Just recently, a friend of mine was a victim of the viral marketing practice of a social network site (SNS).
For the purpose of this article, let’s call the SNS, My FriendlySite.
MyFriendlySite sent out invitations to my friend’s contacts to join MyFriendlySite. To those who know her, the invites totally look not measuring to her standards and it made her look like going out of whack.
I’m one of those who received the invites. Knowing her well as a very busy person and not the type who would join MyFriendlySite or other SNSes, even if she has spare time, I emailed her asking if she in fact sent out, or authorized the issue of, the invitations.
She emailed back: “My niece sent me a MyFriendlySite link to her wedding photos. I wanted to post a message to her and that’s when MyFriendlySite asked me to verify my email address, by logging in to my email account which I did. I suspect that’s the time the MyFriendlySite system grabbed my contacts list. It did not ask if I want to invite my contacts at all. I did not even complete the verification process.
“The next minute, I saw some names popping out that I’ve invited them to MyFriendlySite.”
Like other SNSes, MyFriendlySite is using a contact list-grabbing script. These are scripts or software which can interface with external mail servers like Gmail, Hotmail, Yahoo, etc. The scripts are very powerful. As soon as the user logs in to his/her mailbox using the SNS platform, the script scans the contact list, sends out invitations, and then sends the email addresses to the SNS for storage into its own database.
The SNS can argue that the user is understood to have given his/her consent when he/she logs in to his/her email when prompted.
But has the user really given his/her consent?
That is very doubtful. If a user is made aware that (a) invitations will be sent out to his/her contacts, (b) the email addresses in his/her contact list will be copied and stored onto the SNS database, and (c) follow-up reminders or invitations will be sent out by the SNS without his/her knowledge, would he/she still sign up?
The SNS may also argue that the email addresses are secured in the SNS database anyway, and that the SNS has issued a firm undertaking that it is not going to sell the email addresses.
Again, those arguments are irrelevant. The issue is the practice of downloading the email addresses from the user’s contact list, then using the email addresses to build up the site traffic – all without the explicit consent of the member.
Is this practice legal?