paolo wrote:I don't know US law on this but surely you can't add individuals' personal details to a database without their accord, just because a third party has supplied them to you.[...]You need the opt-in before you send the email, not after.
Actually I believe they can do that (see what we have to live with...
) I'm not defending Marta, nor am I a Rentalo client, or have any intention to become one, but there's only an opt-out requirement under FTC Law, no opt-in. So in that sense, what Rentalo is doing is not unusual in the US, but that doesn't make it ethical anywhere, or legal in other parts of the world.
Out of curiosity, I clicked on the link Marta kindly provided above to Rentalo's spam compliance policy, which in turn links to the US FTC Can spam Act, so you can check details for yourself. Several things jumped out at me from Rentalo's policy document as being mixed messages and doublespeak. These are not peculiar to Rentalo, and largely consistent with US Law. Here's a few examples:-
Our opt-out mechanism is able to process opt-out requests immediately in real time, and never exceed 30 days after we receive the request from the recipients.
Which is it, immediate or 30 days? Big difference. In 30 days, that email address could be part of a mailing list passed to affiliates and the person who opted out would never know to whom it had been given. Any spam they subsequently received as a result could not be tracked back to the original source, neither could the originator be held responsible for it.
Edited to add: Actually, I just checked FTC Law and specifically, when you receive an opt-out request, the law gives you 10 business days to stop sending email to the requestor's email address, not 30 days. So Rentalo might want to fix that statement before they find themselves on the wrong side of an $11,000 fine.
Rentalo.com does not help any other entity send email to those email addresses that have opted-out from Rentalo.com, nor have any other entity sending emails on Rentalo.com's behalf to the opted-out addresses.
The above statement is not inconsistent with:-
Rentalo does help another entity send email to those email addresses that have NOT opted-out from Rentalo.com, AND IT HAS another entity sending emails on Rentalo.com's behalf to the people who have NOT opted out.
Finally, Rentalo.com does not sell or transfer the email addresses of people who choose not to receive our emails, even in the form of a mailing list, unless we transfer the addresses so another entity that can comply with the law.
Which again is not inconsistent with:-
Rentalo does sell and transfer the email addresses of people who have not opted out, including in the form of a mailing list.
And although part of what they are saying does not make perfect sense, my reading allows the sale or transfer of a mailing list to another entity that includes the names that have already opted out. This is passing the buck for removing those people who have opted out and it isn't clear what that other entity can do with that mailing list after it has left the originator's hands. For example, it doesn't state that people are also automatically opted out of every other entity's mailing list to whom their address may have been sold/ passed during the intervening 30 day period. It may be that a person would have to opt-out of each solicitation that they subsequently receive on a case by case basis.
Perhaps Marta can clarify that aspect for us, but I'm fairly sure that the address of anyone who hasn't opted out of Rentalo is being sold on to other entities as part of a mailing list. That would be part of their revenue stream, no different from any other US corporation, including insurance companies, stores, credit card companies and the like, most likely other US based VR listing sites are doing exactly the same thing. Everything here requires a proactive opt-out, not an opt-in.
In addition to the above, Rentalo.com is not involved directly or indirectly in any of the following practices:
- "Harvesting" email addresses from Web sites or Web services that have published a notice prohibiting the transfer of email addresses for the purpose of sending emails.
Which is not inconsistent with:
Rentalo IS harvesting email addresses from websites or web services that have NOT published a notice prohibiting the transfer of email addresses for the purpose of sending email solicitations.
I am rather grateful to have discovered this wording for my website and am off now to add it, because it seems that without it, I have been fair game for data mining, and I don't want to spend the rest of my life opting out of everything.
I'm not meaning to say that Rentalo is engaged in any of the above activities, (it would be nice to know that they are not), I am simply suggesting that they could do it and still comply with their own anti-spam policy and current US Federal Law (I didn't check Florida State law). However, as others have said, EU Law is more stringent, and because web companies don't really know with whom they are dealing in terms of jurisdiction, it's my understanding that most worldwide corporations have changed their policies to be in compliance with the higher EU standard. So it's rather troubling to learn that Rentalo needed Paolo to tell them that other laws exist that are applicable to what they are doing.
Marta, I look forward to receiving your response to all of the above issues, unless you're too busy job-hunting...