If you were one of the millions of people who signed up with Unrollme to cut down on spammy emails from outfits you once bought a product from, we have some bad news for you: it was storing and selling your data.
On Tuesday, America's Federal Trade Commission finalized a settlement [PDF] with the New York City company, noting that it had deceived netizens when it promised not to “touch” people’s emails when they gave it permission to unsubscribe from, block, or otherwise get rid of marketing mailings they didn’t want.
It did touch them. In fact, it grabbed copies of e-receipts sent to customers after they’d bought something - often including someone’s name and physical address - and provided them to its parent company, Slice Technologies. Slice then used the information to compile reports that it sold to the very businesses people were trying to escape from.
Huge numbers of people signed up with Unrollme as a quick and easy way to cut down on the endless emails consumers get sent when they either buy something on the web, or provide their email address in-store or online. It can be time-consuming and tedious to click “unsubscribe” on emails as they come into your inbox, so Unrollme combined them in a single daily report with the ability to easily remove emails. This required granting Unrollme access to your inbox.
As the adage goes, if a product is free, you are the product. And so it was with Unrollme, which scooped up all that delicious data from people's emails, and provided it to Slice, which was then stored and compiled into market research analytics products that it sold.
And before you get all told-you-so and free-market about it, consider this: Unrollme knew that a significant number of potential customers would drop out of the sign-up process as soon as they were informed that the company would require access to their email account, and so it wooed them by making a series of comforting statements about how it wouldn’t actually do anything with that access.
Here’s one: “You need to authorize us to access your emails. Don’t worry, this is just to watch for those pesky newsletters, we’ll never touch your personal stuff.”
Here’s another: “Oops! Looks like you declined access. Unroll.Me requires access to your inbox so we can scan for subscriptions and allow you to begin clearing out your inbox.”
You’ll note that in neither case did Unrollme provide the true picture which would have sounded something like: “You need to authorize us to access your emails because we fund this service by grabbing and storing your personal details and then compile them and sell them to whoever will pay us.”
AT&T: We did nothing wrong in promising unlimited data that wasn't. We're just giving the FTC $60m for funREAD MORE
Call it the Google and Facebook defense: we don’t sell your personal data, we just do everything in our power to gather as much information as we can about you and then combine your data with others’ and sell it.
This is, of course, not illegal. But organizations are supposed to let you know what they are doing with your data, rather than actively mislead you. And so the FTC decided back in August to make an example of it.
This being the FTC, America’s toothless watchdog, Unrollme doesn’t actually have to admit any wrongdoing. It will instead be obliged to ask customers for their permission to store the information it has gathered on them, and to delete that data if they don’t grant permission. And it will have to tell those that saw the misleading messages what it actually does with their data. But no fines or anything painful.
We note that earlier this year, Unrollme added a page to its website explaining what it does with your message data: "We are not interested in your personal emails. Our algorithms and processes are designed to focus on commercial and transactional emails."
Sure. Nothing sensitive in those.
So, that's that. It’s business as usual, and Unrollme doesn’t have to pay a fine or even admit it wiped its feet on user trust. A win for everyone! ®