We are operating a large scale e-mail newsletter compliance monitoring platform where we automatically assess legal compliance of marketing e-mails that central European businesses send to their customers.
The e-mail newsletters are checked for legal compliance, e.g. if a possibility for deregistration is present in the newsletter, or if the business provides required information (information duty). The tool detects if user privacy regulations are followed, i.e. no data is given to unauthorized third parties. In addition, applied tracking techniques are extracted and used external e-mail marketing services are identified.
What do we check?
- Legal compliance (e.g. TKG, ECG, FAGG).
- Data breaches
- Sharing of personal data with third parties
Since June 2016, we received 16233 e-mails from 386 Austrian organisations. Analysis of incoming e-mails showed that 6.0% of the organisations do not comply with the required information duty. 3.0% do not provide a link for deregistration in the e-mail and 88.0% use e-mail tracking techniques. 68.0% of the organisations use the services of an external e-mail marketing provider, where 21.4% of the organisations use service providers with servers outside of the EU.
Data breaches observed and sensible disclosure
Once we detect a data breach, we reach out to the affected business. Below is the log of businesses we informed about a data breach - and whether they reacted or not.
|Contacted||Type of business||Reacted||Note|
|2017-05-18||Financial services||Yes (2017-05-18)||Found and fixed bug in CRM|
Mitterdorfer, M., Sillaber, C., and Gamper, L. (2017). Automatisierte compliance-checks am beispiel kommerzieller e-mail-newsletter. In Schweighofer, E., Kummer, F., Hötzendorfer, W., and Sorge, C., editors, Internationales Rechtsinformatik Symposium IRIS 2017, pages 643–651. OCG. [LexiNexis Top 10-Paper Award].
Mitterdorfer, M. (2017). E-mail Newsletter Mining for legal compliance, Master’s thesis.