The practice of email signature scraping has become pretty common for data collection. The industry leader, ZoomInfo claims to have scraped over 60 million email signatures from salespeople that have given access to their email servers. Unfortunately, there are two issues that this practice creates.
- Compliance with GDPR Obligation for Data Collectors
- Gaining access to confidential company information without the company’s consent
We are GDPR compliant . . .if you don’t use our European data
In a recent ZoomInfo press release, the company shared their compliance statement with the GDPR, General Data Protection Regulation for EU citizens. However, it is a little misleading in that the compliance piece is to remove the ability to download EMEA contact data from their database.
“To make it easier for customers and partners to comply with the GDPR, ZoomInfo now offers the option of selecting a default data set, which excludes contact information for individuals identified as EU residents. This capability presents ZoomInfo’s database users who are not interested in EU business with an added layer of assurance that they will be compliant while prospecting.”
In ZoomInfo’s terms of service, the company states how they collect data from email signature lines:
“You will provide ZoomInfo with access to certain information related to businesses and business people (“Contact Data”) stored by the application that your computer uses to manage your email and contacts, known as an “email client” (e.g., Microsoft Outlook) or a provider of cloud services for email (e.g. Google Apps).
In exchange for providing ZoomInfo with access to your email client and/or email account, as described above, you will be entitled to use ZoomInfo Community, which permits you to access premium information, such as names, job titles, email addresses and phone numbers, in the ZoomInfo database for so long as the Software remains installed and contributes Contact Data, as provided herein.”
THE GDPR Data Collection Obligations are rather clear for companies like ZoomInfo and RampedUp in that we must have consent of the subjects to retain their data. RampedUp uses publicly available and self-reported data to build our databases. This falls under implied consent because the subjects have shared their information publicly on the web. ZoomInfo uses third-party who do not have consent to share the data.
ZoomInfo is aware of this nuance and offers the ability to turn off to access to their European data for customers concerned about GDPR compliance.
Do you mind if we read your emails?
As stated above, ZoomInfo scrapes email signatures for contact data from tools like Outlook – with the permission of the seller, not necessarily the company – in exchange for access to ZoomInfo for sales activity. While this exchange is good for the individual, it is almost never good for the business. Quite literally, this practice gives confidential customer and executive contact details to ZoomInfo to resell on the open market, oftentimes to the company’s biggest competitor.
Secondary concerns arise as well. If ZoomInfo has access to your emails to gather signature data, what other data can they see and collect?
The access given to ZoomInfo is not just to the signature, but to the privileged information in the email transactions themselves. Most companies hold their email communication and customer data in high regard and would prohibit their exchange for access to ZoomInfo. This is no small practice – ZoomInfo claims that over 44 Million emails are scanned and scrapped every day. Gmail has taken note of this practice and has given warning that they are cracking down on signature scraping. The following is from Google:
“Third-party apps accessing these APIs must use the data to provide user-facing features and may not transfer or sell the data for other purposes such as targeting ads, market research, email campaign tracking, and other unrelated purposes,”
Can we use your data to build our product?
As a result, ZoomInfo has been searching for alternatives for data. The parent company of ZoomInfo, DiscoverOrg purchased a leading B2B email validation company named NeverBounce. In a rather transparent press release about the acquisition, the company announced it, “will integrate NeverBounce technology into its own platform to enhance accuracy of emails and verification of other marketing data.” So, as Google cracks down on the practice and email signature scraping becomes less attractive due to data security and GDPR concerns, email validation will help ZoomInfo gather new data points.
Email validation is the practice of one email server communicating with another email server to see if the mailbox is valid or invalid. THe NeverBounce / ZoomInfo upload process allows their customers to import not only the email addresses that they want validated, but also names, companies, titles, and other rich customer data. Why would they allow this? Customers don’t question if email validation companies are going to sell their contact data. While NeverBounce / ZoomInfo state they do not sell the customer data, they do admit to using customer data to enhance their products in their terms of service. The company, “may access or use Uploaded Data for customer support or troubleshooting purposes, to gather statistics, to improve accuracy, or for increasing our product viability.”
Remember, this company was built on exchanging corporate email mining software for access to their app. So, when they state they will use your customer email data to increase their product viability, that should be taken seriously. The NeverBounce product is now core to the ZoomInfo marketing suite for appending and cleansing.