Regulation of Electronic Marketing
There are common European Union rules in relation to unsolicited contact by automatic means. The rules cover not only e-mail but also other automatic means of communication such as telephone, fax and telemarketing.
In the e-mail context, the purpose is to suppress SPAM or so called unwanted unsolicited emails which might otherwise threaten to overwhelm email inboxes. SPAM comprises significant amount of internet traffic.
SPAM can be organised in such a way as to operate via viruses and so called worms or trojans which can turn a recipient computer into a so called zombie drone. The recipient computer could be hijacked and used as a source for sending further SPAM.
Breach of legislation may be the subject to orders, breach of which are an offence. Very significant fines apply. The person affected may be entitled to claim compensation.
Data Protection Act / GDPR
If a business processes personal information, it must comply with the Data Protection principles. They require that personal information is to be processed only for one or more lawful purposes (and not otherwise) in a way that is consistent with the original purpose for which it is collected and that it is accurate, relevant and not excessive.It is necessary to keep the information accurate and up to date.
An e-mail address with personal names in it would be personal information. A non personal e-mail address will not necessarily be so.Where personal email addresses are gathered, there is an obligation to inform those who are the data subjects how it is intended to process the data concerned.
Where personal information is to be used for marketing, the individuals concerned must consent clearly and freely to the and use of their information including as to the identity of relevant business and the precise use concerned. The consent may be withdrawn at any time.
E-Commerce Regulations
The Privacy and Electronic Communications Regulations derive from European Union Directives. They deal with the conduct of marketing by electronic means such as email, telephone, fax, voicemail and similar automatic means.
The Regulations require a business to identify itself when carrying out marketing and to provide appropriate contact details when sending marketing details. It is an offence for a person to send an electronic mail for the purpose of direct marketing which disguises or conceals the identity of the sender on whose behalf the communication is made or without a valid address to which the recipient may request that the communication shall cease.
The nature of the communications must be identifiable on the subject line of the e-mail without the need to read the rest of the message.
An unsolicited commercial communication by a “relevant service provider” must be identified clearly as soon as it is received by the recipient, by stating that it is an unsolicited commercial communication. A “relevant service provider” is any service normally provided for remuneration at a distance by electronic means other than at the individual request of the recipient.
Such communication must:
- be identified as the communication that is part of a relevant service
- identify the person on whose behalf it is made
- prominently display on the website in places such as registration forms
- give details of how natural persons may register their choice regarding unsolicited commercial communications (i.e. may opt out of receipt of further communications)
Privacy & Consent to Contact
Individuals have rights to stop their personal information being used for direct marketing. The request must be made in writing and the business must comply within a reasonable period. When information is collected from persons with whom a business is in direct contact, (e.g. phone call or website) they must be given an opportunity to object to future contacts.
Consent is not required for an e-mail sent to an organisation or a business, unless they have opted out. Details of the sender must be provided in the e-mail together with particulars of a valid address where an opt-out can be sent. If an e-mail address contains an individual’s name, this will be personal information and cannot be used for direct marketing without prior consent.
Where data has been collected in the course of providing a service or sale to a data subject, the generally he may be contacted within a certain period in relation to products and services similar to those sold in accordance with the principle of the provider’s legitimate interests. The principle is applicable only to the entity which has provided the sale or service.
Customers must be clearly and distinctly given the opportunity to object to such marketing. An opt-out should allow the individual to reply directly e.g. texting.The recipient must have the option to unsubscribe/opt out on each occasion.
Similar goods or services are those about which the recipient would expect to receive communication. In the case of direct marketing by telephone, the Telephone Preference Register must be checked before making unsolicited marketing calls to businesses or individuals.
Telephone and Fax
The Privacy and Electronic Communication Regulations also regulate direct marketing by telephone and fax. The telephone preference service and fax preference service were established under the predecessor of these regulations and are monitored by the Information Commissioner.
It is not permitted to make an unsolicited telephone call to an individual who has informed the business that they do not wish to be contacted or have registered with the Telephone Preference Service. The Telephone Preference Service maintains a website. Businesses can register with the Corporate Telephone Preference Service. It is not permitted to make automatic calls i.e. pre-recorded phone messages without getting the individuals consent first.
The Corporate Telephone Preference Services is a central opt out register that enables corporate subscribers to register their wishes not to receive unsolicited sales and marketing telephone calls to any of their organisations telephone numbers. A corporate subscriber includes companies in the UK, limited liabilities or partners.
Organisations cannot send unsolicited marketing faxes to individuals unless they have agreed to receive them. It is not permitted to send faxes to individuals or organisations who have registered their number on the Fax Preference Service.
It is unlawful under Irish law to use any publically available electronic communication services to make an unsolicited call for the purpose of direct marketing to companies or State institutions where the sender has been notified that the subscriber does not consent to the receipt of such calls or the information is recorded in the National Directory database.
Cookies
The Privacy and Electronic Communications directive requires consent to the use of cookies. The ICO guidance suggests that consent may be express or implied. However, in the case of more intrusive cookies (involving tracking and profiling) it is more important that the user understands their nature and gives explicit consent to their use.
Website owners must give a clear and comprehensive explanation of the use to which cookies are put and their duration and purpose. This is usually expressed in an online privacy or cookies policy. An appropriate upfront consent mechanism is best practice.
Issues arise in relation to third parties who use cookies through the provider’s website. Appropriate consents and controls are required.