Roger Clarke's Web-Site

© Xamax Consultancy Pty Ltd,  1995-2024
Photo of Roger Clarke

Roger Clarke's 'Direct Marketing and Privacy'

Direct Marketing and Privacy

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 23 February 1998

© Xamax Consultancy Pty Ltd, 1997

This document is at


A brief review is undertaken of direct marketing, through both conventional and electronic channels. Existing practices are suggested to be seriously privacy-invasive. Public acceptance of such practices is argued to be declining, such that unsolicited contact, and the use of personal data in breach of mainstream privacy principles, are attracting increasing levels of public opprobrium.

In the information economy, effective and efficient consumer marketing is predicated on trust by consumers in the marketplaces and marketspace in which they transact. Conventional direct marketing practices are inimical to the maintenance of brand-value, and to the establishment and maintenance of ongoing relationships with customers. It is therefore suggested that marketers need to examine their uses of direct marketing very carefully, and to adjust their strategies in the direction of privacy-sensitive methods, and consumer-pull technologies.


1. Introduction

2. Direct Marketing

3. Dataveillance and Information Privacy

4. Direct Marketing Through Conventional Channels

5. Direct Marketing Through Electronic Channels

6. Towards Effective Direct Marketing

7. Regulation

8. Conclusions

Appendix: The DMA 'Call to Arms' of Early 1998


Relevant Articles by the Author

1. Introduction

Direct marketing involves communication by a marketer to a prospect, without an intermediary, via a medium that supports some degree of interaction. The concept has largely merged with the idea of database marketing, which involves the establishment and maintenance of quantities of data about prospects and customers, which is exploited in order to enhance the probability of making a sale to each of them.

Direct marketing is intrusive, both in relation to the privacy of personal behaviour, and into the privacy of personal data. The degree of sensitivity varies greatly, depending on the person, the data and the context.

This paper examines the privacy concerns arising in relation to direct marketing. It commences by examining direct marketing, defining the nature of privacy concerns, and showing how the privacy factor is becoming an increasingly important business strategic factor. It then identifies specific issues arising in relation to the various direct marketing channels, and suggests approaches that can achieve an appropriate balance between the interests of marketers and individuals. Finally, it addresses the question of regulatory measures.

2. Direct Marketing

This section examines direct marketing, commencing with a discussion of its meaning(s), and continuing with an analysis of the kinds of direct marketing.

2.1 Definition

Marketing involves communications by a marketer of goods or services to prospective customers. Some of those communications provide information about features, conditions of purchase, availability, and image. Many are intended as direct stimuli to a purchasing decision.

Marketing communications are `indirect', where marketer-prospect interactions are inhibited. This may be because the communication channel is one-way, as in the use of broadcasting media such as television, radio, newspapers and billboards. Alternatively, it may be because of the interposition of an intermediary of some kind that does not have a principal-agent relationship with the marketer, e.g. a shop assistant in a retail department store.

Marketing communications are `direct', on the other hand, where:

Some forms of direct marketing involve physical proximity between an agent of the marketer and prospects, e.g. on the marketer's own premises, or at the prospect's home. The number of people who can be attracted into such controlled settings is limited, and the costs are very high.

This document restricts its focus to 'direct marketing at a distance'. These forms seek to reach a high proportion of the target population, to reach them with an immediacy and apparent relevance that motivates purchase, and to do so for relatively low cost.

Definitions of 'direct marketing' tend to stress the importance of gathering data about targets, e.g. "Most important, it usually results in the creation of a DATABASE of respondents" (emphasis in original, Direct Marketing Club of Southern California). This gives rise to the use of the term 'database marketing' to refer to "marketing to people as individuals, on the basis of a computer file" (after Swanson Russell Associates).

The primary focus of this document is on those kinds of 'direct marketing over distance' in which the marketer has at least a modest amount of personal data about prospects, and is conducted via channels that are at least modestly interactive.

Direct marketing can give rise to efficiencies in the following ways:

Marketers would seem to perceive the efficiencies arising from direct marketing to be considerable, in comparison with alternative approaches such as shop-based selling and broadcast media advertising: "Over 50% of advertising in Australia is spent on direct marketing communications ... in the U.S. ... nearly 60%" (Edwards 1997).

The efficiency calculations are, however, performed from the perspective of the marketer, and do not take into account the costs, effort and inconvenience caused to purchasers. These range from modest and acceptable, to expensive, disruptive and very irritating. The following section identifies aspects of direct marketing which determine where particular practices lie on that scale.

2.2 Dimensions of Direct Marketing

In order to undertake meaningful analysis of the privacy implications of direct marketing, it is necessary to differentiate along a number of key dimensions.

(a) The Direct Marketing Channel

Direct marketing channels relevant to this discussion include:

(b) The Degree of Business and Data Integration

Direct marketing can be undertaken:

(c) The Intrusiveness of the Communication

A feature of the communication channel that is of particular significance from a privacy viewpoint is the extent to which the communication intrudes into the prospect's activities. It is important to differentiate:

(d) The Relationship Between Marketer and Prospect

The nature of the relationship between marketer and prospect is important. The following settings need to be distinguished:

(e) The Origins of the Communication

The origins of the communication can be usefully differentiated, as follows:

(f) The Nature of the Prospect

Also of relevance is the nature of the prospect. It is useful to distinguish:

Privacy is an interest of individuals rather than of corporations, and hence this document is primarily concerned with direct marketing to consumers. It does, however, have implications for direct marketing to:

(g) Combining the Dimensions

Each of the classification schemes in this section has been presented in such a manner that the earlier instances involve relatively straightforward privacy issues, and the latter instances raise much greater privacy concerns. Of greatest difficulty, of course, are those forms of direct marketing which are well down the list in respect of several of the dimensions.

One way of drawing the dimensions together is to consider the reaction of the recipient to the communication. Examples of consumer reactions include:


The following section provides an overview of information privacy. On the basis of these two preliminary sections, analysis is then undertaken of the privacy issues arising from direct marketing.

3. Dataveillance and Information Privacy

It is assumed that the reader:

Unreconstructed marketeers of the brash American, laissez faire variety, who would naturally dispute the above contentions, should either examine the materials pointed to from this section, or declare themselves to be mavericks and abandon reading this document.

This section provides access to materials on data surveillance and privacy matters, and then identifies particular issues that arise from direct marketing.

3.1 Fundamentals

It is particularly critical to the analysis conducted in this document to appreciate that privacy is not a simple concept, but rather a compound of several interests. Of especial relevance to this discussion are the privacy of personal behaviour, and the privacy of personal data.

The following materials are relevant:

A separate paper examines privacy as a strategic consideration for corporations ( Clarke 1996d). This includes the following segments:

A minimalist regulatory environment has applied to the Australian private sector until now, but is rapidly coming to an end.

3.2 Issues
(a) Privacy of Personal Behaviour

People's interest in enjoying 'private space' is abused by the intrusions that are inherent in most direct marketing techniques. A further problem is the manipulation of personal behaviour that is the primary purpose of marketing databases and consumer profiles. A related matter that disturbs some consumers is the presumption by marketers that computer-generated communications based on database content represents a relationship with a person.

(b) Privacy of Personal Data

People have a strong interest in controlling the use of data that relates to themselves. Conventional direct marketing practice abuses many aspects of privacy protection principles. On the list of most serious public concerns, financial data appears very high (e.g. PC 1995, Clarke 1997a).

The abuse of personal data is being extended by the endeavour on the part of marketers to convert hitherto anonymous transactions into identified ones, through such means as so-called 'loyalty' schemes. This matter is addressed in Clarke ( 1995d, 1996e, and 1996i).

Public concern is evidenced through the periodic media coverage of such matters as abuse of data collections such as the telephone white pages, council records of dog registrations and building approvals, and State government land titles and marriage registration data. The question of so-called 'public registers' is examined in Clarke ( 1997g).

(c) Consumer Profiling

Consumer profiling involves the accumulation, acquisition and cross-referencing of data about individuals, possibly combined with geo-demographic data; followed by its use for various micro-marketing purposes. Its privacy-invasiveness is examined in Clarke ( 1993e and 1997f).

(d) Consumer Interests More Generally

Privacy is one of a number of contentious issues that arise in the relationship between marketers and consumers, in such areas as conditions of contract, and the recourse and sanctions available in the event of malperformance by the marketer.

Although considerable progress has been made in relation to consumer rights, the regulatory arrangements are not technology-neutral, and much of it evaporates in the electronic context. For an examination of consumer issues in marketing through electronic channels, see Clarke ( 1996h, 1997h and 1997i).

4. Direct Marketing Through Conventional Channels

This section considers specific privacy matters that arise in relation to particular forms of direct marketing through long-standing channels.

4.1 Mail

Receiving materials through the post is not as disruptive as through some other channels. The factors that exacerbate concerns are unsolicited communications, particularly if they presume to extend a relationship beyond what the consumer recognises, and especially if the communication is from an unknown organisation, and even more so if personal data has been expropriated and exploited through such mechanisms as the exchange of mailing lists. For some people at least, a further cause for concern is its wastefulness.

The U.S. Direct Marketing Association provides its own background document on direct mail.

Recognition of the potential for privacy concerns to undermine their business is evident in responses by industry associations, and in particular the U.S. Direct Marketing Association's 'Mail Preference Service', and the service of the same name run by the Australian Direct Marketing Association (ADMA).

Many people are seriously sceptical about the effectiveness and adequacy of such schemes. Services such as Junkbusters and Ron Rogers evidence that scepticism, and provide support to consumers to take action against direct mailers.

4.2 Fax

Receiving marketing communications by fax can create difficulties for recipients (e.g. blocked lines, wasted paper, and a ' paper-out' when a real fax arrives), and is regarded by many consumers as an abuse of their telephone service. In the United States, unsolicited faxes are illegal in some circumstances.

4.3 Telephone

Receiving communications by telephone is highly disruptive, and regarded by most consumers as an abuse of their telephone service. This is particularly the case where the communication is from an unknown organisation, and especially where personal data has been expropriated and exploited. The problem has become much worse during the last few years, as 'outbound tele-marketing' came into vogue.

Recognition of the potential for privacy concerns to undermine their business is evident in responses by industry associations, and in particular the U.S. Direct Marketing Association's 'Telephone Preference Service', and the service of the same name run by the Australian Direct Marketing Association (ADMA).

The existence of services such as Junkbusters suggests that many people doubt the effectiveness or adequacy of the scheme. For a critical analysis of tele-marketing, see Whittle (1997).

5. Direct Marketing Through Electronic Channels

This section considers specific privacy matters that arise in relation to particular forms of direct marketing using emergent electronic channels.

5.1 Spam

Spam is unsolicited electronic communications. It is undertaken by mailing to an e-list, or by posting to an electronic forum such as a newsgroup, web- or IRC-based e-chat session, or MUD. The motivations for sending spam include appeals for financial contributions to a cause, the communication of a religious or ideological idea, the discrediting of a third party by making it appear that they sent a message, the passing on of the electronic equivalent of a chain-letter, and the sheer dare of it. The motivation relevant to this paper is the marketing of goods or services. Spam is examined in depth in Clarke (1997b).

Spam is an inappropriate direct marketing mechanism. It is very cheap for the sender, and very cheap (in financial terms) for the recipient. On the other hand, it is costly for recipients in terms of their time; in terms of the time taken, the volume transferred and the volume stored in their account on-line; and of the clutter it creates in their mailboxes. It uses a medium that, for many individuals, is all about community and not about business. Fundamentally, spamming is a force-fed, supply-driven mechanism. Even where off-lists are created and effectively administered, recipients are forced into an 'opt-out' scheme, when what most of them want is a demand-driven, 'opt-in' scheme. Clarke (1997b) explains the disincentive for spammers to operate effective off-list administration.

As a result of the unreasonableness of spam as a direct marketing mechanism, and the explosion in the volumes of spam that have occurred during the last two years, governments and legislatures in the United States are considering measures to preclude it. The Australian Government, through the Minister for Communications and the Arts, is also considering its options.

Even though spammers have thwarted negative reactions by consumers by implementing 'non-replyable' spam, direct action by consumers against spam is being aided and abetted by services such as Junkbusters.

5.2 Push-Technologies

The World-Wide Web has been an enormous boon to electronic communities. In seeking to exploit it for commercial advantage, marketers have discovered that it fails to satisfy their needs. It is an essentially consumer-pull medium, which does not directly support marketer-push.

Marketing interests are busily seeking to either subvert web-technology from pull to push, to supplement it, or to replace it with more marketer-friendly technologies. The terms used to describe such approaches reflect the marketer's obsession with broadcast at consumers rather than communications linkages with people, and include 'push-technology', 'webcasting' and 'Internet broadcasting' via 'channels'. It is "a data distribution model in which selected data is automatically delivered into the user's computer at prescribed intervals or based on some event that occurs" ( Iatek). A greatly hyped review in Kelly & Wolf (1997) generated this sceptical response.

Implementations of the push model include:

Push technologies are of course applicable to much more than marketing (in the same way that mail, fax, the telephone and email have multiple applications). Moreover, there is no doubt that some applications of push technologies will be highly valued, by consumers as well as by marketers. There are serious concerns among consumers, however, as to whether such services may harm the Internet as a whole, and be a vehicle for further impositions by marketers on consumers.

5.3 Dynamic Consumer Profiling

The practice of consumer profiling was identified earlier as a significant issue in consumer marketing. New possibilities are offered by Internet technology. Concerns exist among consumers that their Internet behaviour is capable of being monitored by marketers. This section provides brief overviews of such mechanisms.

(a) Self-Identifying Data

In order to receive information from a marketer, a consumer who initiates a communication must generally expose at least their email address and/or the IP-address of the workstation from which they send the request. There is considerable public concern about the use of such information for purposes unintended by the consumer.

Because of abuses of the capability by marketers, there is increasing use by consumers of mechanisms that deny the information. Clarke (1997l) provides treatments of email self-identification issues and responses and web self-identification issues and responses. See also Gunning (1997).

(b) Self-Identifying Personal Profile Data

A matter that will soon appear to be of even greater concern is the handling of data supplied by individuals to search-engines, customised news bulletins, auto-notification services (e.g. of changes to a nominated web-page), and other kinds of software agents. Together, these can provide a considerable insight into an individual's interests.

It is instructive to spend a short time observing a service like Voyeur, and reflecting on the fact that the majority of searches whose search-terms Voyeur extracts, are identified in such a manner that they can be related to an individual, and to other electronic data about the same person. As electronic commerce takes hold, and searches are increasingly performed in the process of purchasing goods and services, this data will become much more sensitive.

(c) Cookies

A cookie is a record that may be stored on a consumer's local hard-disk, and that records data about the web-sites that have been visited. On subsequent occasions that a user of that machine contacts the same web-site, that data is provided along with the request.

Cookies are a potentially valuable technical means of supporting relationships between consumers and marketers. Their first incarnation was, however, very poorly conceived, and highly threatening. Abuse of the capability has resulted in a great deal of concern among netizens, and countermeasures are being implemented by many consumers.

In Clarke (1997c), the technology and political economy of cookies are examined in depth, and recommendations provided as to how they can be used responsibly.

(d) Server-Driven Client-Side Processing

Cookies are a special and early instance of a broader phenomenon that can be usefully described as 'server-driven client-side processing'. Another example is attachments to email or web-page downloads that 'self-extract' and 'auto-execute' on arrival at the client. Three primary means whereby this can be achieved are the somewhat limited Javascript, powerful-but-moderately-controllable Java applets, and the inherently dangerous ActiveX.

Using such facilities, it is possible for a remote site to cause a client to do a variety of things, including:

There are many potentially very positive applications of these capabilities. Fundamentally, however, they involve the exercise by a remote server of power over a user's own equipment. This raises the issue of informed consent. There is great scepticism among those consumers who understand the technologies involved as to how and how much the capabilities will be abused by marketers.

6. Towards Effective Direct Marketing

Up to this point, this paper has been primarily a critique, and it could be readily interpreted as a tirade against the iniquities of direct marketing and direct marketers, without recognition of the role that marketing communications play in people's economic, and even social lives.

This document does not conclude that responsible direct marketing is impossible. Indeed, there are circumstances in which the use of even the most intrinsically intrusive channels may be warranted.

This section offers some proposals as to what rules should guide direct marketing.

6.1 Principles

The starting-point must be recognition that:

Clarke (1997c) enunciated a small set of basic principles for the responsible use of cookies. This section generalises them, in order to provide guidance for the responsible use of electronic channels in direct marketing. The principles are expressed in Exhibit 1.


Exhibit 1: Principles for Direct Marketing Using Electronic Channels

Privacy is a highly valued interest, but it is not absolute or exclusive. Circumstances arise in which marketing communications would be particularly costly in the absence of, for example, unsolicited communications. In such circumstances, some compromise to the privacy interest may be warranted.

To establish that an intrusive mechanism is justified, the test of 'reasonable consumer expectations' can be applied. An earlier section identified a series of dimensions along which direct marketing could be classified. 'Reasonable consumer expectations' cannot justify the most intrusive forms of direct marketing, which combine several of the more extreme problems. They might, however, reasonably justify, for example, unsolicited approaches by an unknown marketer, where the only data-sources used are those reasonably available to the marketer, the likelihood of the communication being of interest to the prospect is moderately high, and the likelihood of it being irritating is moderately low.

6.2 Practices

These principles need to be applied in the wide variety of settings reflected by the multiplicity of direct marketing channels, and the multiplicity of contexts in which they can be used.

A general guideline is that the principles will be satisfied only if marketers concentrate on making maximum use of consumer-pull, and finding ways to attract visits and re-visits by serious prospects. Marketer-push approaches need to be quarantined to situations in which the consumer has explicitly, or constructively implicitly, agreed to the establishment of a relationship; and even then it is important to remain close to the boundaries of that relationship, as it is perceived by the consumer.

There is a strong preference among consumers for 'opt-in' participation as the basis for relationships, not for the presumptive actions by marketers that constitute 'opt-out' mechanisms. Ineffectual 'opt-out' mechanisms like contemporary mail and telephone preference services are of little interest to activist consumers. Marketers need to focus on ways in which they can achieve effective, yet implicit consent as a basis for 'opt-in'. Given the similarity of the concept to prospect qualification, trial closure and even closure, this ought not be an undue challenge.

To the extent that 'opt-out' is implemented (and, as indicated in earlier sections, there will be some contexts in which it will be acceptable to consumers), effective implementation is essential (even where that is expensive for the marketer), including audit, recourse and sanctions for malperformance.

These foreground activities imply some additional tasks that responsible marketers will take, such as:

The argument pursued in this paper denies the legitimacy of many direct marketing techniques. It does not, however, entirely prevent marketers from promoting their goods and services using either conventional or electronic means.

In relation to conventional direct marketing, mail, telephone and fax can be appropriate tools for new episodes in established relationships, and indeed for occasional invitations to extend an existing relationship into new functions.

Note that privacy principles preclude a business unit from passing personal data to another business unit; but they do not preclude a business unit that already has a relationship with a person from contacting them on behalf of another business unit, to invite an enquiry. This applies especially if there is some relationship between the goods and services offered by the two business units. In some circumstances, the individual may perceive their relationship to be with the corporation as a whole, rather than an individual business unit. This is, however, fairly unusual, and should not to be assumed.

Another approach that is likely to gain acceptance among marketers is literally paying for that scarce and valuable commodity, consumer attention. Consumers who write their addresses on giveaway prize vouchers at exhibitions do not appear to be in any sense giving informed consent. But in relation to such pseudo-loyalty schemes as Fly-Buys, consumers have clearly demonstrated that they are prepared to accept remarkably small amounts of consideration in return for authority to use their personal data very freely.

In relation to electronic direct marketing, appropriate use of channels includes the following:

These techniques can be constructively aided by the creation of infrastructure to support interactions between marketers and prospects, including specialist e-lists, channels, hierarchical classification schemes and search-engines. There is also the scope to encourage the emergence of electronic consumer communities, supported by channels whereby marketers can communicate with them. One expression of this approach is in Hagel & Armstrong (1997), which this author briefly reviewed.

6.3 Intermediary Services

Americans are fervent in their strange belief that private sector mechanisms can address social as well as economic factors. This is used as a means of defending against the imposition of regulatory mechanisms that would have the effect of constraining the freedom of businesses to act however they like.

The desire to avoid regulation does, however, result in bursts of interesting ingenuity. One attempt currently being made to achieve some degree of trust between consumers and electronic commerce providers is TRUSTe. This involves a trademark, issued by TRUSTe, and displayed by participating organisations, which purports to give consumers confidence about the privacy practices of the organisations.

As a solution to the widespread abuses of electronic direct marketing, TRUSTe is doomed to failure. As an element in a complete regulatory regime, on the other hand, enabling government involvement and bureaucratic processes to be reduced, it has promise.

6.4 Privacy-Supportive Infrastructure

Another initiative has been conceived to extend existing infrastructure such that privacy interests are directly supported.

The World Wide Web Consortium (W3C)'s Platform for Privacy Preferences Project (P3P) is establishing standards that will:

Where a site's practices fall within the range of a user's preference, interaction will be 'seamless'; otherwise users will be notified of the site's practices and have the opportunity to accept them, attempt to negotiate, or avoid the site.

If P3P is implemented by relevant software suppliers, and its features are applied by users, and the fact of this use becomes apparent to low-privacy sites, the scheme would provide a positive reinforcement to marketers who declare themselves to be privacy-sensitive, and a negative disincentive to marketers who fail to declare themselves to be privacy-sensitive.

The remaining gap would be the lack of a mechanism for ensuring that privacy declarations by marketers are actually honoured.

6.5 Privacy-Enhancing Technologies (PETs)

Privacy advocates have conceived that technology could be applied not merely to provide some support for privacy protection, but even to in effect mandate it. A term for this which is in increasingly commonly usage is 'privacy enhancing technologies' or PETs. The term was used at least as early as August 1989, in RFC1114.

It is not clear that many technologies fully satisfy the requirements of a PET. Candidates include:

7. Regulation

This section examines approaches that are being adopted to bringing direct marketing practices back into line with consumer expectations.

7.1 Formal Regulation

This section addresses only the situation in Australia. With the exception of door-to-door selling, which is outside the scope of this document, there is only a very limited patchwork of law regulating direct marketing. There is no specific-purpose legislation, and statutes that regulate particular industries (e.g. telecommunications, banking and health insurance) generally establish only frameworks within which codes could be developed, or merely nominal protections.

Legislators and regulators have shown themselves to be unwilling or unable to focus meaningfully on the matter, and/or to be in thrall of the efficiency of corporate marketing machines. Two recent documents that pretend to address consumer needs are MCCA (1997) and OPCA (1998).

MCCA presents a 'model code of practice' relating to direct marketing (although the term 'direct marketing' was used only in the final published document, after the term 'distance marketing' had been used throughout the lengthy consultative process). For a review, see Gunning (1997). It is largely empty, and entirely toothless, and represents hardly any advance in the argument whatsoever, at least in respect of consumers' privacy interests. This may be unsurprising, given that the Australian Direct Marketing Association claimed that its existing code "formed the basis for the work" on the MCCA Model Code (Edwards 1997).

OPCA presents 'national principles for the fair handling of personal information' (although its scope was actually intended to be restricted to the private sector). It is the first step in a process that the Prime Minister wishes to result in a purely self-regulatory scheme. A process of consultation on how the principles might be implemented is intended to take place commencing in early-mid 1998. It is unclear whether this will have much impact on corporate practices.

The OPCA document is astonishing in the manner in which it actually legitimises several practices that are in conflict with mainstream privacy protection standards. It goes close to providing the first-ever carte blanche for direct marketing that any country in the world has ever offered. This provision is severely lacking in credibility.

It appears that timid legislators and regulators will not address the community's expectations of privacy regulation over private sector practices, including direct marketing, at least during the term of the current government.

7.2 Self-Regulation

It is possible that some industry associations, and some corporations independently of their associations, will implement at least some portions of voluntary codes, with at least some degree of effectiveness.

The Australian Direct Marketing Association has been warning its membership for some time that privacy regulatory action is impending, and its newsletters throughout 1997 featured successive instalments on the topic. It has committed to a review of its existing Standards of Practice.

There are doubts, however, about the extent to which this activity will result in changes in direct marketing practices that will satisfy consumers' needs. These doubts include:

In the United States, the focus during the last two years has been firmly on electronic channels. The DMA has produced a booklet containing 'Privacy Principles and Guidance' for Marketing Online (DMA 1997), and offers a range of practical advice at its web-site. This includes a specific 'Call to Arms' relating to a scan of sites being conducted by the Federal Trade Commission (FTC) in early 1998. This is a clear example of constructive behaviour by an association, based on the incentive to hold off regulation, and is accordingly mirrored below. There has to be considerable doubt about the survival of DMA's prioritisation of privacy beyond the span of attention of the FTC.

Any strategy that depends entirely on self-regulation is inherently inadequate. 'Good corporate citizens', and the industry associations that represent their interests, are motivated to do sufficient to prevent actual regulatory action, and, if they are successful, no more. There are few factors encouraging maverick competitors to be members of industry associations, or to comply with voluntary industry codes, especially a code administered by a cross-industry association like ADMA. Compliance with such codes costs at least some amount of time and effort, and hence there are disincentives against compliance. The greater the non-compliance by 'cowboys', the greater the disincentive to compliance by the other companies in the industry.

Self-regulation has an important role to play in a complete regulatory scheme, by establishing practical standards and mechanisms, and the efforts of DMA and ADMA are warmly welcomed by consumer and privacy advocates. It is essential, however, that a layer of statutory authority and process exist, to bolster the self-regulatory component, and bring each industry's cowboys to heel.

7.3 Consumer Direct Action

There are increasing levels of concerns about the privacy-invasiveness of direct marketing felt within the community generally, and especially within electronic communities.

Consumers are demonstrating that they are prepared to resort to direct action, and even political activism, in order to retaliate against unreasonable behaviour. Within conventional channels, for example:

In the context of electronic channels, there is an ongoing storm of protest against spam. This is accompanied by an increasing awareness of the dangers of cookies and of push-technologies.

There is, moreover, considerable scope for substantial change in the balance of power between marketers and consumers:

This last factor has a more positive aspect to it, because it may have the effect of re-establishing trust between consumers and marketers, albeit in a context in which the balance of market power has shifted.

8. Conclusions

Organisations that are in markets for the short term have no reason to take much account of people's privacy concerns. Corporate 'low-life' represents a problem for the community in this area, as in others.

Organisations that, on the other hand, seek to build and sustain brand-value, and which base their marketing strategies on ongoing relationships with retail customers, need to take great care in the way in which they approach direct marketing.

This paper has examined the privacy profile of direct marketing, and identified a wide range of forms that seriously breach the expectations of consumers, and mainstream privacy principles. It has discussed how legislators and regulators have failed to address, and are continuing to fail to address, consumers' concerns.

There is a prospect of serious backlash against marketers and marketing processes. This is particularly likely in the context of the new electronic channels, which some seers would have us believe are the next wild, unregulated and perhaps unregulatable frontierland.

Serious challenges confront financial services marketers. They will need to be very good, and in case they can't, they will need to be very careful.


This document has benefited greatly from the ongoing discussions on the link information infrastructure policy e-list, and from feedback and comments from a number of people, including (in alphabetical order) Robin Anson, Martin Bennett, Jason Catlett, Patrick Gunning, Ooi Chuin Nee and Robin Whittle. The evaluative comments are mine.

Appendix: The DMA 'Call to Arms' of Early 1998

Mirror of, extracted 8 February 1998

Industry Alert!!
The FTC will be looking at your Web site in March.
Does Your Company ...
Collect Information Online?
Generate Leads from Your Web Site?
Use E-mail to Communicate to Customers?

The Federal Trade Commission has told Congress it will do a formal survey of commercial Web sites in March 1998 to determine whether companies are posting Web site Privacy Policy Statements. Following this survey, the FTC will determine if adequate protections exist for consumers or whether regulation is necessary. Regulation of the Internet could stifle the growth of this exciting new marketing medium, restrict the use of information gathered online, and set a precedent for regulation in other media.

It is important that your company conspicuously post its Privacy Policy Statement on your Web site!

The DMA can supply you with the information and tools you need to help the industry prevent FTC regulation. We have developed a Web-based tool which will allow you to create and post a Privacy Policy Statement to your Web site in a matter of minutes. The tool gives marketers an "add water and stir" recipe for providing consumers with information on how data is gathered and used online.

In addition, The DMA's Marketing Online: Privacy Principles and Guidance provides marketers with information about disclosure of online information practices. Please take a moment to review these resources and use them to develop an Online Privacy Policy for your site.

Will your company pass the FTC's scrutiny?


Catlett J. (1998) 'The Privacy Arms Race', Proc. Spring Internet World, Los Angeles, 11 March 1998, at

Dixon T. (1995) 'Direct Marketing: Report on the Standing Committee of Officials of Consumer Affairs, Working Group on Direct Marketing Discussion Paper', (1995) 2 PLPR 57, March 1995, at

DMA (1997) 'Marketing Online: Privacy Principles and Guidance' Direct Marketing Association, New York, March 1997

DMA Web-Pages, at

Edwards R. (1997) 'Privacy in Direct Marketing' IIR Privacy Summit, Sydney, October 1997

EPIC (1996) 'Who Owns Personal Information? Anatomy of a Privacy Case', at

EPIC Web-Pages, at

Gunning P. (1997) 'Evaluating privacy for Internet users and service providers' Privacy Law & Policy Reporter 4, 4 (September 1997) 67-70

Hagel J. & Armstrong A.G. (1997) 'Net Gain' Harvard Business School Press, 1997

Kelly K. & Wolf G. (1997) 'PUSH! Kiss your browser goodbye: The radical future of media beyond the Web', Wired 5.03 (March 1997), at

MCCA (1997) 'Direct Marketing: Model Code of Practice' Ministerial Council on Consumer Affairs, November 1997, at

OPCA (1998) 'National Principles for the Fair Handling of Personal Information' Office of the Privacy Commission, Australia, February 1998. The OPCA publications page is at

Whittle R. (1997) 'Telemarketing and other intrusive marketing approaches', at

Relevant Articles by the Author

Clarke R. (1998) 'Beyond 'Fair Information Practices: A New Paradigm for 21st-Century Privacy Protection', Draft of January 1998, at

Clarke R. (1997o) 'Smart Move by the Smart Card Industry - Part II', Privacy Law & Policy Reporter 4, 5 (October 1997), pp.97-98 at

Clarke R. (1997n) 'Information Systems Audit & Information Privacy', October 1997, at

Clarke R. (1997m) 'Privacy Advocates and the Privacy Commissioner's Discussion Paper of August 1997 Regarding (Self-)Regulation of the Private Sector', October 1997, at

Clarke R. (1997l) 'Privacy On the Internet: Threats, Countermeasures and Policy' IBC 1997 Australian Privacy Forum, Sydney, 21-22 October 1997, at

Clarke R. (1997k) 'Chip-Based ID: Promise and Peril', for the International Conference on Privacy, Montreal (September 1997), at

Clarke R. (1997j) 'Introduction and Definitions' (August 1997), at

Clarke R. (1997i) 'Promises and Threats in Electronic Commerce '(August 1997), at

Clarke R. (1997h) 'Public Interests on the Electronic Frontier', Invited Address to IT Security '97, 14 & 15 August 1997, Rydges Canberra (August 1997),

Clarke R. (1997g) 'Privacy and Public Registers', Proc. IIR Conference on Data Protection and Privacy, Boulevard Hotel, Sydney, 12-13 May 1997, at

Clarke R. (1997f) 'Customer Profiling and Privacy: Implications for the Finance Industry', AIC Conference on Customer Profiling for Financial Services, Sydney (May 1997),

Clarke R. (1997e) 'Privacy and E-Lists' (May 1997), at

Greenleaf G.W. and Clarke R. (1997) Privacy Implications of Digital Signatures, IBC Conference on Digital Signatures, Sydney (March 1997), at

Clarke R. (1997d) 'Flaws in the Glass; Gashes in the Fabric: Deficiencies in the Australian Privacy-Protective Regime' Invited Address to Symposium on 'The New Privacy Laws', Queen Victoria Ballroom, George St, Sydney, 19 February 1997 , at

Clarke R. (1997c) 'Cookies' February 1977, at

Clarke R. (1997b) 'Spam' February 1977, at

Clarke R. (1997a) 'What Do People Really Think? MasterCard's Survey of the Australian Public's Attitudes to Privacy' Privacy Law & Policy Report 3,9 (January 1997) , at

Clarke R. (1996i) 'Identification, Anonymity and Pseudonymity in Consumer Transactions: A Vital Systems Design and Public Policy Issue', Conference on 'Smart Cards: The Issues', Sydney, 18 October 1996, at

Clarke R. (1996h) 'Issues in Technology-Based Consumer Transactions', Proc. Conf. Society of Consumer Affairs Professionals (SOCAP), Melbourne, 26 September 1996, at

Clarke R. (1996g) 'The Information Infrastructure is a Super Eye-Way', a Book Review of Simon Davies book 'Monitor', Privacy Law & Policy Reporter 3, 5 (August 1996), at

Clarke R. (1996f) 'Privacy Issues in Smart Card Applications in the Retail Financial Sector', in 'Smart Cards and the Future of Your Money', Australian Commission for the Future, June 1996, pp.157-184. At

Clarke R. (1996e) 'Trails in the Sand' (May 1996), at

Clarke R. (1996d) 'Privacy, Dataveillance, Organisational Strategy' (the original version was a Keynote Address for the I.S. Audit & Control Association Conf. (EDPAC'96), Perth, 28 May 1996). At

Clarke R. (1996c) 'Cryptography in Plain Text', published in Privacy Law & Policy Reporter 3, 4 (May 1996). At

Clarke R. (1996b) 'Crypto-Confusion: Mutual Non-Comprehension Threatens Exploitation of the GII' Privacy Law & Policy Reporter 3, 4 (May 1996). At

Clarke R. (1996a) 'Smart move by the smart card industry: The Smart Card Industry's Code of Conduct' Privacy Law & Policy Reporter 2, 10 (January 1996) 189-191, 195. At

Clarke R. (1995d) 'When Do They Need to Know 'Whodunnit?': The Justification for Transaction Identification; The Scope for Transaction Anonymity and Pseudonymity' Proc. Conf. Computers, Freedom & Privacy, San Francisco, 31 March 1995. At Revised version published as 'Transaction Anonymity and Pseudonymity' Privacy Law & Policy Reporter 2, 5 (June/July 1995) 88-90

Clarke R. (1995c) 'Clients First or Clients Last? The Commonwealth Government's IT Review' Privacy Law & Policy Reporter 2, 4 (April / May 1995). At

Clarke R. (1995b) 'Computer Matching by Government Agencies: The Failure of Cost/Benefit Analysis as a Control Mechanism' Informatization and the Public Sector (March 1995). At

Clarke R. (1995a) 'A Normative Regulatory Framework for Computer Matching' Journal of Computer and Information Law XIII,4 (Summer 1995) 585-633, at

Clarke R. (1994f) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Info. Technology & People 7,4 (December 1994). At

Clarke R. (1994e) 'Dataveillance by Governments: The Technique of Computer Matching' Information Technology & People 7,2 (December 1994). Abstract at

Clarke R. (1994d) 'Information Technology: Weapon of Authoritarianism or Tool of Democracy?' Proc. World Congress, Int'l Fed. of Info. Processing, Hamburg, September 1994. At

Clarke R. (1994c) 'The Digital Persona and Its Application to Data Surveillance' The Information Society 10,2 (June 1994). At

Clarke R. (1994b) 'The Eras of Dataveillance' (March 1994). At

Clarke R. (1994a) 'Dataveillance: Delivering 1984' Chapter in Green L. & Guinery R. (Eds.) 'Framing Technology: Society, Choice and Change' Allen & Unwin, Sydney, 1994. At

Clarke R. (1993e) 'Profiling: A Hidden Challenge to the Regulation of Dataveillance' Int'l J. L. & Inf. Sc. 4,2 (December 1993). At A shorter version was published as 'Profiling and Its Privacy Implications' Australasian Privacy Law & Policy Reporter 1,6 (November 1994). At

Clarke R. (1993d) 'Matches Played Under Rafferty's Rules: The Parallel Data Matching Program Is Not Only Privacy-Invasive But Economically Unjustifiable As Well' Working Paper (Nov 1993). At Versions published in Privacy Law & Policy Reporter 1,1 (February 1994), and in Policy (Autumn 1994)

Clarke R. (1993c) 'Best Practice Guidelines for Controls Over the Security of Personal Data', for the Australian National Audit Office (September 1993)

Clarke R. (1993b) 'A 'Future Trace' on Dataveillance: Trends in the Anti-Utopia / Science Fiction Genre' (March 1993) At

Clarke R. (1993a) 'Why the Public Is Scared of the Public Sector' (February 1993), at

Clarke R. (1992c) 'Keeping Confidential Information on a Database with Multiple Points of Access: Technological and Organisational Measures' Seminar on Unauthorised Release of Government Information, N.S.W. Independent Commission Against Corruption, Sydney, 12 October 1992. Republished as 'Privacy Needs More Than Good Intentions' in Prof'l Comp. (November 1992). At

Clarke R. (1992b) 'LEAN Times Ahead: The Proposed Law Enforcement Access Network' Policy 7,6 (Winter 1992). At

Clarke R. (1992a) 'The Resistible Rise of the Australian National Personal Data System' Software L. J. 5,1 (January 1992). At

Clarke R. (1991) 'The Tax File Number Scheme: A Case Study of Political Assurances and Function Creep' Policy 7,4 (Summer 1991). At

Clarke R. (1989b) 'The Privacy Act 1988 as an Implementation of the OECD Data Protection Guidelines', 66 pp. (June 1989). At

Clarke R. (1989a) 'The OECD Data Protection Guidelines: A Template for Evaluating Information Privacy Law and Proposals for Information Privacy Law' Working Paper (25pp.) (October 1989). At

Clarke R. (1988) 'Information Technology and Dataveillance' Comm. ACM 31,5 (May 1988) Re-published in C. Dunlop and R. Kling (Eds.), 'Controversies in Computing', Academic Press, 1991. Abstract and figures at

Clarke R. (1987) 'Just Another Piece of Plastic for Your Wallet: The Australia Card' Prometheus 5,1 June 1987 Republished in Computers & Society 18,1 (January 1988), with an Addendum in Computers & Society 18,3 (July 1988). At

xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021.

Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 7 February 1998 - Last Amended: 23 February 1998 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2022   -    Privacy Policy