Womble Perspectives
Welcome to Womble Perspectives, where we explore a wide range of topics from the latest legal updates to industry trends to the business of law. Our team of lawyers, professionals and occasional outside guests will take you through the most pressing issues facing businesses today and provide practical and actionable advice to help you navigate the ever-changing legal landscape. With a focus on innovation, collaboration and client service, we are committed to delivering exceptional value to our clients and to the communities we serve.
Womble Perspectives
Inbox Overload: Massachusetts Lawsuits Target Online Retailers’ Email Collection
The Massachusetts Consumer Privacy in Commercial Transactions Act, or simply the Act, places restrictions on how companies can request and collect personal identification information, or PII, that isn't necessary for a transaction. Although the Act predates online retail and doesn't specifically mention e-commerce, it's now being applied to online practices as privacy litigation trends evolve. This law allows individuals to take legal action and sets statutory damages at $25 for each violation. If a violation is found to be willful, the damages can triple.
Read the article.
About the authors:
Taylor Ey, CIPP/US, CIPP/E
William Carter, CIPP/US
Welcome to Womble Perspectives, where we explore a wide range of topics, from the latest legal updates to industry trends to the business of law. Our team of lawyers, professionals and occasional outside guests will take you through the most pressing issues facing businesses today and provide practical and actionable advice to help you navigate the ever changing legal landscape.
With a focus on innovation, collaboration and client service. We are committed to delivering exceptional value to our clients and to the communities we serve. And now our latest episode.
The Massachusetts Consumer Privacy in Commercial Transactions Act, or simply the Act, places restrictions on how companies can request and collect personal identification information, or PII, that isn't necessary for a transaction. Although the Act predates online retail and doesn't specifically mention e-commerce, it's now being applied to online practices as privacy litigation trends evolve. This law allows individuals to take legal action and sets statutory damages at $25 for each violation. If a violation is found to be willful, the damages can triple.
So, what can we learn from recent filings? Plaintiffs are closely monitoring online data collection, especially during the checkout process. In these Massachusetts cases, plaintiffs are scrutinizing how retailers communicate with consumers about marketing emails when they check out. They’re looking at three different scenarios: first, an unchecked box prompting users to opt-in for marketing messages; second, a message indicating that completing a purchase means agreeing to receive marketing messages with an option to unsubscribe; and third, no message regarding marketing at all. Regardless of how these messages are framed, plaintiffs claim the retailers sent unlawful marketing emails. It's important to note that online checkout isn't the sole source of consumer email collection—companies may gather emails in various ways. It’s wise for businesses to assess how they collect emails, not just at checkout but through other channels as well. Different teams within a company might be collecting the same data points, so collaboration between website, marketing teams, and agencies is crucial to identify potential risks.
Now, is the U.S. an opt-in jurisdiction for email marketing? Generally, no, but context is key. The federal CAN-SPAM Act operates as an opt-out law. Still, companies should consider laws governing personal information collection, especially during checkout, alongside state consumer privacy laws and the FTC Act. These laws prohibit deceptive trade practices and outline how companies must handle consumer data. For instance, an email sign-up experience often provides consumers with the chance to opt-in through checkboxes. Consumers may have specific expectations regarding the types of messages they’ll receive based on their selections. If a company sends messages contrary to those expectations, it could lead to complaints and potential legal issues.
So, what are the key takeaways? Gathering facts and establishing process controls, like standardized messaging for email sign-ups, can help ensure consistency across your organization. Variations in language and user experiences might complicate email marketing strategies, but business needs often dictate these differences. Maintaining cross-functional communication helps all departments align on business goals and assess whether user experiences meet those objectives while keeping risk tolerance in mind.
While today's episode focuses on email collection under Massachusetts law, it's also important for online retailers to stay informed about legal challenges in other states, like California, particularly regarding the collection of IP addresses during checkout under the Song-Beverly Credit Card Act.
Thank you for listening to Womble Perspectives. If you want to learn more about the topics discussed in this episode, please visit The Show Notes, where you can find links to related resources mentioned today. The Show Notes also have more information about our attorneys who provided today's insights, including ways to reach out to them.
Don't forget to subscribe via your podcast player of choice so that you never miss an episode. Thank you again for listening.