The Privacy and Electronic Communication (EU) Regulations of 2003 brought up to date the rules relating to permissions for data marketing.
With regards to email marketing, they essentially say that you may not send “unrelated” marketing messages to any individual’s private email address without first having been granted permission by that individual. There are several terms in that summary, though, that require interpretation.
The Information Commissioner is the authority chared with enforcing the legislation, and they give the following definitions (whch are paraphrased here)
- “Unrelated” marketing is an email for a service that is unrelated to the reason for which a customer signed up. In other words, if you are a shoe retailer, and a customer transacts with you by giving you their data in the course of a sale or through entering a prize draw, you are within your rights to send them communications about your own products and services (until they ask you to stop). But if you want to send them emails advertising products and services for other companies unrelated to your own, then you have to first ask their permission.
- A private email address is a person’s non-business address. The 2003 legislation gave no protection to business emails, although it is best practice to treat all emails the same. You don’t know what is private and what is business.
- Permission is granted when you tell the individual what you plan to do, and ask them to actively say that they want this to happen. You must do this at the point of data collection. You cannot, for example, tell them “we’ll send you offers and promotions” and leave it at that. You have to be clear that these offers and promotions are unrelated to your core business.
In practice, there are so many grey areas and so many people interpreting the rules as they see fit that the best advice you can follow was given to us direct from the Information Commissioner: Treat your customers’ data the way you would want your data to be treated. You wouldn’t want people sending you rubbish without your permission, so give the same respect to your users. Be transparent at all times and, most importantly, respect customers’ wishes for you to stop whenever they ask.