Questions raised at the design stage or later on in a site’s lifecycle are likely to include whether to make email notifications of new content available to users and whether to produce RSS feeds as an alternative notification mechanism. These questions may give rise to some or all of the following issues:
- whether there are any implications flowing from the Unsolicited Electronic Messages Act 2007;
- possible copyright implications of publishing your own or your organisation’s content via RSS or Atom feeds, in terms of proactively protecting copyright in feed content from resyndication or, if you wish, positively allowing such resyndication; and
- possible copyright and trade law implications of resyndicating others’ content (e.g., from or via feeds) on your own or your organisation’s site.
I’ll endeavour to tackle each of these in turn. Because there’s quite a bit to say on these issues, I’ll spread the three bullet points across three posts. This post deals with the first.
The Unsolicited Electronic Messages Act 2007
Among other things, the Unsolicited Electronic Messages Act 2007 (“UEMA”):
- prohibits the sending of unsolicited commercial electronic messages that have a New Zealand link (section 9);
- requires commercial electronic messages to include accurate sender information (section 10); and
- requires commercial electronic messages to contain a functional unsubscribe facility (section 11).
Before addressing some of the particular issues that people may raise under this legislation in the context of social media content distribution, it may be useful to briefly discuss the three provisions listed above.
The prohibition against spam
The section 9 prohibition against spam only applies where a message is:
- commercial; and
The Act is replete with definitions. I will only deal with the most important ones here.
A message is “electronic” if it is sent using a telecommunications service to an electronic address (section 5(1)). An “electronic address” is is an address used in connection with an email account, an instant messaging account, a telephone account or a similar account (section 4(1)). Email, instant messages and SMS are obvious examples of electronic messages. By contrast, standard telephone calls, calls made using voice over internet protocol and faxes are not “electronic” messages for the purposes of the Act (section 5(2) and Schedule 1).
An electronic message is “commercial” if it:
- markets or promotes goods, services, land, an interest in land or a business or investment opportunity; or
- enables a person to obtain dishonestly a financial advantage or gain from another person; or
- provides a link or directs a recipient to a message that does one or more of the things above (section 6(a)).
At the same time, a number of electronic messages are expressly stated not to be commercial (and are therefore not caught by the prohibition on spam), including:
- responses to a request for a quote or estimate;
- messages that facilitate, complete or confirm a commercial transaction that the recipient previously agreed to;
- warranty information, product recalls and safety and security information about goods or services used or purchased by the recipient;
- factual information about a subscription, membership, account, loan or similar ongoing relationship;
- information directly related to employment or a related benefit plan in which the recipient is currently involved;
- messages delivering goods and services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a previous transaction; and
- messages providing information about governmental goods or services (section 6(b), largely as conveniently summarised by the Department of Internal Affairs (“DIA”) in its guide Unsolicited Electronic Messages Act 2007: Prohibiting spam and promoting good business practice.
Finally, a commercial electronic message is “unsolicited” if the recipient has not consented to receiving it (section 4(1)). Consent can take one of three forms: express consent, inferred consent or deemed consent (see section 4(1)(a) for the meaning of these three forms of consent).
Accurate sender information
Commercial electronic messages with a New Zealand link need to clearly identify the person or organisation responsible for sending the message and how that person or organisation can be contacted. The contact information needs to be reasonably likely to be valid for at least 30 days after the message is sent (section 10).
DIA’s Guide on the Act, referred to earlier, usefully notes that sometimes one might use a third party organisation to send commercial electronic messages on one’s behalf. While stating that this third party must include accurate information about your business (i.e., name and contact details), it notes, sensibly in my view, that the amount of information may depend on the medium by which the message is sent. By way of example, it notes that text messages impose limitations on the amount that can be displayed.
Functional unsubscribe facility
Commercial electronic messages also need to include a functional unsubscribe facility. That facility needs to be expressed and presented in a clear and conspicuous manner and allow the recipient to respond to the sender using the same means of communication by which the message was sent. The facility must be of no cost to the recipient and be reasonably likely to be functional for at least 30 days after the message is sent (section 11(1)).
Senders and recipients are permitted to contract out of this obligation that there be a functional unsubscribe facility (section 11(2)).
Particular issues regarding the Unsolicited Electronic Messages Act
In the context of social media sites, people might ask, among other things:
- whether such sites are subject to UEMA at all as regards the email or SMS messages they send out to inform users of new content;
- whether an organisation can use existing emails in a user database to create a list of recipients to whom email updates of new site content will be sent;
- whether RSS feeds are subject to UEMA in any way; and
- whether the emails sent by third party email delivery services such as FeedBurner, which can take an RSS feed and produce a subscribe-by-email facility for feed content, have sufficient information in the emails to comply with UEMA.
Are electronic messages sent by social media sites to users subject to UEMA?
The question of whether electronic messages (e.g., email) sent by a social media site to its users are subject to UEMA is a potentially important one, as the answer may affect the site’s design and/or the business processes that may need to be put in place around operation of the site. There is, however, no universal answer to this question.
Three key issues arise:
- whether such messages are commercial;
- if so, whether they are unsolicited;
- if commercial but not unsolicited, whether the obligations for the messages to include accurate sender information and a functional unsubscribe facility have been met.
If electronic messages from a social media site are not commercial, that’s the end of the story so far as UEMA is concerned. The prohibition against spam does not apply and there are no obligations for the messages to include accurate sender information and a functional unsubscribe facility.
If electronic messages from a social media site are commercial, however, then not only must one of the three forms of consent outlined above exist before they are sent (failing which they are illegal), but the sending organisation is also responsible for including accurate sender information and a functional unsubscribe facility.
By way of example, one can imagine a site which looks and feels like a place for discussion and sharing of, for example, thoughts, documents and multimedia files, but which also sends email alerts to users, at their election, containing both updated content and advertisements for additional user-pays services (e.g., the purchase of photo prints). These email alerts would in all likelihood be commercial electronic messages as they would be marketing or promoting goods or services. They would, therefore, require users’ consent, whether express, inferred or deemed. In this sort of scenario, it may well be that express consent would be required, as the conditions for inferred or deemed consent may not be fulfilled.
In addition, because these sorts of alerts would be commercial electronic messages, they would have to include accurate sender information and a functional unsubscribe facility.
Whether an organisation can use existing emails in a user database to create a list of recipients to whom email updates of new site content will be sent
This scenario assumes that an organisation has a user database from an existing service and wishes to use the email addresses from that database to populate a list of email recipients to whom updates to content on a new site will be sent. While there may be benevolent intentions behind such an approach, it could clearly raise issues under both UEMA and the Privacy Act 1993. For the moment, I’ll focus on UEMA.
If the messages to be sent to those email addresses were commercial, the same analysis as that set out above would need to be done. Significant questions as to the scope of previous consent could arise, e.g., whether consent given on a previous occasion could apply to the new service. That is likely to turn on the scope of the express consent originally given. Inferred and deemed consent are likely to assume little relevance in the light of their particular statutory definitions.
Whether RSS feeds are subject to UEMA
In my view, RSS feeds are clearly not subject to UEMA. Sometimes individual feed items may well be commercial, in that they may be promoting goods or services, but arguably neither the feeds nor their individual items are “electronic messages” as defined in the Act nor, arguably, are they “unsolicited”.
I would argue that they are not electronic messages because feeds and their individual items are not “sent” to an “electronic address”. They are not “sent” because a feed is simply a file residing on a website. They do not target anyone. They are not and generally cannot be “sent”, or “pushed”, out to given individuals, even if one knows those individuals’ email addresses or the like. To the contrary, individuals must positively subscribe to them with, or “pull” them into, a news aggregator or similar feed reading application.
Further, even when subscribed to, arguably they do not go to an “electronic address” as defined in the Act. The simplest reason for that is that they do not go to an “address”; as already noted, they are “pulled” into an application. Even if they did go to an “address”, arguably it would not be an address used in connection with an ‘email account, instant messaging account, telephone acount or similar account’ as envisaged by the Act.
This conclusion is entirely consistent with the rationale behind the Act’s prohibition on commercial spam and its requirement that commercial electronic messages have both accurate sender information and a functional unsubscribe facility. Commercial spam that is pumped to people’s electronic accounts without their consent is understandably problematic. By contrast, RSS subscription is necessarily consent driven. One cannot simply fire out an RSS feed at someone via an RSS channel (one can convert it to email and pump it out that way, but that’s a separate issue). Similarly, there is no need for an unsubscribe facility, nor is that possible within the feed itself, because users voluntarily subscribe to, and unsubscribe from, feeds in their aggregator or feed reader. They are in complete control. As regards accurate sender information, feeds are usually linked with specific sites or a collection of sites and the user will, generally speaking, know what they’re subscribing to. If not, and they don’t like what they see, they can instantly unsubscribe in their feed reader.
What about feed to email services?
The above analysis does not mean that the paths of UEMA and feeds will never meet. There are many services available today that enable website owners (and others) to produce email subscriptions off the back of a feed. One of the best free services that enables you to do this is FeedBurner. In essence, the service takes an incoming feed and, like a feed reader, periodically checks it for new items. When new items appear, the service converts them into fresh emails which are then “pushed” out to email subscribers, either immediately or at predefined intervals.
The beauty of such services is that they enable blog, wiki and other website owners to take automatically-generated RSS feeds and convert them into email subscriptions, giving them the ability to offer their users both RSS and email subscription. However, the existence of email subscription raises, once again, the potential application of UEMA.
Let’s assume for present purposes that the emails emanating from the site have a commercial flavour (if not, UEMA does not apply) and that users have consented to receiving them. The remaining issues on which I want to focus are whether the emails have accurate sender information and a functional unsubscribe facility as required by the Act.
This is where the sophistication of the RSS to email service one is using becomes important. It will be important to check that the service automatically populates the emails that are created from your feed with both accurate sender information and a functional unsubscribe facility.
Let’s take FeedBurner’s conversion service as an example. It is a solid service that provides its users with considerable flexibility. Those using it to create email subscriptions from their feeds can:
- select the “from address” that will appear on the emails;
- specify the title/subject of their emails; and
- add a logo to the emails.
The emails themselves include:
- a “reply to” line which contains the email address selected as the “from address”;
- information on the source of the emails to which the user is subscribed (with a link to the source website);
- the ability to unsubscribe electronically by clicking on an “unsubscribe now” link;
- a statement that email delivery is powered by FeedBurner; and
- the ability to unsubscribe by postal mail by writing to a specified FeedBurner address in the United States.
In my view, FeedBurner provides sufficient functionality and flexibility to enable those building email subscriptions off the back of their feeds to comply with their obligations under UEMA to have accurate sender information and a functional unsubscribe facility in their emails. One might question whether sufficient “accurate sender information” appears as required by section 10 of the Act, but in my view the ability to add the sending organisation’s name to the title/subject of the emails, the provision of a reply email address in the email header (provided it’s valid and goes to the right place), and a link back to the organisation’s main domain (again, provided it is accurate) are sufficient. It might be preferable if FeedBurner allowed one to add an organisation’s full contact details (e.g., address and phone number) but section 10 of UEMA does not prescribe specific types of contact details. Rather, it states that the message must include “accurate information about how the recipient can readily contact that person”. Arguaby FeedBurner provides sufficient functionality to enable organisations to fulfil this requirement.