion of their personal data.
Data Portability: Consumers can obtain their data in a portable format, making it easier to transfer to another entity.
Appeal: If a request is denied, consumers have the right to appeal the decision.
Business Obligations:
Transparency: Businesses must provide clear and accessible privacy notices detailing the types of collected data, the processing purposes, consumer rights, the categories of shared data, and the third parties involved.
Data Minimization: Collection of data must be limited to what is necessary for specified purposes.
Purpose Limitation: Businesses must clearly state the purposes for data collection and obtain consent if using data beyond those purposes.
Duty of Care: Reasonable security measures must be implemented to protect personal data from unauthorized access.
Non-Discrimination: Businesses must not discriminate against consumers exercising their privacy rights.
Regulatory Oversight and Enforcement:
The CPA will be enforced by the Colorado Attorney General and district attorneys, with no provision for private legal action by consumers.
Businesses have a grace period to address violations, after which penalties may apply.
Amendments and Future Changes: The CPA may undergo amendments that could significantly alter its requirements before it becomes effective in 2023.
Understanding Exemptions and Thresholds:
Information Exclusions: Data that is de-identified or publicly available is not covered under the CPA.
Commercial and Employment Contexts: Information relating to commercial or employment contexts is not subject to consumer rights under the CPA until specified exclusions expire.
Implications for Businesses: Businesses must evaluate their data practices and ensure compliance with the CPA's comprehensive privacy requirements, preparing for potential changes in the law's scope and provisions. It is advisable for businesses to stay informed through legal counsel to navigate the evolving landscape of data privacy laws effectively.
Conclusion: The CPA represents a significant step in enhancing consumer privacy rights in Colorado, aligning with broader trends in data protection seen in other states like California and Virginia. Businesses must take proactive steps to comply with these regulations and protect consumer data effectively.
Disclaimer: This summary of the Colorado Privacy Act (CPA) is for informational purposes only and is not legal advice or intended to create an attorney-client relationship. It does not cover all requirements of the CPA. For legal advice, please consult an attorney.
Introduction to the CPA: Signed into law by Governor Jared Polis on July 7, 2021, the Colorado Privacy Act is set to take effect on July 1, 2023. This law affects businesses that target and collect data from Colorado consumers, particularly those handling data on a large scale.
Key Takeaways from the CPA:
Scope and Applicability: The CPA targets businesses that either control or process the personal data of over 100,000 Colorado consumers annually, or earn revenue from the data of at least 25,000 consumers.
Data Exclusions: The CPA does not apply to employment records, data governed by specific federal or state laws such as the Gramm-Leach-Bliley Act (GLBA), or data publicly available in government records.
Consumer Rights Under the CPA:
Access: Consumers can confirm if a business is processing their data and can access their personal data.
Opt-Out: Consumers can opt out of the processing of their personal data for targeted advertising, the sale of personal data, or profiling.
Correction: Consumers have the right to correct inaccuracies in their personal data.
Deletion: Consumers can request the deletion of their personal data.
Data Portability: Consumers can obtain their data in a portable format, making it easier to transfer to another entity.
Appeal: If a request is denied, consumers have the right to appeal the decision.
Business Obligations:
Transparency: Businesses must provide clear and accessible privacy notices detailing the types of collected data, the processing purposes, consumer rights, the categories of shared data, and the third parties involved.
Data Minimization: Collection of data must be limited to what is necessary for specified purposes.
Purpose Limitation: Businesses must clearly state the purposes for data collection and obtain consent if using data beyond those purposes.
Duty of Care: Reasonable security measures must be implemented to protect personal data from unauthorized access.
Non-Discrimination: Businesses must not discriminate against consumers exercising their privacy rights.
Regulatory Oversight and Enforcement:
The CPA will be enforced by the Colorado Attorney General and district attorneys, with no provision for private legal action by consumers.
Businesses have a grace period to address violations, after which penalties may apply.
Amendments and Future Changes: The CPA may undergo amendments that could significantly alter its requirements before it becomes effective in 2023.
Understanding Exemptions and Thresholds:
Information Exclusions: Data that is de-identified or publicly available is not covered under the CPA.
Commercial and Employment Contexts: Information relating to commercial or employment contexts is not subject to consumer rights under the CPA until specified exclusions expire.
Implications for Businesses: Businesses must evaluate their data practices and ensure compliance with the CPA's comprehensive privacy requirements, preparing for potential changes in the law's scope and provisions. It is advisable for businesses to stay informed through legal counsel to navigate the evolving landscape of data privacy laws effectively.
Conclusion: The CPA represents a significant step in enhancing consumer privacy rights in Colorado, aligning with broader trends in data protection seen in other states like California and Virginia. Businesses must take proactive steps to comply with these regulations and protect consumer data effectively.
