The draft Directive on Data Protection and Electronic
Communications approved recently by the European Parliament is on
course to be implemented into UK law later this year. This will
affect how firms carry out direct marketing by e-mail and SMS,
writes Lindsey Scutt.
How does the law stand now?
Broadly-speaking the
current position in the UK is that, if a firm is collecting
people's details in order to send them direct marketing by e-mail
and SMS, it must clearly explain - at the time those details are
collected - who the company is and that it plans to use the
information for direct marketing and obtain their consent.
Under this regime it is sufficient to give the person whose details
are being collected an opportunity to opt-out of receiving direct
marketing. If they do not opt-out, they are consenting, by default,
to receiving it. They do not have to specifically opt-in.
The draft directive significantly changes this, in that it provides
that most use of e-mail and SMS for direct marketing purposes will
have to be on an opt-in basis only.
This means firms will not be able to use e-mail or SMS for direct
marketing unless the recipients have specifically opted in to
receiving such material.
There is an exception in relation to marketing by a business of its
own products or services where these are similar to those bought by
the recipient in the past, but this is unlikely to have a very
broad application.
What is set to change?
This means that once the draft
directive has been implemented into UK law the basic position will
be that:
- Firms will not be able to send direct marketing by e-mail or
SMS to anyone currently on their marketing database who has not
already opted in, unless they have already been contacted to ask
whether they are happy to receive this type of direct marketing and
they then opt-in
- Firms will not be able to send any direct marketing by e-mail
or SMS to anyone they add to their marketing database in the future
who has not opted in.
This means that unless companies take practical steps now to update
their databases some of the information on those databases will
become illegal, rendering them, in effect, useless - clearly a
significant concern for the thousands of companies that employ
direct mail through these new media.
What should you do?
Companies should now :
- Ensure that in future they clearly explain to people whose
details they are collecting that they would like to send direct
marketing by e-mail and SMS, and obtain their opt-in consent
- Ensure that everyone on their marketing database has opted in
to direct marketing by e-mail and SMS
- If not, contact people who have not yet opted in and ask them
to do so (this can be part of a direct marketing mailing rather
than a completely separate mailing)
- Ensure that marketing databases differentiate between direct
marketing by post, fax, telephone (cold-calling), e-mail and SMS
and makes clear which of these each individual has consented
to
- Check the e-mail and telephone preference service lists and
update the database to show anyone who has registered not to
receive such direct marketing, unless they have opted in to being
sent such material(which overrides the registration)
- Review any mailing lists bought in from third parties against
the e-mail and telephone preference service lists
- Ensure that everyone they direct market to by e-mail and SMS is
aware of their right to opt out.
EU directive affects how firms market
- A European Union Directive will affect everyone carrying out
direct marketing by e-mail or SMS
- In future companies will generally only be able to send direct
marketing in this way if the recipient has chosen to receive
it
- Companies should start reviewing their direct marketing
practices immediately.
Lindsey Scutt is a solicitor at Taylor Joynson Garrett 's
data protection group.E-mail: lscutt@tjg.co.uk or go
to
www.tjg.co.uk/