What are the consequences of not complying with the Privacy Regulations?
In November 2012 the Information Commissioner’s Office (the ICO) imposed a fine of £440,000 on the owners of Tetrus for breach of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (the PEC Regulations).
Tetrus breached the PEC Regulations by sending millions of unsolicited text messages over three years, without the consent of the recipient and without identifying the sender. Tetrus then used the replies to generate leads which were sold for large sums of money to claims management companies.
Those circumstances were a particularly blatant breach of the PEC Regulations and the ICO cannot impose a fine unless it is satisfied that:
but it’s nevertheless important to comply with the PEC Regulations.
If you breach the PEC Regulations, anyone who suffers damage could sue you. But it is rare for anyone to sue under the PEC Regulations and it might be difficult for any claimant to show that it had suffered more than minimal damage as a result of receiving your marketing emails.
In 2005, the small claims court found in favour of a Mr Roberts who sued Media Logistics (UK) Limited which had sent him unsolicited marketing emails. Media Logistics did not defend the claim and settled it by paying Mr Roberts £270 plus courts fees of £30.
It is also possible that the terms and conditions of your internet service provider prohibit you sending unsolicited marketing emails. That should be checked.
What do the PEC Regulations cover?
The PEC Regulations govern the sending of marketing and advertising by electronic means (e.g. by email, phone, fax and text message).
What you can do depends on:
Unless the Soft Opt-In exemption applies (see below), you may not send unsolicited marketing emails to an individual subscriber unless the intended recipient has previously notified the sender that s/he consents to receiving direct marketing emails from you.
That prohibition does not apply when you are sending marketing emails to corporate subscribers. The problem is that many marketing databases do not distinguish between corporate and individual subscribers in the way necessary to comply with the PEC Regulations.
Once given can consent be withdrawn?
Yes, even where a recipient has given his or her consent to receiving marketing emails, that consent can be withdrawn at any time.
Your marketing database should include a record of any opt-outs and withdrawals of consent (as well as records of consents or opt-ins).
Is it OK to send marketing emails to subscribers on a bought-in list?
Unless the Soft Opt-In exemption applies (see below), you must not send unsolicited marketing emails to individual subscribers unless the intended recipient has notified the sender that s/he consents to receiving those emails. Therefore it is difficult to see how you could legitimately use a list compiled by a third party unless the individual subscriber has expressly invited (solicited) you to send him or her marketing emails. When you buy in a list the likelihood is that any consents or opt-ins have been given to someone else and not to you.
It’s important to understand the terminology of the PEC Regulations
The subscriber is the person who pays the bill for the telecommunications service through which it receives the marketing email.
An individual subscriber is a private individual, a sole trader or an English partnership. (To make things even more complicated, a Scottish partnership is a corporate subscriber.)
A corporate subscriber is a company, limited liability partnership or other organisation such as a school, government department or agency, hospital or other public body.
An unsolicited email is one which the subscriber has not actively invited.
The ICO takes the view that directing marketing includes not only communications trying to sell goods or services but also, for instance, promoting values and beliefs.
What is the Soft Opt-In Exemption?
The Soft Opt-In Exemption allows you to send marketing emails to an individual subscriber where:
It’s difficult to see how you could take advantage of the Soft Opt-In Exemption where you are using lists compiled by a third party because you can satisfy the Soft Opt-In conditions only if you collected the email contact details in the course of a sale or negotiations for a sale.
Are there any rules about the contents of marketing emails?
There certainly are.
You will be in breach of the PEC Regulations if you send any marketing email (whether or not solicited) and:
What do I need to do to make sure that my emails comply with the e-Commerce Regulations?
What do I need to do to make sure that my website complies with the e-Commerce Regulations?
You must ensure that the website makes available, in a form and manner which is easily directly and permanently accessible, information which includes:
(If you are a company other regulations oblige your website to give your company number, registered office and place of incorporation.)
Regulation 9 of the E-Commerce Regulations sets out the information to be given when contracts are concluded on line. These include:
And you must make the terms and conditions of the contract available in a form which allows the customer to store and reproduce them.
What about the Data Protection Act – do I have to comply with that as well?
The simple answer is yes. The REC Regulations supplement and complement the Data Protection Act (DPA); they are not a substitution for it.
Where you are sending any marketing email and you know the name of the individual who will receive that email, you are processing personal data and you must comply with the DPA. That includes:
If you would like further advice about any of the issues considered above please contact
Christine Reid on 01865 864195 or email her at firstname.lastname@example.org.
This article is not intended to be, and should not be taken as being, legal advice. The law often changes and it varies from jurisdiction to jurisdiction; the information in this article is generic in nature and specific legal advice should be taken before acting on any of it.
© Northwood Reid 2012. The use, copying and dissemination of this article are subject to our