The National Consumer Commission put out a request for comment
a few weeks back for proposals for someone to operate the opt-out registry it has to provide as part of its duties under the new Consumer Protection Act (CPA).
Storm of angry ink
A number of interested parties responded, and a storm of angry ink
was spilled - one organisation that is going for it is the Direct Marketing Association of South Africa (DMASA). Yes, the very people that exist to further the aims of companies that fill your inbox with rubbish want to be in charge of keeping your inbox clear.
The bun fight has got very heated, but the voice of the consumer is not being heard in the points scoring (and vote rigging
So how about we look at what you and me, Mr and Ms Consumer that has to delete the bloody stuff, want from this opt-out registry?
It's a registry, not a database
A registry is a simple list. A database is that, but generally more. The opt-out registry must not become a source of information for marketers, or a way to link records. To make the registry any more complicated than a simple list of email addresses is to invite problems.
The only entry that is required in the registry is an email address that someone wants permanently off marketers' databases. Period.
No ID numbers, no personal information
As a rider on this: many companies that spam require you to reconfirm your email address, and even to provide your ID number to opt out. This is unacceptable - an email address is a unique record (an email address that was not unique would not be terribly much use, would it?); no other information is needed to opt you out.
No information leaves the registry
There is no question that this kind of registry is gold to direct marketers - and to spammers and assorted criminals. The DMA has already had the embarrassing incident of its (unencrypted!) opt-out database being leaked and then plundered by spammers.
The entries in the opt-out registry must not leave the servers of the registrar, and they don't need to.
A marketing organisation would periodically review their database against the registry by submitting their email records (only) via a secure connection. These are checked against the registrars', and the system returns an "ok" or "remove". This is technically trivial to implement.
It must be ridiculously easy to use
No sign-up, no sign-in, no account. There must be no drama attached to opting out. Go to the website, enter your email address in the "opt out" box, the system mails you on that address to confirm you have opted out, finished.
If you want to opt back in to direct email marketing (sure, that'll happen), you just do the reverse.
Add extra services as a value-add
Once the basics are in place, you could add value-added services such as identity management - a single unified contact information source with selectable permissions, managed by consumers themselves.
Keep it simple. Keep it easy. Don't allow conflicts of interest.