Viral marketing

This guide is based on UK law. It was last updated in July 2008.

The law behind 'tell a friend' services

Viral marketing by email generally splits into two varieties. The first involves a person sending or forwarding an email to a friend that refers to your services. The second involves a visitor to your website using a service at your site to 'tell a friend'. Numerous websites offer the latter service; but it does carry some risks. This guide explains what they are and how they can be minimised.

A website may invite visitors to recommend a particular page or product to a friend. Usually, the visitor's email address is requested as well as the friend's email address. The friend then receives an email that, on arrival, looks like it was sent by the person making the recommendation – in order that it appears to come from someone whom the recipient trusts. This, in theory, distinguishes the email from unsolicited marketing which is more likely to cause offence or at least more likely to be deleted without being read.

There is an argument that websites should not do this because they are spoofing an email to look like it was sent by someone who in fact only asked that the website send the email. There is also an argument that a company is sending unsolicited marketing without prior consent. Strictly speaking, these are unlawful practices.

The general rule under the Privacy and Electronic Communications (EC Directive) Regulations 2003 is:

"…a person shall neither transmit, nor instigate the transmission of, unsolicited communications for the purposes of direct marketing by means of electronic mail unless the recipient of the electronic mail has previously notified the sender that he consents for the time being to such communications being sent by, or at the instigation of, the sender."

In practice, 'tell a friend' services are popular and unlikely to cause problems if you follow the guidance on viral marketing from the Information Commissioner. This can be summarised as follows:

• It is safer not to give visitors any incentive to "tell a friend" because that creates a strong argument that you are the "instigator" of the message – i.e. they wouldn't do it without the promise of a reward from you.
• You are sending a message to someone who you assume has consented via a third party (i.e. your visitor, who passed on his friend's details to you). So include a statement on your Tell a Friend page – somewhere obvious and above the "Send" button – that says something like: "By hitting the button you confirm that you have the consent of the individual whose details you are supplying."
• The Commissioner also recommends that you check that the recipient hasn't already asked you to suppress his details. In practice, this means your website would need to communicate with the database holding your suppression list before sending the email. If it's practical to do this, it must be considered best practice. A counter-argument could be made against the Commissioner's guidance on this point: you are getting the consent of the site visitor, who is saying that, right now, he has the consent of his friend – which surely supersedes any previous suppression request. Legally, this is probably a weak counter-argument.
• Someone could use your system and others like it as a puerile trick to annoy one individual with emails from lots of companies. The Commissioner points out that the victim may forever associate your company with that unpleasant experience. In any event, says the Commissioner, "you should ensure rapid suppression of the recipient's contact details to avoid further distress."
• Tell your visitor that you will let his friend know how you got his details. There is nothing in the law to prevent you doing this and it is particularly important if you propose to offer an incentive (though see the warning in the first bullet).

See the Commissioner's full guidance (32-page / 256KB PDF). Viral marketing is addressed at pages 33–34.

We would add the following tips to the Commissioner's guidance:

• Avoid using the email addresses provided on the "tell a friend" page for any purpose other than to fulfil the request and do not save the addresses. If you are going to do this, make this clear and provide a means of opt-out. Bear in mind the risk of complaints;
• Limit the number of emails that can be sent by one user to avoid misuse or be able to recognise and deal with any excessive use;
• Do not allow users to leave their own name and email address blank (albeit there is little you can do about fictional details being provided);
• Send the email to the friend without any marketing information other than what was being recommended – be it a link to a page on your website or the text of an article (i.e. resist the opportunity to promote your services beyond what is being recommended);
• Write the subject line in the third person – e.g. "John Smith thought you'd like this…" – and don't imply in the subject line that John Smith is actually sending the email (i.e. avoid saying "I thought you should see this.") Alternatively, allow visitors to choose the subject line.
• Offer a simple means of making a complaint in the event that the recipient does not know the sender, e.g. a contact email address.

We cannot guarantee that these steps will eliminate the potential legal risk, but they are better than ignoring the issue. Fortunately, the commercial risk is fairly low: in the event of a complaint or new guidance from the courts or the Information Commissioner, a website can change or even abandon its "tell a friend" services without collateral damage. In contrast, a high risk exists with data collection practices: get these wrong and you build a database that it may be unlawful to use – making it potentially worthless.

The Advertising Standards Authority (ASA) confirmed in an adjudication in early 2006 that 'tell a friend' services, if irresponsible, can amount to a breach of the CAP Code. The ASA criticised a system that allowed emails to be sent anonymously (hence our tip above that you do not allow users to leave their own names and email addresses blank).

The ASA subsequently issued a Help Note on Advertising Virals (2-page / 36KB PDF), in February 2006. It confirmed that viral messages that are offensive, misleading, unfair or irresponsible or might otherwise bring advertising into disrepute, will break the CAP Code. The Code applies to ads in emails and text transmissions and virals are not excepted from the Code merely by having originated on a website or by being forwarded-on by consumers.

Other viral marketing activities

The Consumer Protection from Unfair Trading Regulations 2008 impact on some forms of viral marketing.

The following commercial practice is identified as unfair, and therefore illegal in the Regulations:

"Falsely claiming or creating the impression that the trader is not acting for purposes relating to his trade, business, craft or profession, or falsely representing oneself as a consumer."

Accordingly, organisations must not, for example, seed a viral marketing campaign by asking staff to send emails that purport to come from them as independent consumers. Any emails sent on behalf of the organisation should be clearly identified as such.

Falling foul of these Regulations is an offence that can be punished by a fine and up to two years imprisonment. See also the OUT-LAW Guide on the Consumer Protection from Unfair Trading Regulations.

Contacts

Clare Francis
Biography
email Clare
+44 (0) 121 335 2927

Matthew Dowell
Biography
email Matthew
+44 (0) 121 625 3058