By Eric Goldman
Gratis Internet runs several websites that promise free stuff (like free iPods) in exchange for consumers signing up for subscription trials. The trials are initially free but then convert to paid subscriptions. The idea is that many consumers will either like the subscriptions or be duped into keeping the subscriptions against their will. For an example of how even very intelligent people can be trapped by these free trials, see my colleague Christine’s story (and the update).
Along the way, Gratis made a variety of privacy promises to consumers. Of specific relevance here, Gratis promised that it would never resell the consumers’ email addresses. However, as it turns out, Gratis allegedly may have done precisely that.
More interesting to me is Spitzer’s action against Datran Media, one of the buyers of email addresses from Gratis. Last week, Spitzer’s office announced a settlement with Datran that included a $1.1 million check.
But I think there’s a more fundamental lesson to learn. This case reinforces that it’s very hard to legitimately buy/sell email addresses. At minimum, I think buyers need to do thorough diligence of the email addresses’ origins, and it’s hard to find legitimate email addresses that were completely acquired without restriction on transfer or resale. Then, under CAN-SPAM, the email addresses have to be filtered out for any opt-outs that the buyer has received in the past. And then, it’s hard to get bulk emails through the email service providers/IAPs, especially if the sender can’t claim some type of relationship with or authorization from the recipients.
All told, I just don’t understand how legitimate companies think that email addresses can be flipped like commodities. The practice may never have been legitimate, but I see it as a completely dead practice today.
UPDATE: Dan Solove weighs in on the case. I generally agree with Dan’s analysis, except that I think we need to know more about Datran’s scienter. This result is defensible only if the scienter level was high enough.
UPDATE 2: Chris Hoofnagle calls the case “one of the biggest cases for consumer privacy ever.”