E-Reputation Law - a case study on e-reputation

For further information, please visit the e-reputation law website

E-Reputation Law

Tell-a-friend and viral marketing

Two methods often used for building a company’s e-reputation and that often go hand in hand are ‘tell a friend’ systems and viral marketing.

A ‘tell a friend’ system enables a web user to share a link, an article, a video, etc. with other web users. Today, ‘tell a friend’ systems are everywhere, from the Facebook ‘Like’ to Twitter’s ‘re Tweet’, via all the ‘Share’ links on websites, in software and even in operating systems for computers (first in Apple’s Mac OS X ‘Mountain Lion’, but also in Microsoft’s Windows 8).

This omnipresence comes to the aid of viral marketing, the online version of word-of-mouth marketing, as it allows an ever quicker and broader dissemination of a commercial message.

It is therefore worthwhile examining the lawfulness of ‘tell a friend’ systems and the requirements to be met for a viral marketing scheme to comply with the applicable rules.

(a) Tell-a-friend

A ‘tell a friend’ system may be of a private (e.g. sending an e-mail or a ‘Share’ on Facebook to specific ‘friends’ of the web user) or public nature (e.g. public Tweets).

(i) Private tell-a-friend

When of a ‘private’ nature, a ‘tell a friend’ will generally imply the collection of personal data, whether in relation to the web user or to the recipient. This collection of data will, however, already be a form of processing of personal data under the Privacy Act. Compliance with the rules of the Privacy Act will therefore be required.

In this respect, it is worth reminding that if the data are not obtained from the data subject (e.g. if the data of the recipient are obtained from the web user), the data subject must be informed thereof at the time of recording of the data or at the latest at the time of their first disclosure to any third party.

Obviously, to be able to inform the data subject of the processing of his or her personal data, the company must be able to send a message to the data subject, in all likelihood by electronic mail.

This obligation to send a message to the recipient is further strengthened by the fact that, in the opinion of the Belgian Privacy Commission, there are issues in relation to the very legitimacy of the processing of such personal data without the consent of the recipient  [Note: See Belgian Privacy Commission, Recommendation No. 04/2009, 14 October 2009, p. 9 (in French, in Dutch).].

As a result, and in the light of the limited case law on the matter  [Note: Court of Appeal of Liège, 19 November 2009, 2008/RG/1165, unpublished (view online).], we only see one way to legitimately use, for direct marketing purposes, personal data in relation to a person that were obtained from a third party in the framework of a ‘tell a friend’ system: one must send a first electronic mail to the recipient, informing him/her of the recording of his/her personal data and asking for his/her consent to the processing of such personal data for the purposes of direct marketing. Furthermore, this electronic mail must be devoid of any advertising message so as not to violate the AISS.

The Court of Appeal of Liège held that the ‘tell a friend’ system used at the time by a dating website, www.nice-people.be, violated both the Privacy Act and the AISS. The system in question allowed members to invite contacts to join the website; in return for the use of this system, the member received ‘popularity points’ on the website. In the case at hand, the e-mail sent to the members’ contacts read as follows: ‘Hello, this e mail is sent to you at the request of [username and e-mail address of the member], who has recently become a Nice People member. He invites you to discover www.nice people.be. Nice People is the rapidly expanding digital community that is just waiting to seduce you. And on top of that, it is 200% free! More than 275,000 boys and girls worldwide meet there and [username of the member] are (sic) waiting for you there to have a chat! See you soon!’  [Note: Rough translation.
French text: "Bonjour, ce mail t’est envoyé à la demande de [nom d’utilisateur et adresse e-mail du membre], devenu Nice People récemment. Il t’invite à découvrir www.nice people.be. Nice People est la communauté virtuelle en pleine explosion qui ne demande qu’à te séduire. Et en plus, elle est 200% gratuite ! Plus de 275.000 filles et garçons du monde entier s’y retrouvent et [nom d’utilisateur du membre] t’y attendent (sic) pour discuter ! A tout de suite !"]
. The absence of consent of the recipient (whose data were processed without his or her consent and without him or her being informed thereof) and the clear advertising nature of the message led the Court of Appeal of Liège to find that the system violated the applicable rules.

In the light of the above, companies would be well advised not to ask web users for personal data relating to other persons.

A less problematic way to put in place a ‘tell a friend’ system is to bring the web user, not the company, to process the personal data of his or her contacts. The ‘mailto:’ HTML link makes it possible to create a link on a website to the creation of an e-mail, without it being necessary to specify the recipient’s address in advance  [Note: The following HTML code allows the creation of an e-mail with a specific subject and message, without specifying the address initially:]
<a href="mailto:?subject=insert your subject&body=insert the body of the message on one line%0D%0Aor on several lines">insert text to display for the link</a>
. As from the moment where the web user, not the company, has full and exclusive control over dispatch of the electronic mail, the ‘tell a friend’ system of a private nature that meets these requirements would, in our view, not violate the Privacy Act or the AISS. Indeed, in such a case, the personal data of the web user’s contacts are not disclosed to the company.

(ii) Public tell-a-friend

The public ‘tell a friend’, where one recommends the relevant item (the brand, the video, the website, etc.) to an indefinite number of people, raises fewer concerns, in particular because it does not fall within the scope of the prohibition of unsolicited advertising by electronic mail (as indicated previously).

To avoid the application of the Privacy Act, one must ensure that there is no processing of personal data. For instance, the company may place on its website a link that invites the web user to make a public Tweet  [Note: Private Tweets are akin to private messages and must therefore be deemed to fall within the scope of the private ‘tell a friend’.] containing a specific message  [Note: For instance through using the following HTML code:]
<a href="http://twitter.com/home?status=insert Tweet text">insert text to display for the link</a>
. The posting of the Tweet will be handled on Twitter’s website, and no personal data of the web user will therefore be used by the company’s website in this framework.

In the case of a public ‘tell a friend’, we consider that the offer of a prize or reward does not impact the lawfulness of the system in relation to the Privacy Act or to the AISS, precisely because of the fact that the anti-spam rules of the AISS do not apply to public communications. As we shall see in further detail, however, other rules apply to prizes and rewards (see the following section)  [Note: Furthermore, if a company wishes to put such a system in place, it must take care to comply with the other statutory obligations and prohibitions, such as those of the AMPC.].

(b) Viral marketing

If a viral marketing project meets the legal requirements in relation to the contemplated ‘tell a friend’, or even if it does not involve any ‘tell a friend’ system that is managed by the company, it is important to examine the specific issues that may still arise.

In this respect, the problem that is encountered most often is that of compliance with the rules contained in Article 13 of the AISS.

We previously stressed the importance of the principles of identifiability and transparency of advertising.

In the case of viral marketing, the promotional nature of the message or the identity of the company behind the message often becomes clear only at the end of the campaign or operation. Indeed, a certain lack of transparency (for instance hiding the name of the company) often helps arouse a web user’s curiosity. However, such practices are incompatible with the aforementioned principles.

Hiding other elements than the company’s identity and the promotional nature of the message remains entirely possible (provided it is not misleading, as indicated previously). For instance, for the launch of the film Cloverfield (2008), the first video to appear online did not mention the title of the film, only its release date. Later, the website 1-18-08.com was created, and it did not initially feature the title of the film. The absence of title and of any information regarding the kind of monster featured generated much talk online and contributed to the viral nature of the marketing operation.

Finally, if a viral marketing operation involves a promotional offer, a promotional game or a prize competition, it must meet a number of requirements discussed in the following section.