180 likes | 334 Views
Email Marketing - Best Practice from a Legal Point of View. Yvonne Cunnane - Information Technology Law Group 30 November 2006. Email marketing - why adhering to the law matters. Ramifications of sending unsolicited email damage to brand credibility loss of client trust
E N D
Email Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006
Email marketing - why adhering to the law matters • Ramifications of sending unsolicited email • damage to brand credibility • loss of client trust • devalues the power of email marketing • administration of “unsubscribe” requests • criminal prosecution by the Data Protection Commissioner • fines of €3,000 per email • adverse publicity
The Law & Codes of Practice • Data Protection Acts 1988 and 2003 (“DP Acts”) • European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2003 (“PECR”) • European Communities (Directive 2000/31/EC) Regulations 2003 (“E-Commerce Regulations”) • European Communities (Protection of Consumers in Respect of Contracts made by means of Distance Communication) Regulations 2001 (“Distance Selling Regulations”) • Voluntary Advertising and Marketing Codes eg Irish Direct Marketing Association (IDMA) (not legally binding)
The Law .. Although the provisions of the DP Acts apply to all forms of direct marketing, there is special legislation which applies to direct marketing in the telecommunication and electronic communications sector.
PECR European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2003 (“PECR”)
Key elements of PECR • PECR regulations place restrictions on how organisations can carry out unsolicited direct marketing by; • Email • Fax • Automated calling system • Telephone • SMS or MMS; or • any other form of electronic communication.
Basic rules • PECR applies to individual subscribers and corporate subscribers who receive unsolicited marketing (that is, marketing which has not specifically been asked for) • Individual subscribers (joebloggs@hotmail.ie ) • Unsolicited marketing communications cannot be sent to individuals unless the recipient has given prior consent – however there is an exception for existing customers. • Corporate subscribers (joebloggs@companyname.ie ) • Unsolicited marketing communications can be sent to corporate subscribers as long as the sender has respected any opt-out preference expressed by the recipient.
Prior Consent opt in / opt out ? • Lot of confusion over use of opt in / opt out tick boxes as a means of attaining individuals prior consent to direct marketing • What’s the difference between opt in and opt out?
Opt in An "opt-in" box invites a person to indicate if they would like to receive direct marketing material; if the box is not ticked that person’s details cannot be used for direct marketing, e.g. Tick the box if you would like to hear from us with further information relating to our product
Opt Out "opt-out" box invites a person to indicate if they wouldnot like to receive such material – i.e. the person will automatically receive the material unless the box is not ticked, e.g. Tick the box if you do not want to receive any further information from us relating to our product
Which should you use for individuals ? • Obligation under the law is to obtain the individuals prior consent • “Opt in” is one way of obtaining consent but not the only way • The Commissioner advocates the use of positive "opt-in" boxes as a matter of good practice. • However, provided an "opt-out" box is clearly visible and explicit in its wording, the Commissioner is prepared to accept that the individual has given their "passive consent" by not ticking the box, provided the personal data in question, and the uses to which the data will be put, are not of a sensitive nature.
In summary … .. … .. • There must be some form of positive action by the individual showing that they consent to receiving the material. The individual must understand (a)that they are consenting; and (b) what they are consenting to. • Remember ….. the Commissioner advocates the use of positive "opt-in" boxes as a matter of good practice.
Exception to the rule ….. Soft Opt in There is an exception to the rule of obtaining an individual’s consent prior to sending direct marketing material , which is known as the ‘soft opt-in’. This applies where: • you have obtained the individual’s details in the context of the sale of a product or service; • the messages are only marketing your own similar products or services; and • the customers are clearly and distinctly given the opportunity to object, in an easy manner and without charge.
Other issues for consideration : • Care should be exercised when marketing to minors • Identify email as being unsolicited communication – identify the sender and ensure there is an address to which the recipient may send a request to cease communication. • Use of details obtained for a different purpose • Viral marketing issues • Registration requirement • Promptly adhere to requests for removal of an individuals personal details for direct marketing purposes
So what if I don’t …… • Negative publicity, damage to corporate identity, loss of client trust, etc. • Fine of €3,000 - per offending email as the sending of each offending message constitutes a separate offence. • Court may also order the destruction of data that is connected with the commission of an offence
Guidelines • Be clear and up-front about the use of people’s personal data and not underhanded or cavalier about obtaining people’s consent • Try to go for permission-based marketing as much as possible to ensure that you are only contacting customers who actually want you to contact them; • Make sure you clearly explain what people’s details will be used for ; • Offer a speedy and cost free option for customer to opt out of marketing messages;
Guidelines ….. • Retain records of consent to direct marketing and copies of the information provided to individuals when consents are obtained • Have a system in place to deal with complaints about unwanted marketing; • Have a privacy statement place – this should be in an obvious place or make sure it has to be read before individuals submit their details. • Keep up to date with your legal obligations and guidelines from industry and the Data Protection Commissioner’s Office. • Seek legal advice – no one size fits all solution – special considerations apply to certain sectors e.g. financial services
Thank you Yvonne Cunnane Matheson Ormsby Prentice Information Technology Law Group Tel: 01-6442152 Fax: 01-6199010 Email: yvonne.cunnane@mop.ie