Today nearly every business has a mobile marketing strategy. Whether using mobile applications, mobile-optimized websites, or straightforward text messaging, the number of businesses communicating to mobile devices has soared since the introduction of the iPhone and tablets. This trend will surely continue; a recent market survey for the Internet Advertising Bureau reports that marketers plan to increase their mobile spend dramatically over the next two years, with much of that shifted from other media.
Two elements of a mobile campaign are of particular interest here: to whom will the marketing be targeted, and how will it be delivered? Both the targeting and delivery of mobile marketing have important privacy law implications.
Who Is The Business Trying To Reach?
Is the business trying to communicate with current customers? Former customers? Prospects? Is it trying to upsell a current customer, or trying to reach new customers, or merely trying to tell someone that their package is on the way? In mobile advertising and communications, the nature of the relationship between the advertiser and the recipient can make a significant legal difference.
Accordingly, the starting point is whether the intended recipients are current customers, on a marketing list derived from external sources, or are users of a mobile app or browser. The answer will help identify factors that affect the effort. For example, if the list is obtained from a third-party and is intended for marketing, what do you know about the efforts made by that party to obtain the appropriate consents to receiving advertising messages from others?
Does a business seek to direct a mobile marketing campaign to a particular demographic, or users of a particular mobile application? Will the business deliver the material itself, or will it rely on third-party ad networks or other external sources? Will the advertising campaign use geolocation to tailor the message to recipients in a particular location?
Each of these questions implicates a legal question regarding the delivery mechanism. Addressing these issues often is straightforward, but a business can get in a lot of trouble if it doesn’t take the time to make sure that it acts appropriately.
Delivering the Message:
Businesses can reach today’s mobile devices in a variety of means: telephone call, text message, email message, mobile app, or through the mobile browser. Unfortunately, at least five federal laws, additional implementing regulations, and a variety of self-regulatory regimes may apply to mobile campaigns, not to mention state laws. Almost all of the relevant laws predate mobile technology, and at best fit today’s devices only awkwardly. Which law applies depends upon the technology used.
Complicating matters still more is that the laws operate differently, and the status of a current customer, a past customer, or a prospect can have different consequences with each mode of communication. The laws also differ on such basic issues as to whether opt-in, opt-out, or no permission is required to contact recipients. Even the format of the address can make a material difference.
For example, texting is the most quintessential way to reach a mobile device. Unfortunately, the principal law applicable to texting (the Telephone Consumer Protection Act) was enacted in 1991, well before texting became commonplace, and was aimed at reducing telemarketing abuses. Although the TCPA predates texting, the Federal Communications Commission (which enforces the TCPA) and courts deem “texts” to be “calls” within the meaning of the law. This triggers a complex array of requirements regarding the type of equipment used, what consent a user may have given to receiving marketing messages by text, and related questions.
Under the TCPA, a business generally needs prior express written consent to use automated dialing equipment or send a prerecorded text (or voice) message to a mobile phone. However, such fundamental matters as the definition of an automated dialing system, the meaning of “prior express written consent,” and what consent applies after a wireless phone number is reassigned are in dispute both at the FCC and in the courts. Although the FCC has granted relief in certain situations, more than 25 requests for reconsideration or clarification currently are pending at the agency. Meanwhile, courts have wrestled with the same issues. For businesses this is a risky area; hundreds of private class action lawsuits have been filed under the TCPA (which authorizes statutory and trebled damages) over texts sent allegedly without proper consent.
In addition, the Federal Trade Commission’s Telemarketing Sales Rule also regulates telemarketing and texting by prohibiting various deceptive or abusive practices. The FTC’s TSR overlaps somewhat with the FCC TCPA regulations, but the FTC also regulates other aspects of marketing, including deceptive or unfair trade practices generally, which the FTC interprets to encompass data security as well as to advertising. And, of course, the Do Not Call registry applies to mobile phone numbers.
Mobile applications provide a second unique way to market to a mobile device. The app industry has developed best practices for marketing to app users, and the FTC has also recommended certain privacy disclosures. It is especially important to be careful with a mobile app that is directed to kids. The Children’s Online Privacy Protection Act applies to mobile apps, and the FTC enforces it aggressively. In particular, COPPA restricts a mobile app from collecting any personal information from a child under the age of 13 unless it has first obtained verifiable consent to do so from a parent. The FTC has defined “personal information” to include both geolocation and a persistent device identifier, both commonly accessed by mobile apps from a device.
Alternatively, a business may choose to communicate with customers via email. The law is generally kinder to email than to texting, because the governing federal law – the CAN-SPAM Act – establishes an “opt-out” standard instead of a “prior express written consent” opt-in standard. There is no national Do Not Email registry, and the CAN-SPAM Act treats advertising emails differently from “transactional” emails, which generally are those that fulfill or provide information to a transaction between the sender and recipient.
Nonetheless, there are important limitations to email marketing. For example, the general rule is reversed as to email addresses with wireless domains, such as mycingular.com. For those, opt-in, not opt-out, consent is required.
Nor should a business overlook the fast-growing category of websites optimized for a mobile device. Advertising on these sites resembles advertising directed to a desktop computer, except for the added element of mobile location. The mobile website might have first-party or third-party advertising, which may trigger disclosure obligations related to advertising networks and interest-based advertising. Disclosures also may be required if the mobile website uses the device’s location to select content and advertising.
These legal minefields are navigable with proper counsel. But if all this seems too onerous, a business can always conduct a marketing campaign by direct mail. Using the Postal Service can be a more costly approach when paper and postage are considered, but the technology-based constraints applicable to mobile devices do not apply to direct mail.
Finally, whether electronic or mail technology is used, the Federal Trade Commission will exercise its jurisdiction to protect consumers from misleading, deceptive, or unfair trade practices. So businesses should be sure their advertising claims are substantiated, privacy policies are followed, and communications are accurate and non-deceptive.
Note: This Bulletin is not intended as legal advice. Readers should seek professional legal counseling before acting on the information it contains.