On Friday, 5 December I attended an IAB EndCode event on online content regulation at Quirk's offices in Salt River. It was important to wear your marketer, business owner and consumer hat during the talk as the presenters touched on many facets of online content regulation.
Pria Chetty and Denise Fouche of EndCode began by stating the world we need to regulate is changing drastically as digital and e-commerce go on the rise. Added to this, access to the global marketplace is now completely blurred, which presents legal challenges.
.@endcode_org online content regulation discussion about to start pic.twitter.com/EhufdCw8JL
- IAB SA (@iab_sa) December 5, 2014Simply put, the law has an intersection with opportunity, and we need to focus on privacy laws and the type of data we can collect as marketers, and when.
It doesn't matter if the data is sitting on the cloud/on a server - if you requested it then you are responsible for it. #POPI @endcode_org
- IAB SA (@iab_sa) December 5, 2014Chetty says back in the 1990s, all the legal fraternity knew was that electronic communications would be taking place in the future, on devices we didn't understand, based on certain service providers and intermediaries. They then had to make sense of how this would materialise from a legal framework. Some of the challenges included the concept of signature, document retention and writing in a digital world, as well as the issue of consumer protection, internet transaction taxation, criminalisation of new cybercrimes that couldn't be conceptualised, government's powers and capacity to investigate these 'future happenings'.
The key concept overriding all online content regulation though was that there had to be functional equivalence, meaning the ability to give the same legal weight of something in paper world to online world. Enter the Electronic Communications and Transactions Act of 2002. This is the core piece of regulation in the online world. It created the concept of 'data messages' which is a point of confusion for most who see it. Chetty explains it is really about any form of electronic communication and transaction, and the fact that this 'blanket law' was written in a tech-neutral way makes it a 'law of the future' as it covers communication that could take place fifty years from now that we haven't even thought of yet.
Importantly, it means that anything you do electronically, including email, counts as writing, there's no requirement to acknowledge receipt, and it has spelled out what was needed for the formation and even automation of contracts, essential to transactions like internet banking. The attribution of data messages also means if something is sent from a specific computer, the onus is on you to prove you didn't actually send the communication. Now, not all transactions require signatures, sometimes an expression of intent is enough, like clicking on 'I accept'.
Clicking on Accept Ts & Cs online = 'expression of intent' ergo no electronic signature required! @endcode_org
- Josephine Buys (@JosephineIAB_SA) December 5, 2014There's a fine balance between the aspects that provide assurance to vendors and merchants to try out the online space, and the trust that consumers require - it's often regarding unsolicited communications and feeling secure that should they ask you to stop sending marketing communications on to them, you do so immediately. Also keep in mind that not having your record of their details is the actual offence if it is asked for, not the act of not supplying the information.
Sometimes there are also distinct requirements for a document that was born electronically based on record retention. Moving on, Chetty noted that internet service providers or ISPs are a special category as they are privy to a lot of telling information and have concerns over the risk involved with seeing everything that's going on. Added to this, we have internet intermediaries, such as many involved in the publishing industry, which gets even more complicated if consumers store things in the cloud. We need a new limitation of liability for anyone involved in a neutral way.
In closing, Chetty spoke of the efficacy of this legislation. The fact is that content wars and defined trends that were once seen as crimes are now part of our daily interaction, and information wants to be free.
Fouche spoke next, of consumer protection in the digital age and on who actually has access to your information, drawing on the fact that online competitions in particular have huge implications that companies don't think of. You need to give consumers all the transparency they need when transacting online.
Fouche said the Consumer Protection Act or CPA brings in eight fundamental consumer rights, namely to equality in the consumer market, to privacy, to the right to choose, to disclosure and information, to fair and responsible marketing, to fair and honest dealing, to fair, just and reasonable terms and conditions and to value and quality. Taken together, these protect the interests of consumers, but put far greater obligation on suppliers, particularly in the realm of direct marketing.
Marketers should already know they need to use understandable plain language, and readily disclose prices, and ensure product labelling lists all ingredients and is written with the consumer in mind. The requirement for no false or misleading representations includes any exaggeration or innuendo, and if the consumer does happen to take it that way, you need to deal with it immediately. This also includes a limit on bait marketing and negative option marketing promotional offers.
The easiest way to keep in mind the consumers' rights is to put yourself into their shoes. Tailor campaigns to that endpoint and make the refunds and returns policy clear. Fouche says this means training your own staff on that so that consumers have a good shopping experience. If you outsource any of your communication to digital marketers, make sure they are well governed. This means if you need to extend a competition deadline, simply make it clear upfront and ensure it is publically documented.
It's good practice for websites to mention exactly what is being sold on the site, at what cost, listing the specific products and services as well as contact details. Take things a step further by including your privacy policy and stance on unsolicited email. Fouche says standard business terms and conditions should be reviewed in terms of the CPA to prevent consumers from coming back to you with problems down the line, so it's a good time to review your marketing practices and compliance. There's no real pressure on businesses at the moment, but consent orders do exist and regulators tend to go after the big names to set an example. Unfortunately, from a consumer perspective, they tend to send your queries on to WASPA rather than dealing with it directly. Fouche says the DMA also needs to find its feet in terms of the opt-out database, but she recommends not letting it get to that point to minimise any brand damage down the line.
Chetty then spoke of the Protection of Personal Information Act or PoPI's priority issues. This is essential to understand as certain provisions are now effective on the definitions. When the rules come in, you need to be clear on what you can keep; what you can anonymise; which business systems can be affected, such as processing of personal information; as well as information storage and destroying information as business processes.
There are also processing limitations, so if you collected data for a specific purpose, you need to process it for that purpose alone, unless specified in the terms that you can use it for any purpose. This is sticky ground when it comes to the CPA though, as it may not be seen as fair use.
Consumers have the right to decide what happens to their personal data, and there are complications if you make inferences on outdated data. Maintaining the quality of information means it's up to you to ensure it is updated and reliable, has become pervasive but you are responsible for the security measures. This means you need to notify each and every person if there may have been a data breach, as well as the regulator, such as when a memory stick is left on a train, as it's an offence not to do so. It's also your responsibility to ensure there's no unauthorised access to the data, and that only authorised persons can look at the data and make changes to it.
In terms of record management, you need to ensure your information is updated - once it expires, you need informed consent to keep it. This must be a transparent process, but don't see it as a heavy weight on your shoulders - it's an opportunity to keep clients engaged with your brand as it shows you have nothing to hide.
When it comes to digital content ownership, as a database owner you face lots of legal fictions based on privacy and copyright, which let you do different things with the data.
Added to this, the fact that social media networks have the right to modify their terms at any time and continued use means compliance places a heavy burden on the consumer to know this and keep track.
When it comes to digital media in Africa, Chetty speaks of the demise of print, with new platforms offering new opportunities. But keep in mind that while Africa has unique challenges such as poor internet penetration, lots of the countries do already have full digital communication laws or draft legislation in place. In terms of neutrality as an issue, she spoke of the rising voice for zero-rating certain services such as Wikipedia or Facebook and offering these services for free through certain ISPs... but this then has an impact on net-neutrality. Everyone should have equal access, so avoid going this route, says Fouche. Obama had to make a public statement about it, saying the internet should be treated as a utility like electricity, but it can't actually be regulated that way.
In closing, Chetty and Fouche pointed out that very little has been said about the regulation of mobile platforms, and what it means to publish personal commentary on Facebook or blogs. At present we're using a very broad brush on a very distinct and diverse industry, so rather err on the side of caution.
