After announcing to no longer focus on innovations for their email client, Mozilla now released Thunderbird 15. The last major one comes with a new privacy feature that could possibly have a huge impact on the email industry: Do Not Track for email. That means, the user shall be empowered to opt-out of tracking his user behavior (opens, clicks, …) by ticking a checkbox ‘Tell web sites I do not want to be tracked’ in the ‘Security > Web Content’ menu.
Developer Sid Stamm, who had the idea, talked about his Thunderbird patch and why “Do Not Track is for email too” in the Mozilla blog a while ago. As it seems, Thunderbird will start notifying advertisers and email service providers by adding the DNT header to all outgoing HTTP requests as soon, as it has been activated by the user. That would of course be useless, if no advertiser or email service provider honors the DNT request in future emails. So Stamm talks about the next steps:
Building Do Not Track into Thunderbird is just the first step. Next we will work with email marketing software providers to honor the DNT request. We’re reaching out to email industry leaders and introducing them to DNT and will keep you updated on what happens.
(emphasis by me)
One of the big advantages of email marketing (define) is to allow marketers a personalized communication with their prospects and customers along the customer lifecycle. Individual content drives relevance, but it requires personal data. So email relevance and privacy are within a field of tension.
What type of data do we have? There’s data that users gave marketers explicitly, e.g. entering ‘salutation’ when signing up. Then there’s also implicit data, like opens and clicks on certain links. Marketers (should) use these information to segment and build target groups – e.g. to retarget or reactivate non-clickers. The problem is: (re-)targeting requires the click and open data to be directly or indirectly (i.e. pseudonymized via IDs) linked to specific email addresses (= count the click for an email address or for an ID). Of course they would also have a value if they weren’t linked to email addresses but completely anonymized (= just count a click generally). Marketers could still do aggregated success analysis for their campaigns. But the real value of these data comes from their contribution to profiling recipients (“person A often clicks on links from category B, so let’s put B-offers upfront in future mails”). Do Not Track for email could cut off such implicit profiling data.
(As a side note: In Germany we got strict privacy laws – see e.g. my double opt-in post. Many lawyers agree that marketers need to get a second prior consent into profiling – beside the usual mandatory opt-in. However, there’s no jurisdiction, yet; advertisers that got a profiling consent can be counted at one hand. A second option would be to inform about profiling, to pseudonymize data, and to provide a prior possibility to opt-out from it. The problem here would be that once pseudonymized data automatically gets personal again when sending out targeted emails. This is because the user profile has to be linked to an email address again technically to send out it. But that’s forbidden by law. It’s a difficult field.)
What matters most to me is that until now, email marketing seemed to be quite outside of the line of fire when debating web privacy. The discussion mainly focused around opting out of massive web tracking. With Thunderbird 15, Mozilla may have brought the email topic onto the agenda of data protectionists. I personally doubt it will take off. But…what do you think – will other email clients follow Thunderbird and also implement a Do Not Track option for their users? Will email service providers honor DNT headers?