The Kremlin has been tightening the screws on Russia’s once-anarchic Internet space, and Pierre Omidyar’s eBay has reportedly become the first Silicon Valley company to step forward and agree to the Kremlin’s top demand: storing Russian users’ data on servers in Russian territory, where it can be more easily accessed by the state security services.
According to the Russian daily Kommersant, eBay’s head of Russia operations, Vladimir Dolgov, met earlier this month with the deputy head of Roskomnadzor, the Kremlin agency responsible for monitoring and censoring media, and agreed to begin transferring Russian users’ data from its Switzerland servers into Russia proper. (Roskomnadzor is the same Kremlin agency that shut down my defunct satirical Moscow newspaper, “The eXile,” in 2008.)
The Russian newspaper reports that eBay’s PayPal division, which will be spun off this year, also sent a representative to the meeting with Roskomnadzor, and “expressed the same position on this matter as eBay.”
Billionaire publisher Pierre Omidyar, the chairman of eBay, has been critical of government intrusion on personal privacy, and has said that he launched The Intercept and First Look Media inspired by Edward Snowden’s cache of NSA secrets. On the other hand, Omidyar publicly approved of PayPal’s 2010 decision to cut off funding for WikiLeaks in order not to antagonize US government authorities. Omidyar wrote at the time that although he valued the principles of freedom of expression and privacy, “executives have a fiduciary duty to do what’s best for their shareholders.”
Being the first American company to comply with the Kremlin’s law on storing Russian user data in Russia is consistent with Omidyar’s shareholder-first philosophy. Russia represents a one of the largest potential growth markets for eBay, sanctions not withstanding. In the last half of 2014, eBay recorded 3.7 million Russian users. Ebay hasn’t yet announced if it plans to rent Russian servers or build its own on Russian territory. According to iKS Consulting, the Russian data server market grew 28% in 2013, featuring over 170 major data server centers — this before the new law was voted on.
Omidyar’s support for Edward Snowden is something that the Kremlin would look kindly on. Omidyar funds the Freedom of the Press Foundation, whose board members include the former NSA spy living in Russia under Kremlin protection. As we reported in Pando and NSFWCorp, the Kremlin politician who initially took Snowden under his wing in 2013, Ruslan Gattarov, was also the Kremlin’s lead figure pushing for tightening government control over Russia’s Internet.
Omidyar has also been active next door in Ukraine, where Omidyar Network co-funded with the US government the NGOs responsible for organizing the Maidan revolution, which installed a fiercely nationalistic government and sparked an ongoing deadly war with Russia. One of the key figures funded by Omidyar Network, Svitlana Zalishchuk, is now a deputy in Ukraine’s parliament in the party of Ukraine’s billionaire president Petro Poroshenko. Omidyar Network is also a co-funder with the US embassy of a new Ukraine media company, Hromadske TV.
While these may seem like contradictory positions to those looking for a consistent political conspiracy — collaborating with the Kremlin while collaborating with the US government in Ukraine; supporting journalism based on Snowden’s leaks while also supporting a US government crackdown on WikiLeaks and prosecuting the PayPay14 — there is a rather simple explanation, to the extent that Omidyar has a coherent plan: It’s strictly business, Sonny.
8 Easy Steps To Comply with (Canada`s) New Anti-Spam Law
You don’t need to be a Canadian email marketer to take Canada’s new anti-spam law seriously. You don’t even have to have paying customers in Canada.
If you maintain an email marketing list with addresses that end in .ca — or if you send bulk private messages via Facebook or LinkedIn — or if you have text message/SMS campaigns running that include Canadian telephone numbers — or if you’re a nonprofit, charity or organization with Canadian members — then the new Canadian Anti-Spam Legislation (CASL) applies to you.
Don’t assume that you’re OK because you already comply with the terms of the European anti-spam laws or the U.S. CAN-SPAM Act. The CASL is more strict than the laws of any other country, and it covers more than just email marketing. Canada created dozens of documents, guides and even websites to help marketers understand CASL and get compliant by July 1, 2014, the date it went into effect.
But what about going forward? How will your company or clients stay in compliance?
Canada created a 17-point guide to help corporations develop good compliance programs. We have distilled these into 8 easy steps that any size business should take. (No, we’re not lawyers; this isn’t legal advice; you should read through the legislation yourself; and you should seek legal counsel.) Consider sharing this list with your executives, managers or clients.
1. Pick a point person.
Someone needs to be in charge. At large companies, this should be a member of senior management. At a small or medium-sized business, pick someone trustworthy and likely to be around for a long time. In both cases, that person is “responsible and accountable for compliance,” according to CASL documents. Since that person can get in trouble for noncompliance, it seems fair to make it part of the job description or title. That also demonstrates that your business cares about compliance.
2. Fix current violations.
If you’re not already complying with the law, you could get in trouble now. Canada has a range of enforcement tools from warnings to public denunciation to fines, which max out at $ 1 million for individuals and $ 10 million for businesses. So fix any problems ASAP!
The “fundamental underlying principle” is explicit, up-front consent, according to CASL guidelines. That’s different from the U.S. CAN-SPAM Act and most European anti-spam laws, which lean on an implied, opt-out consent type of system. You need to understand three things:
What Canada considers a ‘commercial electronic message’ (CEM): Don’t play dumb here. Yes, marketing messages apply. But think more broadly. Are you trying to sell someone something? Are you trying to get them to participate in your business activity? Is your email tagline designed to move someone to commercial action? Consider that commercial communication.
What Canada considers an ‘electronic address’: This law defines an electronic address as an email account, a telephone account (think SMS or text messages), an instant messaging account (think AIM or Yahoo Messenger) and any other similar account. Private Facebook messages and LinkedIn messages are methods of sending CEMs, too, and fall in that “similar account” territory. Public Facebook or Twitter posts, online advertisements, blog articles or faxes aren’t electronic addresses.
What Canada requires to send a CEM to a Canadian electronic address: The CASL requires only three things — consent, identification information and a way for people to unsubscribe.
Of course, those three things cover a lot of territory. What constitutes consent, for example, is narrowly defined, and, remember, it’s required up front and has to be explicit. Here are more resources to educate yourself about the specifics of the law:
3. Assess your risks.
During the process of making fixes, you’ll probably find out exactly how things could go wrong in the future. Perhaps marketers who don’t specialize in email marketing tend to ignore “legal stuff.” Perhaps your designer or developer has been checking opt-in boxes by default for years, which is not OK under CASL. Perhaps your stakeholders or clients might ask you to do something that violates the law. This is called risk assessment. Do it. Think of every scenario you can.
4. Write a policy.
Explain the basics in writing — no fancy words needed. Create a standard procedure and workflow. Use visual examples if that’s helpful. Address the risky scenarios and what to do in those circumstances. Then make sure that every employee has easy access to your policy. Update it as the law changes or as new risky scenarios develop. CASL guidelines also suggest that your written policy:
address related training that covers the policy and internal procedures;
establish auditing and monitoring mechanisms to make sure you stay in compliance;
establish procedures for dealing with third parties (for example, partners and subcontractors) to make sure they’re compliant;
address keeping good records, especially ones related to consent; and
make sure that employees have a way to give feedback
5. Keep thorough records.
The burden falls heavily on the sender of the CEM to prove that they have express consent. As the more formal-language CASL FAQs puts it, “The onus is on the person who claims that they have consent to prove that they have such consent.”
Onus is an understatement. Let’s say that a potential sales lead hands you a business card at a networking event. Can you send them a CEM? Sure, if the lead gave you specific permission. But if that lead’s express consent ever comes into question, the burden of proof is on you. An independent third party must verify their consent, or you must provide a complete and unedited audio recording of the consent. That’s how thorough and specific your records need to be!
You can’t send CEMs from your personal email account or call that sales lead a “personal relationship” as a way to avoid the consent rules. Consider everything that goes into determining a personal relationship:
CASL guidelines suggest that you keep hard paper copies of:
your commercial electronic message policies and procedures;
all unsubscribe requests and actions;
all evidence of express consent (e.g. audio recordings or forms) by consumers who agree to be contacted via a commercial electronic message;
actioning unsubscribe requests for commercial electronic messages.
6. Train everyone.
Even people who aren’t explicitly in charge of your program can get in trouble, if they knowingly violate the law. It’s in your best interests to make sure your marketing team, executives and/or clients know what’s allowed and what isn’t. And as guidelines for the law point out, “for the training to be effective, links should be made between the business’s policies and procedures, and the situations that employees may face in their daily activities.”
Be sure to train employees about what to do if they witness someone else knowingly violate the CASL — some people might not want to be a “tattletale,” especially if the violator is a boss.
7. Check in regularly.
Every once in a while, check in on your program. Has the Have new people started at your company who need to know the law? Are there clarifications to your internal procedures that you need to make? Has your email service provider made any changes? Regularly reviewing your program protects you two ways. First, you’re making sure that you remain in compliance, which prevents you from getting into trouble. Second, if you do end up in trouble because of someone’s rogue actions or serious mistake, you can show that your intent was to follow the law.
8. Discipline offenders.
Complaints could come from two sources: people contacted by your CEM or your own team members. Listen to everyone carefully, and correct any problems that they identify promptly. Whatever form your discipline takes, be sure to enforce it quickly and consistently. Again, that protects you if you end up in trouble. You can defend yourself by showing that you took the law seriously.
Follow these eight steps, and you’ll be on the way toward sustained compliance with the new Canadian anti-spam law.
As Director of Marketing and Customer Experience at Raven, Arienne Holland divides her time between marketing, communications and understanding developers. Before Raven, Arienne spent more than a decade as an editor and graphic designer for Gannett. She’s a factoid junkie, typography aficionado and middle child who just wants everyone to get along.