Electronic Communications and Data Protection

1
Electronic Communications and Data Protection
2
Who Am I?

• Jonathan Silverman
• Independent author and trainer
• Marketing, business development data protection
  consultancy
• Present data protection seminars for The
  Institute of Direct Marketing, Periodicals and
  Publishers Association

generating growth
3
Important Advice Read Me
The information contained in this presentation is
not intended as legal advice or counsel, and is
not represented as such by gsa or Jonathan
Silverman. Neither gsa nor Jonathan Silverman
make warranties or statements regarding the legal
acceptability of the information presented in
this material. Any actions performed as a result
of this information are of the Enterprises own
choosing. Whenever taking any action related to
the law, obtain advice from legal counsel.
4
How Important Is Your Brand?

• Customers prospects buy from companies brands
  they trust
• Trust loyalty
• Loyalty profit
• Advocacy high profit/low cost

5
Friends Reunited Case Highlights SMS Risks

• A jealous boyfriend hacked into ex girlfriends
  details email account pasted photos of them
  having sex
• Persuaded 2 mm02 employees to intercept release
  her private text messages
• Employees dismissed convicted under data
  protection
• Source the register

6
SPAM by Mobile

• 69 of us have received spam on our mobile phones
  (www.sillicon.com)
• Limited storage capacity of many mobiles may
  already mean some users are unable to receive
  legitimate SMS messages
• Ringtone downloads huge market but a potential
  source of mobile phone number 'harvesting

7
(No Transcript)
8
(No Transcript)
9
Information Commissioner Statistics
10
Increasing Legislation Around Electronic
Communications

• Data Protection Act 1998
• Electronic Communications (EC Directive)
  Regulations 2003 (Implementation Dec 11, 2003)

11
The Privacy Electronic (EC Directive)
Regulations 2003
12
Background Aims of New Regulations

• Updates Telecommunications Data Protection
  Directive (97/66/EC) in light of new technologies
• Harmonise European legislation regarding email
  other digital media (including SMS)
• Provide a solution for the growing SPAM problem
• Adapt existing data protection provisions to
  reflect foreseeable developments in electronic
  communication

13
Guidance Is Imminent

• Information Commissioner guidance due imminently.
• Lot of issues still require clarity for marketers
  e.g.
• Legacy email addresses and mobile numbers
  gathered for marketing collected using valid
  opt-out.
• Charities.
• Membership organisations.
• Viral marketing

14
Legislation Is Not the Only Control

• The CAP code
• Published before the new regulations goes
  beyond them in terms of requirements
• The industry rules by which marketing such as
  advertising, sales promotion direct marketing
  are governed in the UK
• Covers businesses as well as individuals
• There have already been rulings that set
  precedents
• Companies need to comply (mandatory for DMA
  members)

15
Carphone Warehouse

• Complaint to ASA (www.asa.org.uk) ref CAP code
• Objections to text message. Message stated "For
  fantastic free handsets, inc up to 6 months free
  line rental or a free dvd player, call Carphone
  Warehouse on ... tc's sic apply ...
• One complainant objected that the claim "free DVD
  player" was misleading, because the text message
  did not make clear that recipients would have to
  take out a new mobile phone contract.
• Another objected that the message was sent
  without consent.
• Both complaints upheld. ASA advised need for
  explicit consent. Opt-out in sign up to shoppers
  survey considered insufficient

16
Direct Marketing by Phone
17
The Cold Call to an Individual

• PERMITTED (Regulation 21)
• Except where the subscriber has opted out
• to the company making the calls /OR
• to the Telephone Preference Service (TPS)

18
Cold Call to a Corporate Subscriber (Company)

• PERMITTED
• Except where the called party (as living
  individual) has exercised their rights under DPA
  1998 Part II Section 11 Right to prevent
  processing for direct marketing purposes
• the individual must opt out by written
  notification to the caller
• NB Amended regulations in 2004 will introduce
  requirement to screen against TPS for corporate
  subscribers from April 04

19
The Technology Revolution Comes at a Price!
20
The Revolution Comes at a Price!

• Between 40-60 of all email SPAM
• Spam costs European companies around USD2.5
  billion per annum (Ferris research)
• Productivity losses circa 40 of overall
  financial losses associated with SPAM
• Growing problem of mobile SPAM

21
Electronic Mail
22
Definitions

• Electronic mail
• Any text, voice, sound or image message sent over
  a public electronic communications network which
  can be stored in the network or in the
  recipients terminal equipment until it is
  collected by the recipient includes messages
  sent using a short message service (SMS)

23
Electronic Mail (Regulation 22)

• the regulations apply to transmission of
  unsolicited communications by means of electronic
  mail to individual subscribers
• The regulations therefore do not apply to b2b for
  email SMS. Current rules therefore remain i.e.
  opt-out basis (assuming the data has been
  collected fairly)
• Clarity required regarding those who are not
  individual subscribers but are individual users
  of mobile phones or the same internet account as
  the subscriber
• IC guidance likely to emphasise relationship to
  bill payer

24
Use of Electronic Mail for Direct Marketing
Purposes

• A person shall not transmit, or instigate the
  transmission of, unsolicited communications, for
  the purposes of direct marketing, by means of
  electronic mail, unless
• the recipient of the electronic mail has
  previously notified the sender that he consents
  for the time being to such communications being
  sent by, or at the instigation of, the sender for
  direct marketing purposes
• the identity of the sender, or the person on
  whose behalf the communication is made, has not
  been disguised or concealed
• the recipient is provided with a valid address to
  which the recipient may send a request for such
  communications to cease.

25
Use of Electronic Mail for Direct Marketing
Purposes Soft Opt-in

• A person may send or instigate the sending of
  electronic mail for the purposes of direct
  marketing where
• that person has obtained the contact details of
  the recipient of that electronic mail in the
  course of the sale or negotiations for the sale
  of a product or service to that recipient
• the direct marketing is in respect of that
  persons products or services only

26
Use of Electronic Mail for Direct Marketing
Purposes

• the recipient has been given a simple means,
  without charge (except for transmission costs),
  of refusing the use of his contact details for
  the purposes of such direct marketing at the time
  that the details were initially collected (known
  as Soft Opt-in)
• , where he did not initially refuse the use of
  the details, at the time of each subsequent
  communication

27
Negotiations for a Sale

• EC Directive specifies customer
• UK regulations only state recipients
• IC will probably adopt more relaxed approach
  where there is an existing relationship where
  recipients know who theyre dealing with what
  products are likely to be marketed
• E.g. Registering on a website may well be
  considered as part of the lead up towards a sale

28
Negotiations for a Sale

• Important to consider timing e.g.
• How long ago was the contact where you collected
  the email (or mobile number)?
• Would the recipient remember your company?
• How regular is the contact?
• No guidance as yet for charities/memberships
• IC likely to take a pragmatic view

29
Similar Products Services

• Need to be as clear as possible about what you
  will market to recipients (fair processing)
• NB Care over group companies required

30
Implications

• Means that it is important for the future to be
  sure which is a personal which is a business
  email address or mobile number
• Consider how this may be done at point of
  collection
• Are you able to differentiate for current
  database?
• Need to be aware of CAP Code requirements

31
Email SMS Lists
32
Making Lists Available for Sale/rent

• Regulations raise questions regarding 3rd parties
  use
• Likely that a 3rd party opt-in for email SMS
  will be acceptable as solicited as long as
  sufficient information given ref. purposes uses
• Hence selling opt-in lists to 3rd party marketing
  may continue but more caution required

33
Making Lists Available for Sale/rent

• Sale of existing legacy lists based on email
  opt-out to 3rd parties marketing likely to be
  acceptable as long as the company gave clear
  information about uses i.e.
• The personal data was collected fairly under
  pre-existing legislation
• Adequate opt-outs were given at time of
  collection
• The list is still live i.e. there is reasonably
  regular contact
• IC suggests that this will be closely monitored
  for signs of abuse by marketers
• Legacy SMS lists to 3rd party marketing must be
  opt-in (previously considered automated calling
  system)

34
Key Considerations When Buying Lists

• Safest to buy permission based lists ensure
  they are bona fide
• Check how the list was constructed
• What notices were given (DP statements, consent
  mechanisms, privacy policies)
• Check that your message is consistent with those
  data protection statements
• Check that the list broker is legally compliant
• Have an agreement with the list supplier

35
Traffic Location Data
36
Traffic Location Data

• Traffic data is data processed for sending
  communications or billing e.g. routing, duration
  time
• Location data relates to geographic position of
  the terminal equipment including direction if
  travel, time of recording the location etc

37
Traffic Data

• Traffic data may be used by providers of public
  electronic communications services for marketing
  those services or for added value services (AVS)
• only where subscribers have given consent on
  basis of full accurate information as to the
  future types of processing
• Must be erased or made anonymous when no longer
  necessary for the purpose of transmission or when
  bill may be challenged

38
Location Data

• May only be processed by
• The public communications provider to the user
• A 3rd party providing the AVS in question
• A person acting under the authority of one of the
  above it must
• Be restricted to what is necessary for the
  purpose of providing the AVS

39
Location Data

• Prior to obtaining consent for use, the public
  communications provider must have provided the
  following information
• The types of location data to be processed
• The purposes duration
• Whether the data will be transmitted to a 3rd
  party for the purpose of providing the AVS
• Must offer simple FOC means to withdraw consent
  i.e. turn the service off

40
Directories

• Removes the possibility for a subscriber to a
  public directory to be charged for exercising
  their opt-out right
• Takes effect from the following edition
• Introduces greater clarity for entries in
  publicly available directories
• i.e. subscribers must understand all of the
  likely uses e.g. reverse search from a phone
  number to gain an address

41
CLI ACR

• Requires service providers to offer a range of
  Calling Connected line identification services
  inc. ability to block incoming calls where CLI
  has been withheld
• Allows the termination of Automated Call
  forwarding

42
Data Protection a Very Public Window
Trust Confidence
43
Contact Information
gsa Jonathan Silverman Tel. 01923 661999 / 07779
019998 Jonathan_at_getsoundadvice.co.uk