Pbm snr denton nick_graham


Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Pbm snr denton nick_graham

  1. 1. Legal Rules for Direct Marketing– How to avoid the “Spamming”labelmobileSQUARED Conference:Permission Based Marketing:3 October 2011 Nick Graham Partner SNR Denton, London nick.graham@snrdenton.com9196005.01 1
  2. 2. Overview The legal rules When does “customer data” constitute “personal data”? When do I need prior consent? Do customers need to “tick a box”? What is the “soft opt-in”? When do I need to offer an opt-out? Do I need consent for use of cookies? Enforcement risk 2
  3. 3. About SNR Denton SNR Denton is a client-focused international legal practice delivering quality and value. We serve clients in key business and financial centres from 60 locations in 43 countries, through offices, associate firms and special alliances across the US, UK, Europe, the Middle East, Russia and the CIS, Asia Pacific, and Africa, making us a top 25 legal services provider by lawyers and professionals worldwide. SNR Denton offers clients premier service and a disciplined focus in eight key industry sectors: Technology, Media and Telecommunications; Energy, Transport and Infrastructure; Financial Institutions and Funds; Government; Health and Life Sciences; Insurance; Manufacturing; Real Estate and Retail and Hotels. 3
  4. 4. Our Locations 4
  5. 5. Legal rules EU law – Data Protection Directive (95/46/EC) – Privacy and Electronic Communications Directive (2002/58/EC) UK law – Data Protection Act 1998 (“the DPA”) – Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (“the e-Privacy Regulations”) Enforcement – UK Information Commissioner’s Office – The Regulator can serve Enforcement Notices and fine up to £500,000 per breach 5
  6. 6. The UK Information Commissioner 6
  7. 7. When do the rules apply? The DPA and the e-Privacy Regulations apply if you send marketing or advertising by electronic means such as by telephone, fax, email, SMS or automated calling system The DPA also applies to any processing of personal data by a data controller. Any data from which customers can be identified constitutes “personal data” You assume legal risk for any breaches by marketing agencies or other service providers Special rules apply to use of cookies and location data 7
  8. 8. When do I need prior consent?Channel Consent required?Email Yes (unless the “soft opt-in” applies)Telephone Collect consent or rely on a TPS checkFax YesPost NoAutomated calling system Yes(ie. sending an individual a recordedmessageUse of cookies Yes (unless the limited exemption applies)Use of location data Yes 8
  9. 9. Does the Customer need to “tick a box”? Consent means: “freely given, specific and informed indications of the data subject by which the data subject signifies his agreement to personal data relating to him/her being processed” ICO Guidance: data subject must “signify his/her agreement for the consent to be valid This is what the European law makers refer to as “opt-in” (“opt-out” means proceeding without consent until you receive an opt-out request) You can obtain consent either by having customers “tick a box” or using “alternative consent models” 9
  10. 10. E-marketing rules – the e-Privacy Regulation Regulation 23: you must not transmit, nor instigate the transmission of, unsolicited communications for the purposes of direct marketing by means of electronic mail unless the recipient has previously notified the sender that he consents for the time being to such communications being sent Soft opt-in: you may, however, send, or instigate the sending, of electronic mail for the purposes of direct marketing where: – you have obtained the relevant contact details in the course of sale or negotiations for the sale of a product or service to that recipient – the direct marketing is in respect of your similar products and services only; and – the recipient has been given a simple means of opting out (free of charge) both at the time the customer data was initially collected and on each subsequent communication. A subscriber shall not permit his line to be used in contravention of the opt-in requirement (call centres beware!) 10
  11. 11. When do I need to offer an opt-out? Under Section 11 of the DPA, any individual is entitled to opt-out of any processing of their personal data for direct marketing at any time Section 11 of the DPA defines “direct marketing” as: “the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals” 11
  12. 12. Use of CookiesUse of Cookies Article 5(3) of the revised e-Privacy Directive says that: – Use of cookies is only allowed on condition that the subscriber or user has given his or her consent (opt in) having been provided with clear and comprehensive information about the purposes of such processing – The UK Information Commissioner has given companies 12 months (expiring May 2012) “to put their houses in order” and; • check what type of cookies/similar technology you use and how you use them • assess how intrusive the cookies are • decide what solution to obtain consent would be best in your circumstances • you cannot rely on browser settings to establish consent 12
  13. 13. New EU Data Protection Laws in 2011 The proposal for the new EU Data Protection Laws is expected in November 2011 This will be subject to review and lobbying This may include: – Data breach notification rules – Template “privacy information notices” – New rules on consent – New rules on geo-location and other sensitive data 13
  14. 14. SNR Denton UK LLPOne Fleet PlaceLondon EC4M 7WSUnited KingdomDX 242© 2011 SNR Denton.SNR Denton is the collective trade name for an international legal practice. SNR Denton UK LLP is a limited liability partnership registered in England and Wales under no. OC322045. Regulated by the Sol icitors RegulationAuthority. A list of its members is open for inspection at its registered office: One Fleet Place, London EC4M 7WS. Any reference to a "partner" means a partner, member, consultant or employee with equivalent standing andqualifications in one of SNR Dentons affiliates. This document is not designed to provide legal or other advice and you should not take, or refrain from taking, action based on its content. We are providing information to you on thebasis you agree to keep it confidential. If you give us confidential information but do not instruct or retain us, we may act for another client on any matter to which that confidential information may be relevant. Please seesnrdenton.com for Legal Notices, including further information on our professional obligations. 14