Transcript Email marketing - Irish Internet Association

Email Marketing - Best Practice from a Legal Point of View
Yvonne Cunnane - Information Technology Law Group
30 November 2006
Email marketing - why adhering to the law matters
 Ramifications of sending unsolicited email







damage to brand credibility
loss of client trust
devalues the power of email marketing
administration of “unsubscribe” requests
criminal prosecution by the Data Protection Commissioner
fines of €3,000 per email
adverse publicity
The Law & Codes of Practice
 Data Protection Acts 1988 and 2003 (“DP Acts”)
 European Communities (Electronic Communications
Networks and Services) (Data Protection and Privacy)
Regulations 2003 (“PECR”)
 European Communities (Directive 2000/31/EC)
Regulations 2003 (“E-Commerce Regulations”)
 European Communities (Protection of Consumers in
Respect of Contracts made by means of Distance
Communication) Regulations 2001 (“Distance Selling
Regulations”)
 Voluntary Advertising and Marketing Codes eg Irish Direct
Marketing Association (IDMA) (not legally binding)
The Law ..
Although the provisions of the DP Acts apply to all forms of
direct marketing, there is special legislation which applies
to direct marketing in the telecommunication and electronic
communications sector.
PECR
European Communities
(Electronic Communications Networks and
Services) (Data Protection and Privacy)
Regulations 2003 (“PECR”)
Key elements of PECR
 PECR regulations place restrictions on how
organisations can carry out unsolicited direct
marketing by;






Email
Fax
Automated calling system
Telephone
SMS or MMS; or
any other form of electronic communication.
Basic rules
 PECR applies to individual subscribers and corporate subscribers who
receive unsolicited marketing (that is, marketing which has not
specifically been asked for)
 Individual subscribers ([email protected] )
 Unsolicited marketing communications cannot be sent to individuals
unless the recipient has given prior consent – however there is an
exception for existing customers.
 Corporate subscribers ([email protected] )
 Unsolicited marketing communications can be sent to corporate
subscribers as long as the sender has respected any opt-out
preference expressed by the recipient.
Prior Consent opt in / opt out ?
 Lot of confusion over use of opt in / opt out tick boxes as a
means of attaining individuals prior consent to direct
marketing
 What’s the difference between opt in and opt out?
Opt in
An "opt-in" box invites a person to indicate if they would
like to receive direct marketing material; if the box is not
ticked that person’s details cannot be used for direct
marketing, e.g.
•Tick the box if you would like to hear from us with further
information relating to our product
Opt Out
"opt-out" box invites a person to indicate if they would not
like to receive such material – i.e. the person will
automatically receive the material unless the box is not
ticked, e.g.
•Tick the box if you do not want to receive any further
information from us relating to our product
Which should you use for individuals ?
 Obligation under the law is to obtain the individuals
prior consent
 “Opt in” is one way of obtaining consent but not the only
way
 The Commissioner advocates the use of positive "opt-in"
boxes as a matter of good practice.
 However, provided an "opt-out" box is clearly visible and
explicit in its wording, the Commissioner is prepared to
accept that the individual has given their "passive consent"
by not ticking the box, provided the personal data in
question, and the uses to which the data will be put, are
not of a sensitive nature.
In summary … .. … ..
 There must be some form of positive action by the
individual showing that they consent to receiving the
material. The individual must understand
(a)that they are consenting; and
(b) what they are consenting to.
 Remember ….. the Commissioner advocates the use of
positive "opt-in" boxes as a matter of good practice.
Exception to the rule ….. Soft Opt in
There is an exception to the rule of obtaining an individual’s
consent prior to sending direct marketing material , which
is known as the ‘soft opt-in’. This applies where:
 you have obtained the individual’s details in the context of
the sale of a product or service;
 the messages are only marketing your own similar
products or services; and
 the customers are clearly and distinctly given the
opportunity to object, in an easy manner and without
charge.
 Other issues for consideration :
 Care should be exercised when marketing to minors
 Identify email as being unsolicited communication – identify the sender
and ensure there is an address to which the recipient may send a
request to cease communication.
 Use of details obtained for a different purpose
 Viral marketing issues
 Registration requirement
 Promptly adhere to requests for removal of an individuals personal
details for direct marketing purposes
So what if I don’t ……
 Negative publicity, damage to corporate identity, loss of
client trust, etc.
 Fine of €3,000 - per offending email as the sending of
each offending message constitutes a separate offence.
 Court may also order the destruction of data that is
connected with the commission of an offence
Guidelines
 Be clear and up-front about the use of people’s personal
data and not underhanded or cavalier about obtaining
people’s consent
 Try to go for permission-based marketing as much as
possible to ensure that you are only contacting customers
who actually want you to contact them;
 Make sure you clearly explain what people’s details will be
used for ;
 Offer a speedy and cost free option for customer to opt out
of marketing messages;
Guidelines …..
 Retain records of consent to direct marketing and copies of
the information provided to individuals when consents are
obtained
 Have a system in place to deal with complaints about
unwanted marketing;
 Have a privacy statement place – this should be in an
obvious place or make sure it has to be read before
individuals submit their details.
 Keep up to date with your legal obligations and guidelines
from industry and the Data Protection Commissioner’s
Office.
 Seek legal advice – no one size fits all solution – special
considerations apply to certain sectors e.g. financial
services
 Thank you
Yvonne Cunnane
Matheson Ormsby Prentice
Information Technology Law Group
Tel: 01-6442152
Fax: 01-6199010
Email: [email protected]