I put up a post on permissions and deliverability a little less than a year ago in which I argued that marketers need to regard permission as transient: a point-in-time indicator of a desire to engage. To me, the more important principle is positive engagement: if you’re communicating an offer or information that’s relevant to that customer, then permission is implicit.

I bring this up because the permission concept of ‘forced opt-in’ came up recently in an exchange with an industry colleague. There are varying definitions of ‘forced opt-in’ but by whatever term you use, it’s a widespread practice. Customers opt-in for something of interest, but their permission is propagated across an enterprise or partner network under a not immediately evident data sharing provision. And before long they start receiving offers they didn’t ask for or want (spam by their definition) with no easy way to opt-out.

The practice can be rationalized as an attempt to better meet customers needs: “Given you’re interested in that, we thought you’d want to know about this…” It’s a quick and easy way for marketers to fulfill their legitimate relationship-building mandate. Unfortunately, many follow-on offers aren’t well targeted. They’re driven more by a simpleminded list-growth ambition or revenue scheme associated with lead capture.

So therein lies the challenge. When performed well and with the right customer-centric mindset, the practice can be justified as a way to deepen the relationship serving the interests of both parties. But when performed poorly, it has the opposite effect.

As I’ve argued in the past, the issue isn’t so much about permission but relevancy — relevancy to the customer’s needs, not to the marketer’s objectives. So I believe the principle that should be applied here is simple: if you share in the gain, you also share in the pain. What I mean by this is that there should be a reward/risk dynamic. If you share data or receive shared data, you’re gaining something — a reward of sorts. Fine. But you should also share in the pain of losing something — the risk — if the customer reacts negatively at any point along the permission propagation chain. Opt-outs should be applied upstream and downstream. Seems only fair and reasonable to me. The problem we’ve got today is that there’s really no risk associated with poor data sharing practices.

So in my view, the remedy to permission propagation is permission de-propagation. And the party that should be held accountable for de-propagation is the one who the customer entrusted with their permission in the first place and chose to propagate it. While tricky to apply, such a principle would keep all parties ‘honest’ by forcing them to focus both on the reward and risk of data sharing.