On this page
Remarketing, also known as retargeting, is a powerful tool to use in your marketing campaigns.
It's important that you reflect and disclose your use of remarketing platforms to your users.
One of our many testimonials:
Laws on remarketing
Countries around the world have data privacy legislation in place that you need to consider before investing in a remarketing campaign that requires you to tell your users what information you're collecting from them and for what purpose.
This includes disclosing your use of remarketing platforms because of how they work: Google AdWords works by collecting information about your users in order to track them, and then shows them your ads later on.
In the US, the main data protection law in the US is a state law (rather than an overarching federal law), the California Online Privacy Protection Act (or CalOPPA). This legislation requires you, as a business owner, to display your legal agreement prominently and to tell your users:
- What kind of information you collect
- How that collected information may be shared
- How can users review and/or change the collected information you have on them
- Your agreement's effective date and a description of any changes since then, if any.
Here's an example of a "California Privacy Notice", from Sony's website:
UK law is a little different, and is currently covered in the Data Protection Act 1998. This law is informed by and brings into force the principles of the EU Data Protection Directive.
If you're based in the UK but have users from California, you need to comply with both: CalOPPA in the U.S., and the Data Protection Act in the UK.
You may also need to comply with other countries' laws as well if your customers are international, or if you have branch offices around the world. Most countries have similar privacy requirements, but the EU is one of the most rigorous.
If you haven't got a handle on users' privacy in your business, and you aren't transparent about your personal information collecting practices through, not only will you be in breach of the law but you may also be losing valuable customer trust.
Current best practice "includes being proactive in letting users know what you collect, when, how, and what you plan to use it for."
Gordon Daniell, of online marketing platform Kentico, notes that:
If customers know that you're collecting this data, why, and you can make them comfortable; there is a better chance they'll stay loyal, and keep buying, rather than flee at the first highly targeted ad.
Requirements for remarketing
If you've started using remarketing campaigns, but you haven't yet included the above information in your legal agreement, do so to properly inform users.
This update isn't required just so that you can meet your legal obligations to your customers, it's also so that you can comply with the third party's requirements for using their service.
- Disclosing how you're using remarketing
- Disclosing that (and how) third-party vendors (including Google), show the you've created ads in your remarketing campaign on other websites across the Internet
- Disclosing how third-party vendors (including Google), use "cookies" to show your ads based on someone's past visits to your website
In many remarketing campaigns, businesses will show ads on other websites to past visitors. If these visitors will click these ads, they will be redirected to a landing page where the business can ask these visitors for their email address to receive a discount or download ebooks etc.
Because these visitors are now subscribing to an email newsletter, the business now needs to make sure it complies with the CAN-SPAM Act.
CAN-SPAM applies to businesses operating in the United States, but the principles as detailed in "A Compliance Guide for Business" by the Bureau of Customer Protection are also found in other legislations across the globe, e.g. Canada's CASL (Anti-Spam Legislation).
CAN-SPAM applies to any commercial messages that you send as a business.
Each email that violates this Act can have fines up to $16,000 USD.
The Act doesn't apply only to commercial emails you may send, but to all commercial messages ("any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service"). This can be a simple informative message that you send to your customers announcing a new product.
Compliance with CAN-SPAM in the US is pretty straightforward.
The second step of the compliance plan is to review that you comply with CAN-SPAM's main requirements:
- Don't use false or misleading header information.
- Don't use deceptive subject lines.
- Identify the message as an ad.
- Tell recipients where you're located.
- Tell recipients how to opt out of receiving future email from you.
- Honor opt-out requests promptly.
- Monitor what others are doing on your behalf.
Consider the 3 type of messages that a business sends to customers:
- Commercial content (promoting a new product, advertising etc.)
- Transactional or relationship content (updating a customer about a certain order etc.)
- Other content (anything that isn't informative or with commercial content)
If your message has commercial content, it falls under the CAN-SPAM Act.
If it's only transactional or informative (with no commercial content), it "may not contain false or misleading routing information", but otherwise it doesn't fall under the CAN-SPAM Act.
The Bureau of Customer Protection mentions this:
If the message contains only commercial content, its primary purpose is commercial and it must comply with the requirements of CAM-SPAM. If it contains only transactional or relationship content, its primary purpose is transactional or relationship. In that case, it may not contain false or misleading routing information, but is otherwise exempt from most provisions of the CAN-SPAM Act.
EU Cookies Directive
The so-called "Cookies Law" was introduced in Europe through amendments to a 2003 EU e-privacy directive that requires websites to get the consent of users before using tracking technologies such as cookies.
The British Information Commissioner's Office (ICO) fines UK-based web sites up to £500,000 if they do not comply with this law.
You need to comply with this directive if you're using any kind of cookies, either you directly (via your website or mobile app) or through third party vendors that you're using (Google AdWords, Google Analytics etc.)
Let's say your website is running a remarketing campaign with Google AdWords (or through the Google Analytics List) and a visitor just left your web site for another website, without buying your product.
Google remembers this visit and will display the ads you want within the websites that this specific user is visiting. Google can only show the ads in websites that are part of the Google Display Network.
Google AdWords keeps track of everyone through their browser's cookies.
Besides the vendors providing you with remarketing capabilities, your website or mobile app can also use various type of cookies, such as authentication cookies (the remember me option found on login pages).
There are various ways to comply with this directive for EU-based businesses:
You can also use a Cookies Policy agreement instead.
A fixed footer notification.
ICO places a link to the "Change your cookie settings" page within the notification text box, where you can see the name of cookies they store and for what purposes.
You are not required to inform users of your remarketing campaigns using this type of notification. This notification is to inform that you are using cookies.
A top header notification.
The inline header notification.
This is usually placed below the logo but above any content.
The Gov.UK web site and The Economist uses an inline notification to inform users on cookies. In the case of the latter, the notification bar moves between the top section of the website and just right before the beginning the content.
The box notification.
This kind of notification usually comes in a small box that will always be on the bottom right of the website regardless of how you scroll.
Similarly to the top header notification, it can disappear when the user gives consent on the cookies usage ("I Agree", "I Accept")
All these types of notifications are to inform users that the website or its third-party vendors are using and storing cookies when users are visiting the website.
CASL is similar to CAN-SPAM. The Canadian Anti-Spam Legislation (CASL) exists to deter companies from sending contacts and messages, whether in form of e-mail, text messages, social media and other forms of electronic communication, to users without their consent.
It's a measure to avoid, or at least reduce, incidences of phishing, message routing, misrepresentation, malware, spyware and automatic collection. It also serves to restore people's trust on electronic commerce.
- Get consent. The business must get the consent of users to receive commercial messages.
- Identify yourself. The business must have contact details displayed: phone number, web site, mailing address etc. in order to identify who is sending that message.
- Unsubscribe methods. Users must be able to unsubscribe if they choose to do so.
- Not false or misleads. The message must not be false or misleading in any way.
Here's an example of this kind of notice done through an email campaign, from Bing of Microsoft:
Here's another example, from Facebook, that shows a banner on their website informing users that there has been an update to Facebook's legal agreements:
It's very important that you don't just make a change on your legal agreements that may impact your users and not tell anyone.
A legal case, Roling v. E*Trade, held that it's not sufficient to just upload a copy of the new terms to your website. You must notify your users in some way that the document has changed or been updated.