The E-mail Marketing Association recently blasted those offering ‘permission-based’ e-mail marketing lists. Is the practice misleading and what are the issues?
Topic: Selling on-line
Who: The E-mail Marketing Association ("EMMA")
Where: The UK
When: March 2002
The E-mail Marketing Association ("EMMA") attacked non-members of its body for sometimes misleading advertisers in the way they marketed e-mail address lists. The well-known phrase "permission-based" was, according to EMMA, much misused in the context of selling or renting out "permission-based" e-mail address lists. The natural and ordinary meaning of the phrase "permission-based", say EMMA, is that the individuals in question have actively "opted-in" to the use of their e-mail address for marketing purposes. However EMMA's concern was that in reality, a large proportion of lists being touted as "permission-based" were in fact not opt-in at all, but at best "opt-out", in other words instead of actively deciding to tick a box requesting the use of their e-mail address for marketing purposes, the individuals in question had at best merely failed to opt-out of such use being made of their personal details.
Why this matters:
One of the sub-texts of this story is the running contretemps between the EMMA and the UK's Direct Marketing Association ("DMA") as to the correct approach to the garnering of e-mail addresses for marketing purposes. EMMA takes the "high church" opt-in position, the DMA on the other hand takes a less purist view, and allows its members to collect and use e-mail addresses for marketing purposes on an "opt-out" basis. In other words provided the individual concerned can be shown to have been given the opportunity of opting out of their e-mail address being used for marketing purposes and to have failed to tick that box, their address can be used for this purpose. As a matter of law, the DMA's position is perfectly acceptable unless the data in question can be said to be part of a set of data which is characterisable as "sensitive personal data". Sensitive personal data is defined in the Data Protection Act 1998 as any data which provides information as to various aspects of a person's personal details including religious beliefs, political affiliations, sexual proclivities, health information and racial origins. Such sensitive personal data, the 1998 Act provides, cannot be processed or used in any way on anything other than an "opt-in" basis. Absent sensitive personal data, therefore, the EMMA position is "best practice" as some might see it, as opposed to a strictly law-based position.
As for whether the legal landscape will change is very much in the hands of the European Union at the moment by way of the draft Communications Data Protection Directive. This has been going through the legislative process for some while now, and the latest position, as already reported on marketinglaw.co.uk, is that we seem to be moving to a blanket "opt-in" approach to the use of e-mail addresses for marketing across Europe, except in limited "existing customer” circumstances. Even if this is ultimately the position taken in the finally signed off directive, however, it is unlikely to form part of UK law or the law of any other EU state, for at least two years. Finally here, it is worth underlining that in practical terms the question of whether an e-mail list provider is actively misleading its customer is a matter of contract as between the provider and the user. It goes without saying of course that both list providers and list users will need to take care in the drafting of agreements under which they provide or are supplied with lists for use in this way. It is also worth remembering that whatever the contract might say about whose responsibility it is to ensure data protection law compliance, the Information Commission can take enforcement action against any company using personal data in a way they think is contrary to law.