March 23, 2006
By Eric Goldman
Gratis Internet runs several websites that promise free stuff (like free iPods) in exchange for consumers signing up for subscription trials. The trials are initially free but then convert to paid subscriptions. The idea is that many consumers will either like the subscriptions or be duped into keeping the subscriptions against their will. For an example of how even very intelligent people can be trapped by these free trials, see my colleague Christine's story (and the update).
Along the way, Gratis made a variety of privacy promises to consumers. Of specific relevance here, Gratis promised that it would never resell the consumers' email addresses. However, as it turns out, Gratis allegedly may have done precisely that.
More interesting to me is Spitzer's action against Datran Media, one of the buyers of email addresses from Gratis. Last week, Spitzer's office announced a settlement with Datran that included a $1.1 million check.
But I think there's a more fundamental lesson to learn. This case reinforces that it's very hard to legitimately buy/sell email addresses. At minimum, I think buyers need to do thorough diligence of the email addresses' origins, and it's hard to find legitimate email addresses that were completely acquired without restriction on transfer or resale. Then, under CAN-SPAM, the email addresses have to be filtered out for any opt-outs that the buyer has received in the past. And then, it's hard to get bulk emails through the email service providers/IAPs, especially if the sender can't claim some type of relationship with or authorization from the recipients.
All told, I just don't understand how legitimate companies think that email addresses can be flipped like commodities. The practice may never have been legitimate, but I see it as a completely dead practice today.
UPDATE: Dan Solove weighs in on the case. I generally agree with Dan's analysis, except that I think we need to know more about Datran's scienter. This result is defensible only if the scienter level was high enough.
UPDATE 2: Chris Hoofnagle calls the case "one of the biggest cases for consumer privacy ever."
Would be interested on your take on the ethics of Jigsaw http://www.jigsaw.com/ where users of the site are encouraged via rewards systems to upload business card data which can then be accessed by members - for sales and no doubt email solicitations. The company's business models have come in for some severe criticism
Posted by: ccoc at March 24, 2006 05:05 PM
I find this point particularly interesting because in the lawsuit filed against Gratis Spitzer states that Gratis falsely represented to each (Datran, JDR, and Jumpstart) that it has received its users' permission to share the data. PP 31 of verified petition. So did Datran settle because they were concerned that they would be held responsible for the privacy guarantee in GRatis' privacy policies even though in the agreement they had with Gratis, Gratis "warranted that the data being shared consisted of records of persons who have supplied Affirmative Consent (as defined in the Can-Spam Act of 2003) to receive third party commercial em-mail advertising messages?" In the investigations that preceded the Datran settlement the Attorney general found that "Notwithstanding this deceptive statement in their agreement, Datran apparently knew about, or discovered, the restrictions on the data, prior to accepting it. For this and related practices, Datran entered into a voluntary Assurance of Discontinuance with the Attorney General..."
ccoc, great Q. I'll need to think about the business model more. Mostly, I wonder if submitters provide accurate information, or if they submit bogus information just for the cash.
Kim, great observation. If Datran lacked scienter, then they got completely screwed. This would not be the first time that Spitzer's office has pushed the limits of the law. On the other hand, if they figured out that the email addresses were tainted (despite the prior representations) but proceeded anyway, then Datran made, at minimum, a bad choice. But then again, I think they made a bad choice thinking they could buy email addresses off the street.
Posted by: Eric at March 27, 2006 06:30 PM