Businesses see great potential in new medias for marketing their products., however they should beware of the complex legislation designed to protect customers confidentiality. Solicitor Nick Lockett, of DL Legal LLP, gives us a tour of the minefield.
The Privacy and Electronic Communications Regulations, which came into force on 11th December 2003 in the UK, are a set of technology-neutral rules designed to protect the confidentiality of communications.
They set conditions on the use of traffic, location and subscriber data, and how subscriber directories are to be used. They also make new rules about using recorded-voice automatic dialing systems and sending direct marketing using phone, fax, email and SMS.
The rules are comprehensive and designed to capture all e-communications. They even apply to web-site “cookies”, the small file that your web-site probably sends to visitors to your site. Cookies may only be sent if the visitor is given 'clear and comprehensive' information about the existence of the cookie and the use of the information gathered by it. The visitor must also be able to refuse it.
The key part of the rules applies to companies, their web-designers and online facilitators. Unsolicited direct marketing emails, SMS, instant messages and similar e-communications which are sent to individual subscribers are now regulated. The new rules create liability, both on the transmitter of unsolicited communications and the person on whose behalf it is sent, to pay the recipient damages if a breach occurs.
Unsolicited marketing emails to individuals can therefore only be sent where express consent has been given to receive such emails or where a 3-point “existing customer relationship” test is met.
The bad news for everyone, except lawyers, is that the position about company emails is unclear. Emails to companies will still be permitted as the email rules only apply to individual e-communications network subscribers. Therefore emails directed to firstname.lastname@example.org will still be allowed. The difficulty for marketing managers will be how they can determine whether an email to a named person at a company is caught by the individual subscriber part of the regulations.
The rules only apply to individual subscribers of public e-communication networks because the Government recognized that there was a useful business opportunity in receiving emails. It is however possible that a court may find that when an individual picks up their email from home using their corporate e-mail account, they fall within the category of individual subscriber to a public e-communications network because they are using their home e-communications network subscription to receive the email.
Marketing managers who want to avoid the requirement for the seasonal supply of aspirin, however, have a deceptively simple solution – obtain express prior permission to send the email or fall within the 3-point test.
This “3-point business relationship” test creates an exemption to the prior consent rule if:
the e-contact details of the recipient have been given in the course of the sale or negotiations for the sale of a product or service to that recipient;
direct marketing is in respect of that person's similar products and services only;
the recipient has been given a simple means of refusing free of charge further use of the e-mail address, both at initial collection and at each subsequent communication.
These tests are very strict and the new rules don’t just catch e-mail but can apply to SMS and other e-communications. SMS marketing messages are subject to the opt-out register. If an e-mail is given in the course of the sale or negotiations, it may be used, but not if it arises from mere enquiries or a promotion. Addresses farmed from enquiries and promotion still require prior consent to be re-used so promotions must give appropriate opt-out.
In the same way, the e-mail details may be used where the products are genuinely similar to the product bought or negotiated (or where related services are offered) but only if supplied by the same supplier. Where third party marketing is included or different services and products are offered, the need for prior consent will arise again. Companies will need to re-audit their data for compliance with the new rules.
Many data permissions will fail because of a breach of the “initial and continuing opt-out rule” at the time the information was given. Any failure to provide the cost-free opt-out will also invalidate the consent so all emails must now include an email opt-out facility or free-phone opt-out number.
Even where consent has been given to receive subsequent unsolicited marketing e-communications, the identity of the sender and the person on whose behalf the message is sent must be disclosed. The new rules make it an offence to send “concealed source” emails where the identity of the person on whose behalf the communication has been sent has been disguised or concealed or where an invalid opt-out address is used.
Therefore the sender and the person on whose behalf the communication is sent must be included in messages. May lawyers and regulators be cursed for making us live in interesting times – again!
written by Nick Lockett
DL LEGAL LLP