On April 9th a Bill that has been nicknamed The DETOUR Act was proposed to Congress. I should be clear in saying that it has not been passed by Congress yet and is still just a piece of potential legislation¹.
It’s still important to take note of, though, because it is one of the first in what is sure to be a long line of regulation around experimental testing on users.
In its own verbiage, the Deceptive Experiences To Online Users Reduction Act was created
“To prohibit the usage of exploitative and deceptive practices by large online operators and to promote consumer welfare in the use of behavioral research by such providers.”
So, what does that all mean? Good question.
The Act starts off by clearing a few things up:
- The term ‘‘behavioral psychological experiment or research’’ means experimenting on humans. I.e watching what people do, inferring what they’re thinking, and creeping on how they talk to each other.
- The term “large online operator” means any provider of an online service with more than 100,000,000 authenticated users in a 30 day period. This is Facebook, Google, Amazon, Uber… the unicorns of the tech world.
Here’s What Your Marketing Dept. Can’t Do Anymore
The Act mainly deals with the manipulation of user interfaces.
- You can’t create a webpage without a back button (*ahem* Amazon checkout *ahem*). You can’t do anything to a user interface that takes away from a persons decision making autonomy. So, consumers should have clear choices all over the place. Make it as easy for them to opt-in as it is for them to opt-out. Here’s what the Act says verbatim: “to design, modify, or manipulate a user interface with the purpose or substantial effect of obscuring, subverting, or impairing user autonomy, decision-making”
- You can’t test out a certain Ads on rich people and certain ones on poor people. The key words here are test out. Basically, you’re not allowed to divide people into groups based on their biological or physical features and experiment on them with marketing or webpage design. Verbatim the Act says it’s unlawful “to subdivide or segment consumers of online services into groups for the purposes of behavioral or psychological experiments”
Here’s What Your Marketing Dept. Has To Do Now
If your company falls under the “large online operator” umbrella and it analyzes the data or activity of any of its users, these are the duties that your company is now responsible for, by law, under the DETOUR Act.
- Tell all of your users about the tests you’ve run on them.
You have to tell your users about these trials/ experiments they have been subjected to at least once every 90 days. Additionally, you have to tell them in a “clear, context-appropriate, and easily accessible” way. You can’t just send a long email with obscure fine print like the cell phone companies do.
- Tell all the public about the tests you’ve run on your users.
The same rules apply here as to the stipulation above: at least once every 90 days and no deceptively unclear language.
- Establish an Independent Review Board.
This independent (being the key word) board will review all behavioral and psychological research conducted on users or on user activity and has the authority to approve, modify, or veto any experiment that is proposed.
Additionally, this independent review board has to register with the Federal Trade Commission (FTC) which means submitting the names and resumes of every board member to The Commission, submitting the reporting procedures to The Commission, and disclosing all conflicts of interests and, even more importantly, all compensation structures to The Commission.
This means you have to tell the FTC who is on the board, why they are qualified to be on the board, how they vote and handle agreements/ disagreements (because if I vote wrong and I can just get fired for that- it’s not a good system, if voting is by secret ballot- that’s a different story) and how much everyone on the board is paid and in what way. So, you can’t just sneak in big bonuses when a decision to spy on customers goes your way and withhold checks when a decision is made against your psychological experiment.
Here’s What Your Marketing Dept. Can Still Do
There is a section (3A) in the DETOUR Act that describes what are known as Bright Line Rules. These are referred to often in U.S law and they basically mean objectives or rules that leave little room for interpretation.
The Bright Line Rules for this Act center around the key concept I mentioned earlier which is psychological testing or experimentation on users. It’s fine if you change the font color, try a different layout, or use default settings to guide consumer choice. What you can’t do is take away from the users right to decide between all options and you can’t change aspects of your product for the purposes of extracting more data from them than they wanted to give you.
The big takeaway from the DETOUR Act is to be really really transparent with what you’re doing. Be honest with your customers, be truthful with the public, set up an advisory board that will objectively assess the fairness of your dealings, don’t try to create “compulsive usage by a child under 13” (obviously?), and get consent from your users for all of the data you collect.
There are certainly ways around the DETOUR Act. The pop-ups that appear now at the bottom of every webpage that says “blah blah blah cookies.. consent.. blah blah.. click I agree” are good examples of how to comply with a regulation (GDPR) without really complying with a regulation.
The point is to make it really apparent what data is being collected and why. Do this and you’ll be fine. Try to skirt around the truth and either the FTC will come after you or some angry customers will.
To be honest, I don’t know which is worse- but why take the chance?