Globalization affects retailers in a number of ways. Complying with commercial laws wherever they have brick-and-mortar stores is one such impact. Navigating through privacy rules that impact e-commerce efforts is another. There is one blind spot in particular that deserves attention — sending shopping cart abandonment emails. I am often asked, “How are abandonment emails treated under the CAN-SPAM Act? Canada’s stringent Anti-Spam Law (CASL)?” “Can I even send abandonment emails to my Canadian customers?”
But let’s back up… What is an ‘abandonment’ email anyway? In the email space shopping cart abandonment refers to a particular type of automated mailing used to re-engage an online customer. The most common example is one where a retailer notices that a customer has left an item sitting in their shopping cart, and proceeds to send a reminder with a coupon to complete the order.
To fully understand privacy compliance pitfalls with this technique, in the U.S. and beyond, we need to unpack what happens before the abandonment email is sent.
Email marketing perspective:
Abandonment messages are almost always ‘commercial’, particularly if they incentivize a shopper to complete their purchase. In compliance parlance, we call this encouraging the continuation of a commercial activity. In contrast, an order confirmation typically provides factual information about a commercial activity. Under most anti-spam laws, particularly under CASL, marketers need to ensure abandonment messages are not unsolicited. Triggering should account for:
- Appropriate consent covering email marketing to new or ongoing online relationships.
- Scrubbing the customer’s email address against your unsubscribe/suppression lists before sending a solicitous message. (This is true under any anti-spam law.)
For more information about CASL-compliant consent record keeping and related best practices, please see the recent Enforcement Advisory Notice from the Canadian Radio-television Telecommunications Commission.
Online tracking perspective:
Abandonment emails rely on online retailers tracking their customers’ activity on their websites and tying online behavior back to the email addresses using the same behavioral targeting technologies as those used to deliver Interest Based Ads. This jump across engagement channels to remarket to customers can raise privacy concerns, so online retailers need to pay attention to their privacy compliance obligations.
Guidance covering privacy policies and practices issued by the Federal Trade Commission are informative and I encourage you to review these with your law department. If you operate outside the U.S., privacy protection laws like Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) may set out additional obligations with your cross-channel marketing efforts.
- PIPEDA’s definition of commercial activity, which includes remarketing
- Privacy Commissioner’s findings under PIPEDA in relation to remarketing
- Privacy Commissioner’s guidance on online behavioral advertising, the technology of which informs triggered emails
Under PIPEDA and similar international privacy regimes, cross-channel marketers will need to (i) clearly and conspicuous inform website visitors that their online activities may result in personalized marketing, (ii) offer a way to opt-out of such tracking, and (iii) obtain individuals’ prior express consent with tracking involving sensitive personal information such as health data.
Putting it all together:
As privacy protection regimes around the world continue to mature and absorb rules covering marketing, online retailers need to start adding new vocabulary to their privacy compliance lexicon.
For example, shopping cart abandonment efforts produce ‘cross-channel re-marketing campaigns triggered by an identifiable individual’s online behavior.’ While this is a mouthful to say, viewing your holiday engagement efforts through this lens will help you manage compliance risks.
Please note: Cheetah Digital does not give legal advice on electronic marketing regulations or privacy laws. To mitigate risk to your business, please consult with your legal counsel on the law and your corporate policy.