g-docweb-display Portlet

NO to Spam, YES to Consumer-"Friendly" Marketing

Stampa Stampa Stampa
PDF Trasforma contenuto in PDF

versione italiana

NO to Spam, YES to Consumer-"Friendly" Marketing
Guidelines by the Italian DPA against Unsolicited Commercial Offers

Commercial offers to users of SNS or messaging services such as Skype and WhatsApp are only allowed with the users´ consent; unsolicited emails and SMS are banned; tighter controls should be put in place by companies commissioning marketing campaign; simplified measures for marketing may be applied by law-abiding companies. The Italian DPA (Garante per la protezione dei dati personali) issued new "Guidelines on Marketing and against Spam" (web doc. No. 2542348) to counter wild-cat marketing and foster user- and consumer-friendly commercial practices.

These Guidelines – which are about to be published in Italy´s "Official Journal" – lay down a first consolidated set of measures and precautions that can be helpful both to the companies that plan a marketing campaign to advertise their products or services and to any individual wishing to fend off intrusions by companies that flood them with advertising by using their personal contact information without asking for their consent. Special attention is paid by the DPA to the new frontiers of spamming such as the so-called social spam – i.e. spamming performed via SNS – or viral marketing and/or "targeted" marketing practices that may be increasingly and subtly intrusive of data subjects´ private sphere.

The main rules set forth in the Guidelines are summed up below.

Promotional Offers and Spam

- Promotional offers require prior consent. To send promotional messages and advertising via automated systems (pre-recorded calls, emails, faxes, SMS or MMS) the recipients´ prior consent must be obtained (opt-in requirement). This consent must be specific, free, informed and recorded in writing.

- Tighter controls must be in place on marketing companies. Clients commissioning marketing campaigns must be vigilant as appropriate to prevent spamming from contractors, sub-contractors or other entities they have entrusted with contacting prospective customers.

- Consent is necessary to use data on the Internet or social networks. The recipients´ specific consent is required before sending promotional messages to users of Facebook, Twitter and other SNS – e.g. by posting such messages on the users´ virtual billboards – or to users of other messaging and VoIP services that are increasingly widespread such as Skype, WhatsApp, Viber, Messenger, etc. . The fact that a data happens to be available on the Net does not mean that it may be used freely to send automated promotional messages or for any other "viral" or "targeted" marketing purposes.

- "Grapevine" marketing does not require consent. Consent is unnecessary for emailing or texting promotional offers to friends in a personal capacity (i.e., for the so-called "grapevine" marketing).

Simplified Rules for Compliant Companies

- Promotional emails to own customers. It is OK to email promotional messages to one´s own customers regarding goods or services that are similar to those they have already purchased (this is the so-called "soft spam").

- Brand/Company "Fan" Promotions. Companies and firms may send promotional messages to their "followers" on SNS if these followers have clearly stated when signing in to the company´s page that they are interested in or give their consent to receiving such promotional messages on  a given brand, product or service.

- Obtaining consent once for multiple activities. It is enough to obtain consent once for all marketing activities – such as sending ads or performing market surveys. The consent provided to receive automated promotional messages (emails, SMS-texting) also applies to such messages when sent via paper mail or through operator-assisted phone calls. Where a company plans to collect users´ personal data to then disclose or transfer such data to other companies for promotional purposes, it may obtain the users´ consent once and such consent will apply to all the third parties that are referred to in the specific information notices to be provided to users.

Safeguards and Penalties against Spam

- Safeguards for individuals. Any individual receiving spam may lodge reports, claims or complaints with the Italian DPA and exercise all the rights provided for in the Data Protection Code; this includes requesting penalties for spammers and such penalties may consist in hefty fines (up to about 500,000 Euro) in especially serious cases.

- Safeguards for companies. Although "legal persons" are no longer entitled to apply for the Italian DPA´s protection, they may report breaches of the law to the DPA. In any case, they may seize judicial authorities to bring civil or criminal actions against spammers.

Along with the Guidelines, the Italian DPA also adopted an ad-hoc Decision (web doc. No. 2543820) on consent to the processing of personal data – which is about to be published in Italy´s "Official Journal" as well – in order to further simplify the requirements applying to direct marketing.

Rome, 23 July 2013