IT directors should take heed of EU anti-spam ruling,
says Gillian Cameron
With spam making up an estimated two-thirds of all
e-mail traffic, it was inevitable that the European Union should
intercede with a directive imposing tough new regulations covering
all electronic direct marketing.
The Privacy and Electronic Communications (EC Directive)
Regulations, which came into force in the UK at the end of 2003,
impose strict restrictions on who may be contacted, for what
purpose and in what way. Any IT professional involved in web design
or e-mail/SMS marketing must be aware of these rules.
Previously, organisations could send unsolicited communications,
both hard copy and electronically, provided the recipients had not
opted out of receiving these. The regulations have reversed this
position for e-mail, SMS and fax communications, so recipients now
have to opt in.
An accurate and up-to-date marketing database not only ensures that
mailings reach willing targets but also complies with data
protection legislation. Opt-out flags, incorporated within the
marketing database, can assist this process. These should include
global opt-outs from individuals registered with the Direct
Marketing Association preference lists, which now have the backing
of the law.
The use of cookies on websites is also prohibited under the
regulations, except where clear information is provided on how and
why these are being incorporated, and the opportunity given to
refuse these prior to personal data being collected or
processed.
Any company using cookies on its site must include this information
in a privacy policy or in the site's terms of use. At points where
personal data is being collected from users, it is important to
direct them to this policy. Systems also need to be put in place to
enable data to be deleted or depersonalised as required.
An increasing number of businesses are also likely to be affected
by the location data element of the regulations. The rules state
that where services rely on data about an individual's location at
any time, it should be held anonymously.
The only exception is where this data adds value to services. In
such cases, consent must be obtained, together with full
information about the purpose and duration of processing. There are
similar rules in the regulations about processing e-mail/SMS
traffic data.
Despite potentially hefty fines, the full force of the regulations
has yet to be felt by businesses. But any IT professionals
responsible for marketing campaigns and website design must take
all necessary precautions if they are to avoid becoming a test
case.
Gillian Cameron is a partner specialising in
IP and technology at law firm Maclay Murray & Spens
