Direct marketing communication in B2C relations
This post is also available in: SK (SK)
Our clients often ask us whether sending direct marketing e-mail communication to their customers is “in line with the GDPR”. They point out that under recital 47 of the GDPR, the processing of personal data for direct marketing purposes may be regarded as carried out for the legitimate interest of the controller.
Yet, but there is “but”. It is necessary to point out that the issue of direct marketing communication has a broader scope than GDPR and it affects privacy as such.
The right to privacy is “older” than the right to personal data protection. The right to personal data protection was perceived as a “subcategory” of the right to privacy, but over time (and the amount of data that can be collected, stored, and processed about an individual with the development of digital technologies) it has emerged as a separate fundamental right of the individual, governed by separate legislation and protection. However, this does not mean that we should forget about general privacy rules because of the existence of the personal data protection legislation. No one will argue that receiving unsolicited advertising messages may be considered annoying and intrusive and any such message or mail that a natural person receives then interferes with his or her privacy.
A general ban on the distribution of advertising without the consent of the recipient
The explicit prohibition to distribute advertising by e-mail without the prior consent of the recipient follows from the following Slovak legislation:
• Act on Advertising (Act No. 147/2001 Coll. as amended)
Sec. 3 par. 3: “Advertising may not be disseminated by an automatic telephone call system, facsimile and e-mail without the prior consent of the user receiving the advertisement.”
• Act on E – Commerce (Act No. 22/2004 Coll. As amended)
Sec. 4 par. 6: “The service provider may not deliver commercial communication information by electronic mail unless requested in advance by the recipient of the service.”
What is allowed?
In any case, it is allowed to send e-mail direct marketing communication to customers who have agreed to it in advance, if you can prove this consent.
In 2011, the Act on Electronic Communications was adopted, which is the Slovak transposition of the Directive 2002/58 / EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (the “Privacy Directive”).
Sec. 62 par. 2 of the Act provides: “For the purposes of direct marketing, the use (…) of electronic mail, including the short message service, is permitted to the subscriber or user only with his prior consent, and this consent must be provable. The consent granted may be revoked at any time. “
According to par. 3 of the same Section: “The prior consent of the recipient of the electronic mail under paragraph 2 shall not be required in the case of direct marketing of a person’s own similar goods and services whose contact information for electronic mail has been obtained by the same person in connection with the sale of goods or services, in accordance with this Act or special regulation. The recipient of the e-mail must be given the opportunity, simply and free of charge, at any time to refuse such use of the contact information at the time of obtaining it and for each message received, if he has not previously refused such use. “
Thus, the consent of the recipient is not required if all of the following conditions are met at the same time:
• it is an e-mail direct marketing of own and similar goods and services that the recipient has already purchased; and
• the contact information (e-mail address) was obtained by the controller in connection with the sale of goods or services; and
• at the time when the controller obtained the contact details (e.g. when concluding the purchase contract via the e-shop), the recipient had the opportunity to simply and free of charge refuse to use the contact information for the purpose of direct marketing.
Our experience shows that clients seem to have overlooked the condition set out under the third indent above and believe that it is sufficient to offer the customer who purchased the goods or services the opportunity to unsubscribe from the newsletter in the first e-mail newsletter they receive. However, such an approach is not correct and even the first such e-mail sent to the customer may be considered as an unsolicited communication.
We would like to point out that if a merchant sends an e-mail marketing communications to his existing customers without respecting the requirements set out in the Act on Electronic Communications, he denies, in our opinion, the legally recognized right of the individual to refuse the direct marketing communications at the moment when his/her personal data are collected. We even deem that this failure would disqualify the merchant as a controller from using a “legitimate interest” in the processing of personal data under the GDPR for direct marketing purposes.
What are the sanctions?
Supervision over the compliance with the Act on Electronic Commerce is performed by the Slovak Trade Inspection, supervision over the compliance with the Act on Advertising is performed by the relevant public administration bodies in the area of individual goods (eg Slovak Trade Inspection, State Institute for Drug Control, etc.). If the supervisory authority finds a violation of the law, it shall prohibit the dissemination of advertising, and may also impose an obligation to publish this decision in the mass media. In addition, the supervisory authority may impose a fine of up to EUR 66,400 for violation of the provisions of Sec. 3 par. 3 of the Advertising Act.
Supervision in the area of electronic communications is performed by the Office for the Regulation of Electronic Communications and Postal Services. For violation of Sec. 62 par. 2 and 3 of the Electronic Communications Act, the Office is entitled to impose a fine of up to 5% of turnover for the previous accounting period.
The controller might also face sanctions under the GDPR or of the Personal Data Protection Act (EUR 20 million or 4% of the group’s worldwide turnover).
For the sake of completeness, we add that it is forbidden to send e-mails from which the identity and address of the sender, to which the recipient can send a request to stop sending such messages, is unknown and to encourage visiting the website in violation of e-commerce law.
This article is for general and informational purposes only, and the conclusions, opinions or recommendations presented herein may not apply to a specific situation. The article does not constitute legal advice or replace it. When solving a specific problem or situation, we always recommend consulting a lawyer.