In a previous post, “Is Ethical Advertising Possible?” I talked about the internal discussions we were having as we looked to expand our marketing efforts beyond what we’d done in the past. One of the reasons for that post was to explain our current thinking both so everyone knew where we were coming from, and so that we could get feedback from the community. We’ve really appreciated the feedback we’ve gotten so far and we have combined it with our own internal discussions to create an initial draft of what we are calling our Ethical Marketing Principles. We will use this as a guiding document for which marketing methods are acceptable and which aren’t for us from this point on.
This document serves to provide a set of high-level guiding principles we can use to direct which marketing practices fit within Purism’s ethics as dictated by our Social Purpose and our Digital Bill of Rights. While this document will list some examples of dos and don’ts, those examples will not be all-inclusive and shouldn’t be treated as a final list of what is allowed or not.
This is a living document. As we start applying these principles to our marketing decisions, we will very likely come across edge cases that will require more clarity. New technology advances may also provide new edge cases that don’t fit neatly into our principles. We may also find unforeseen consequences in actions that seem to conform to these principles at first. In all these cases we will likely need to amend this document.
Ultimately, the goal is to treat our customers ethically and to respect their privacy. Privacy, like clothing, is not one-size-fits-all. What one person feels free to share, another may feel is extremely private. Some people are comfortable wearing revealing clothing while others prefer to cover up. When in doubt, we will err on the side of being more conservative, but wherever we draw the line, some people will feel it’s too far and others not far enough.
As a general guiding principle, we mustn’t be creepy. This is subjective as people have different thresholds for what they find creepy. That said, we must not do to our customers things that we would find creepy if done to us. The digital world makes it easy to abstract away creepiness. When in doubt, attempt to map digital forms of tracking to the physical world as a smell test.
People must be free to visit our site without being identified and tracked between visits. In particular this means we must not use tracking cookies that can distinguish and identify a particular person between visits. We must also not use tracking pixels in our emails to show when someone opens/reads an email. If we use UTM links, they must not be unique-per-person but instead be generic so we can identify traffic from a particular platform or marketing campaign without identifying the individual who clicked them.
Collecting IP addresses and basic self-reported User Agents as part of web logs is acceptable and somewhat unavoidable, and can be used to distinguish a particular web session, but by itself isn’t enough to truly distinguish one individual from another (many people might share an IP address when on a shared network such at an office or on public WiFi, many people use the same browser). If a particular visitor visits us from multiple networks and did not sign into their account on our site, or perform some other obvious opt-in to identify themselves, we must not be able to identify that it’s the same person.
We must only contact people who have demonstrated (by opting in) they would like us to contact them. We must not rely on opt-out (as that often targets the laziness, haste or inattention of someone to uncheck a box), but must require opt-in (such as checking a “you can email me” box that defaults to being unchecked).
If after opting in, someone no longer wants to receive marketing from us, we must honor their preferences. For example, we must not send an email promotion announcing a sale to all of our past customers. We must only email those customers who have opted in to getting communications from us.
Data is Uranium. We must collect only the data we need to do a particular task, no more, and we must delete data when we no longer need it. This means routinely removing the base data that is used to generate reports once we have those reports for a particular period of time. In general we must take a minimalist approach to data collection, which is in contrast to the “collect and save everything” mentality that is present in most marketing. We must self-host as much as possible, and avoid using 3rd party sites for data collection/analysis (such as Google Analytics) as we cannot guarantee they will protect customer data as much as we will.
We are sometimes contacted by firms that initially want to interview us for a news piece and ultimately we discover that they want us to pay them to publish the news piece (so it is essentially an ad disguised as a legitimate interview). We don’t do “Pay to Play” articles. Reviewers/influencers who are provided our products either to loan or to keep should disclose it in their review. If we purchase an ad on another platform, it must be labeled as such, not appear to be an article or news piece.
This also extends to other deceptive opt-in/opt-out dialogs for data collection that aim to confuse or hide what data is being collected.
We mustn’t hire third parties to do things that violate our privacy policies, just so we aren’t doing them as a technicality. At the same time, we must acknowledge we can’t control what data brokers in “dystopia” do with customers that visit their sites. In the interest of reaching people who only live in “dystopia”, we may purchase ads on sites that do not respect their visitors’ privacy. However, we must not “launder” privacy invasions by having third parties do it on our behalf so our hands stay clean. If we were to hire a 3rd party to spam for us, we are still spamming. If we were to store data indefinitely on a 3rd party’s analysis platform, we are hoarding data.
This extends to using features on third party marketing platforms that can only exist by violating our policies. As a specific example, ad platforms often use tracking cookies to keep track of which sites an individual visits, and then sells access to that data to ad buyers to show ads to people who visit certain sites. By using that feature we would be enabling tracking/identifying of individuals in a way that violates our policies. This is separate from, for instance, purchasing an ad to display on a particular site because we believe visitors on that site might be interested in us (that’s similar to buying an ad in a magazine), or bidding on keywords to trigger our ads (which are based on search terms visitors intentionally volunteer).
This also extends to demographic data which can only be gathered by mass data collection (largely not opt-in) from people. Buying ads that trigger based on search terms, for instance, is OK because no personal data collection was required. Showing ads only to people in a particular age, ethnic, political, category would not be OK, unless we are certain that data was provided willingly with informed consent. By contrast, targeting an ad on LinkedIn based on profession or industry would be OK, as that data is self-reported (opt-in) by users of that platform.
As we mention at the beginning, our Ethical Marketing Principles is a living document that we intend to modify over time in response to new questions that come up as we expand our marketing. We also always want to hear from you about what marketing approaches you find creepy and how you feel about our current approach.