Latest Legal and Regulations content from Econsultancy

Walgreens launches new Foursquare and Twitter campaign

2012-02-08T23:50:00+00:00

This type of tweet is perfect if the person who checked in was looking for cold products. It is the flu season after all. For those who get it, and don't need Halls, they may disregard or unfollow. Those who are fervent about true engagement may dislike this approach. The only worry may be for those looking to follow Walgreens as they may be turned off if they stumble upon the Twitter feed.

As you can see from Walgreens Twitter page, it has been overtaken by two versions of an ad for Halls Warm-ups cough drops.

Twitter hides @ replies unless you follow both parties. So if you follow Walgreens, you won't see these replies in your stream unless you have that option set on Tweetdeck or are on Walgreen's page itself. For most, they'd never see the multiple tweets above.

Adam Kmiec, Walgreens director of social media, felt confident that this was a program worth implementing.

Our social media strategy is built around being real time, local, innovating and providing value. Over the past year we’ve continued to pilot several Social-Local initiatives. From cause related programs like our Flu Shot donation initiative that leveraged check-ins on foursquare to seasonal tips to this most recent initiative with Local Response, we’re constantly innovating, testing and learning.

The Local Response program was based on insights that were mined from our social monitoring and analysis platforms and a desire to learn more about the opportunities in the local-social space.

Michael Muse, Co-Founder and VP of Product & Operations for LocalReponse, had reservations at first about this type of approach on Twitter but it sooned changed as his company tested its model.

For local businesses, they have a very different voice then nationals so it works for them and can be quite personal. What's interesting is that over time is that we looked at bigger brands and thought this could work for them if it was done right.

So we customise for clients. The first step is you can't reply to people not talking to you. If the client wants to reach out to people who are shopping for certain things or only on Tuesdays, we cater to that. There is a selection bias and it focuses on people who are interested and engaged.

Every single campaign we've run has less than 2% opt-out rate. Also we provide frequency caps, rate limits, and a 2 level opt out to better serve users who do not wish to receive replies to their check-ins. No one receives more than one tweet per day from companies on the platform, one tweet per week from the same campaign and no more than one tweet a month from an advertiser.

It's all about experimenting. Advisors Muse met with told him this happens in every medium. There are potential pitfalls, you develop best practise and then you have specific guidelines you can follow.

LocalResponse has its own guidelines companies have to meet to use their service. As Muse outlines

If a campaign's goals in targeting do not meet all of our guidelines for context, we offer another product that can go broader: retargeting with banner ads as an alternative to response. This allows for broader targeting, but with banners instead of responses. The majority of our clients use this product, often in conjunction with the response product.

It is refreshing to see Walgreens take a chance on a start up in conjunction with a large social media campaign. Not many large companies do.

With no background on how this campaign is being run, the efforts could be misconstrued or seen as “spammy”. By taking the whole picture into account, this may be another way brands can reach the customers interested in them.

It will be interesting to see the results of this campaign, and if they are as successful as the other campaigns run by LocalResponse so far, it may be one we may be seeing a lot of.

The Four Seasons site is beautiful, but not for disabled users

2012-02-08T14:20:00+00:00

Presumably the target audience ('every user' according to Four Seasons) should include those with disabilities who may have to adjust the presentation (such as increasing the font size) or use assistive technology such as screen readers or switches.

Indeed, as outlined recently in another area of the travel sector, sites that fail to do this can not only lose revenues and suffer PR damage but also be at the wrong end of a legal action.

Although not a comprehensive accessibility check alone, simple audit tools such as WAVE 3.0 and the Accessibility Toolbar can quickly reveal some of the main problems, and we have included some images to show this.

The main accessibility issues uncovered can be summarised as follows:-

Inaccessible functions for keyboard users.
Poor colour contrast.
New windows opening without warning.
Missing/inappropriate alt text.
Inaccessible forms/poor error reporting.

We take a look at a few of these below.

Alternative text on images

Assistive technologies such as screen readers are very clever, but they cannot interpret images on their own.

The most basic accessibility requirement is to provide alternative text (ALT text) on all images and similar content to allow them to be interpreted by the screen reader.

The site makes three main mistakes in this area:

1. Alt text is missing entirely on many images especially on pages describing the hotels.

Many images that should have descriptive alternative text have only a null Alt text which will not describe the image.

For instance, the screen reader user could benefit from knowing that this is a picture of two golfers walking (and there are many other similar examples).

For some images where they have provided a descriptive Alt text, it is inappropriate.

On a page about meetings, an image shows catering for a meeting and has the unhelpful Alt text of “Accommodation image”.

Furthermore this same Alt text was used repeatedly on pages within the site, potentially causing more confusion for screen reader users who may think they are seeing the same image in multiple locations across the site.

On a more serious note, this suggests that the underlying coding is being lazily copied and pasted without due care and attention.

Giving warning of opening new pages

As shown in the image below from an accessibility checking tool, many links opening new windows do not provide any indication of this.

It also shows another missing Alt text:

For visually disabled users with screen readers the unannounced opening up of new browsers or tabs can be very confusing.

They may be unable to see that a new browser has opened, and may wish to return to the previous page. However, the back button will not work since there is no browser history to return to.

Most accessible sites either avoid opening new browser windows unless absolutely necessary, or they indicate appropriately that a new window will open.

Inaccessible navigation from assumed use of mouse interaction

No doubt the designers of the site use a mouse but they should not assume that all users of the site can. Keyboard navigation is difficult or impossible in many places, blocking these users from the main site content.

Currently these issues make the site unusable by both keyboard and users of screen readers or other assistive technologies which mimic keyboards.

This begins on the homepage, where maps indicating world regions are not accessible by keyboard users, but are only if they are clicked on.

When using keyboard navigation many of the link destinations are unclear (for example - http://www.fourseasons.com/# ) making it hard for users to choose which links to follow.

When tabbing through a page, there is no visual change of style to indicate which link has keyboard focus. Therefore such users have poor indication of their location on the page, removing important feedback.

Also there is no “skip to content” link near the start of the page navigation which is very helpful to allow non-mouse users to move immediately to the page content. Instead they need to tab through (or listen to) the standard set of navigation at the top of each page.

Perhaps most importantly for the business and conversions, the booking engine is not accessible to keyboard users.

The booking engine often appears as a pop-up window, and the keyboard tab sequence takes the user back to the underlying page, or worse they trap the user within the booking engine, neither allowing them to complete a booking nor navigate back to the underlying page.

Screen reader users would have no awareness of this making this feature unusable to them.

There are several other accessibility barriers in the site including colour contrast issues and the presentation of error messages and mandatory fields on the booking forms.

Conclusion

Surprisingly for such a large brand aiming to serve the needs of every customer with their new site, Four Seasons does not seem to have considered web accessibility during the design.

The site has issues with all of the four POUR principles of the WCAG 2.0 guidelines (Perceivable, Operable, Understandable and Robust). Indeed, Four Seasons does not even include an accessibility statement on the site to describe measures they have taken to address web accessibility and how to use the relevant accessibility features.

Some of the issues such as missing Alt text are relatively easy to fix post-launch, but many others that are integrated with the navigation and interaction design will be more difficult.

Hopefully, Four Seasons will be prioritising these shortcomings for future revisions to the site and genuinely make its online services accessible to every user.

Special thanks to my colleague Jamie Sands who led the accessibility review of the site.

Path caught storing users' unencrypted data

2012-02-08T00:53:00+00:00

Path is a 16 month old social network that acts as a personal journal and allows you to share photo, video, music, people, places, and text to a select network of 150 people. Since version 2 was released, Path has surged to just over 2 million users.

In the last few hours since Thampi posted his discovery online, Path users have been up in arms. They were never asked permission for Path to access their address book. The bigger worry? Though with most apps collected data is encrypted, it appears Path is storing the actual information so all of your contacts are now online.

Dave Morin, Co-Founder and CEO of Path, was quick to respond in the comments of Thampi's post.

We believe that this type of friend finding & matching is important to the industry and that it is important that users clearly understand it, so we proactively rolled out an opt-in for this on our Android client a few weeks ago and are rolling out the opt-in for this in 2.0.6 of our iOS Client, pending App Store approval.

When asked why an opt-in for them to collect your data wasn't included from the very beginning, Morin responded that it was industry best practice.

The App Store guidelines do not specifically discuss contact information. However we believe users need further transparency on how this works, so we've been proactively addressing this...We fundamentally believe that you as a user should always have control over your information and data and you can always email our service team and we will remove anything you'd like from our servers.

It is good to see such openness in response but it's a naive one. Apple's app store guidelines states "Apps cannot transmit data about a user without obtaining the user's prior permission." To further believe that this will all be solved in the reply section of a blog means thousands of people's details may continue to be collected before the new app roles out. The only cravat is you can email Path on service@path.com and have your data (as well as your entire account) deleted.

Path may have always been a bit tricky when it comes to 'contacts.' The last version's UX made Facebook friends look like they were on Path so you would share. If this latest finding is any indication, they weren't and ghost profiles may have been created when you signed up.

Users have already been requesting their accounts to be deleted and data purged with proof but have yet to have a reply.

Ilicco Elia, Head of Mobile at LBi, doesn't think this is good enough.

I think they should delete all the data immediately but they will try to play it down. I shouldn't have to email to ask them to delete data they took without my knowledge.

I can understand companies innocently trying to make things easy for users, but what would happen if they were hacked and someone got access to my complete address book. People store personal notes in there.

I read "they are planning to hash the data" i.e. encrypt it which leads me to believe it is currently unencrypted on their server. And that to me is unacceptable. On my phone my information is protected behind a pin. On their server it is not.

Google’s use of private data has been under scrutiny in the US for years and Facebook, with their "run fast and break things" model, has equally played fast and loose with users data. But both have been brought to task in the past and the US and Europe is already looking to tighten laws around tracking users online. With such big players being called out over privacy issues, why did Path not protect itself and its users from this?

With the rise of mobile and m-commerce, what are the lessons for marketers and developers when considering future projects?

"Just because you know that you wouldn't 'do anything bad' with the data doesn't mean you are free to use it," continued Elia. "And if you must store my data on your server it had better be securely stored & encrypted because no matter how slowly you drive your car, there are always other people on the road who are reckless drivers i.e. you could get hacked and lose my info, through no fault of my own."

What do you think Path should do? Will they lose their growing user base due to this gaff so early in the game?

We have emailed Path with further questions but are still waiting for a reply or an official press release. Perhaps they are too busy deleting accounts.

UPDATE: Dave Morin has released an official apology and Path have deleted all the stored data they held. The updated apps are rolling out so you can opt-in (or out) of sharing your details.

*This image is entirely from the imagination of Kosso K

In the wake of MegaUpload, another file sharing service bites the dust

2012-02-06T22:23:13+00:00

Some, like RapidShare, are fighting behind the scenes to protect their interests. But others are deciding to call it a day.

Take, for instance, BTJunkie, a popular BitTorrent search engine -- the third largest of its kind according to Compete.com. A message posted on the BTJunkie website today reads:

This is the end of the line my friends. The decision does not come easy, but we’ve decided to voluntarily shut down. We’ve been fighting for years for your right to communicate, but it’s time to move on. It’s been an experience of a lifetime, we wish you all the best!

According to GigaOm's Bobbie Johnson, BTJunkie wasn't the target of any legal action -- at least not yet. But it would appear that the takedown of MegaUpload was enough to convince BTJunkie's operators that it was time to move on.

In light of the operation to shutter MegaUpload, numerous observers have pointed out that SOPA doesn't appear necessary. After all, the absence of a SOPA-like law certainly didn't prevent the authorities from going after MegaUpload, so do they really need more power than they already have?

Assuming the case against MegaUpload doesn't crumble, the fact that similar services are deciding to close up shop certainly provides some evidence that enforcement of existing laws may be enough to thwart commercial piracy operations.

Some, of course, question whether the case against MegaUpload is proper, even though the criminal history of the service's founder is well-established and there's every indication that the persons involved believed they were committing crimes. But if we don't want onerous legislation that treats every internet user as a criminal, enforcement of existing law would seem to be the best outcome.

From this perspective, while there are legitimate concerns about silencing effects, the internet community should think twice before it laments too strongly the shuttering of services whose operators clearly questioned their own legitimacy the moment they believed the law was being enforced.

Google fined £415k in France for providing a free mapping tool

2012-02-03T14:37:56+00:00

Google France and its parent company Google Inc. must now pay €500,000 in damages and interest to the French mapping company, plus a €15,000 fine.

A Paris court upheld a claim that Google’s strategy is to undercut competitors by temporarily swallowing the full cost of its maps service until it gains control of the market.

The lawyer for Bottin Cartographes, Jean-David Scemmama told AFP:

We proved the illegality of (Google's) strategy to remove its competitors... the court recognised the unfair and abusive character of the methods used and allocated Bottin Cartographes all it claimed.”

It is believed to be the first time Google has been convicted for its Google Maps application, which is now the most-used feature on Android phones behind voice and text.

Google France said it plans to appeal the decision and remains committed to providing a free mapping tool.

It seems astonishing that Google could be convicted for providing a free service – surely the same accusations could be levelled at Hotmail, Skype or any one of hundreds of free online services.

And the implicit suggestion is that Google will begin charging for its maps once it has crushed the competition.

In December Google’s VP of product management Marissa Mayer confirmed that it was looking to monetise its maps through check-ins and vouchers.

The company does have previous in France though – last year it was fined €100,000 for collecting private information while compiling its Street View service.

As Google keeps getting bigger and rolling out more services, it seems inevitable that it will end up in court again fighting further anti-competition or privacy charges.

ASA forces TripAdvisor to stop claiming its reviews are 'trusted'

2012-02-01T10:42:44+00:00

Kwikchex and its partners accused TripAdvisor of misleading travellers, since it couldn't prove that its 50m plus reviews were genuine. The ASA then said that not all of the reviews on TripAdvisor were written by real travellers, and accused the firm of not verifying who had written them.

The ASA’s latest warning says that:

Because we considered that the claims implied that consumers could be assured that all review content on the TripAdvisor site was genuine, when we understood that might not be the case, we concluded that the claims were misleading."

It also confirmed that:

We told TripAdvisor not to claim or imply that all the reviews that appeared on the website were from real travellers, or were honest, real or trusted."

TripAdvisor responded by saying that the ASA was “out of touch with real people” and said that this has no material impact on its business. It also added that reviewers were asked to sign a declaration that their review was genuine and honest.

The site said it uses "advanced and highly effective" fraud detection systems and dedicated substantial resources to identifying and minimising any non-genuine content. But it added that it was "not practical" for them to screen each review manually before it was posted.

However, though the ASA has recognised the points above, it said it was still possible that "non-genuine" reviews could appear on the site undetected and that users might not be able to spot them.

ASA spokesman Matthew Wilson told the BBC:

This should be regarded as a benchmark ruling which applies to all web sites which make claims about the reliability of their user-created content."

TripAdvisor in turn said that the complaint made last September was not from members of the public but by an online reputation company with an “obvious commercial interest in undermining people’s confidence in user-generated review platforms”.

So, this latest turn in TripAdvisor’s rocky relationship with the ASA leaves them making minor changes to the wording used on the site.

Will it make any difference to how people use it? Unlikely. Will it prevent hotels and the like having their businesses ruined by suspect ‘reviewers’ – definitely not.

Could after-hours email restrictions hurt email marketers?

2012-02-01T10:15:00+00:00

In short, one of the most attractive features of smart phones (24/7 connectivity and communication) is one of its greatest downsides. Information overload is a real threat, and employees are, in many cases, effectively always on the job.

Thanks to legislation signed into law last month, smart phones could now put employers in Brazil in a tough spot. As reported by Mobiledia, the "legislation in Brazil asserts company e-mails to workers equal direct orders from employers [and] labor attorneys say this makes it possible for workers answering e-mails after hours to ask for overtime pay."

That, obviously, is probably not music to the ears of company executives and human resources departments, and it's not an issue limited to Brazil. As Mobiledia notes, companies like Deutsche Telekom are trying to cut back on after-hours communication, and some, like Volkswagen, are going so far as to turn off email for employees entirely after the work day is done.

If more companies change their email policies in a similar fashion, it could have profound implications for email marketers. As ExactTarget's RJ Talyor observes, B2B marketers could see lower engagement for emails sent during non-work hours, while B2C marketers could see lower engagement for emails sent during working hours. For consumers who opt to have a work smart phone and a person smart phone, email marketers could find themselves grappling with a "context" problem.

In the end, to maintain successful campaigns that convert, email marketers may have to get much more sophisticated about segmenting work versus non-work emails, and spend more time evaluating ideal timing for delivery based on this segmentation. In some cases, Taylor suggests, hitting an individual with a message may require a non-email solution.

Savvy email marketers could of course deal with this, and they already look closely at segmentation and timing, but having less flexibility due to employer-imposed restrictions on employee email use would certainly make email marketing more 'interesting' for many companies.

Angry Birds maker doesn't sweat piracy

2012-01-30T18:11:34+00:00

Speaking at Middem in Cannes today, Mikael Hed, Rovio's CEO, revealed that he doesn't spend much time worrying about piracy.

As reported by TheNextWeb, Hed told the crowd, "We can learn a lot from the terrible way the music industry dealt with piracy. It would be futile to tackle it all." He added, "If we have failed to make our legitimate products the easiest thing to buy, it’s almost our fault that we get pirated."

One of the reasons Hed isn't worried about piracy of his company's apps is that increasingly, they're channels for getting consumers interested in other products, such as Angry Birds merchandise.

Merchandise, of course, isn't immune to piracy, and Rovio does have issues with manufacturers who are producing unauthorized merchandise. But even then, Rovio thinks the pirates are helping promote its brand doesn't act -- "so long as the product is well made."

Smart move, or short-sighted? Time will tell. As TheNextWeb's Martin Bryant notes, companies paying for licenses so that they can legally manufacture Rovio-branded merchandise might not be so amused. After all, those high-quality knockoffs are a real threat to their businesses, and at some point, the pirates could make licensing from Rovio less attractive.

That, obviously, isn't the case yet, which highlights an important point: piracy is often perceived a lot less of a problem when your business or industry is young and growing. When it matures, however, and every cent matters, it becomes less amusing. Obviously, that doesn't excuse Hollywood's behavior, but we shouldn't be surprised to see companies that are taking a more relaxed stance today toughen their positions in a few years when new sources of growth are harder to find.

Google, Facebook, PayPal and Microsoft join forces to fight phishing

2012-01-30T17:15:00+00:00

“Email has changed the way the world communicates. But many of the attributes that have made it great – it’s openness, it’s interoperability – have also made it vulnerable to malicious activity. The beauty of DMARC is that it attempts to address the security threats to the email ecosystem without impacting its utility as a communication channel,” said Matt Blumberg, CEO of Return Path, a leading email certification company. “Fast, widespread adoption of DMARC will make a significant dent in scammers ability to perpetuate crime through email.”

According to a report from the Anti-Phishing Working Group (APWG), more than 300 brands are hijacked by phishers every month.

"Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the Internet as a whole," said Brett McDowell, Chair of DMARC.org and Senior Manager of Customer Security Initiatives at PayPal. "Industry cooperation - combined with technology and consumer education - is crucial to fight phishing."

DMARC is encouraging all Internet Server Providers (ISPs) to adopt these standards in order to clean up our inboxes. This will be good news to those using email in their integrated campaigns. With less spam and fears of phishing, customers should gain more trust in the emails they recieve.

Over the next 18 months, DMARC standards will be tested and further developed. For organizations interested in improving email authentication, there is still an opportunity to be a part of the conversation at www.dmarc.org.

O2 shares customer phone numbers with websites

2012-01-25T16:23:25+00:00

TheNextWeb received a tip earlier today from someone who noticed that, in addition to sending standard HTTP headers like host, user agent and referrer, O2 was also sending a curious x-up-calling-line-id header. What does it contain? Nothing less than the phone number of the visitor.

The individual who discovered the issue, Lewis Peckover, created a web page through which the apparent flaw can be viewed. In addition to O2, customers on services that rely on O2's network, including GiffGaff and Tesco Mobile, were also apparently affected. It should be noted that customers using a Wi-Fi connection, and not the mobile network, did not have their phone numbers shared.

The big question, obviously, is why this happened. O2 had responded, saying that it has fixed the issue and that it was caused by “technical changes implemented as part of routine maintenance".

The good news is that, according to The Register, the errant header isn't being sent any more. But the bad news for O2 is that the damage may already be done.

The Information Commissioner's Office is looking into the matter, with an ICO spokesperson stating, "We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed."