Domain Availability
Changes In The Law
So, why the need for consent management? Individuals have a ‘privacy bubble’ which is managed according to a personal viewpoint; this is the private space into which only trusted persons are allowed. Marketing messages are not automatically excluded from this space, but they are filtered. Unsolicited contact i.e. where the message was not asked for are most unwanted because of their frequent poor timing and targeting. Defending against the onslaught of unsolicited marketing messages is why consent management is now part of European law.
Consent Management
Much of the confusion surrounding the new legislation arises from a misunderstanding of consent management. Misuse of terminology like opt-in, opt-out, SPAM etc. all fuel the fire.
Confusion No.2
All e-mail must now be opt-in: NO, categorically not. It is still legal to send an e-mail i.e. electronic mail to individuals on an opt-out basis, so long as a few ‘rules’ have been met. Doing it legally means understanding the rules.
The ‘rule’ in question here is Regulation 22 (of PECR) which includes the important distinction between individual and corporate subscribers. Getting your head round PECR means thinking in terms of ‘who pays the bill’ to receive your message, and NOT who receives your message. An e-mail marketing communication sent to john.doe@bigcompany.co.uk is likely to be perfectly legal so long as John Doe has not exercised his individual right under Data Protection Act 1998 not to be direct marketed to by your company i.e. not opted out.
This unsolicited marketing contact is possible because it is Big Company who pays the phone/ISP bill and not John Doe. The e-mail was sent to a corporate subscriber, and this remains opt-out. Business-to-business communications are therefore largely unaffected by the new legislation, because marketing messages are typically sent to individuals who are not the legal subscriber on the systems they receive the messages. There is a curve ball to watch out for; most partnerships and sole traders will be excluded from the definition of corporate subscribers, becoming individual subscribers, where the rules are different.
So what about an e-mail marketing message sent to johndoe@freeserve.co.uk , where John Doe is the subscriber, paying his own phone/ISP bill. Firstly did he ask for it? If your contact was solicited by John, get on with it, he’s expecting a response! If however you decide that John might like some more (unsolicited) information from your company, stop and think about the contact rules. Unsolicited direct marketing via electronic mail can still be on an opt-out basis, but you must satisfy the rules concerning existing relationships. Namely:
- The recipient’s email address was collected “in the course of a sale or negotiations for a sale”;
- The sender only sends promotional messages relating to their “similar products and services”, and;
- When the address was collected, the recipient was given the opportunity to opt out (free of charge except for the cost of transmission) which they didn’t take. The opportunity to opt-out must be given with every subsequent message.
If you cannot demonstrate that there is an existing relationship (as above) then you must have John’s consent to send unsolicited direct marketing messages to him.
Gaining Consent
To demonstrate consent an individual must actively sign up for something and know what they are signing up to. This could be via a tick box, undeniably a simple method of gaining a positive indication that someone agrees to receive marketing, or where it is made clear in your privacy policy, that by providing an e-mail address individuals are agreeing to receive future unsolicited marketing.