The UK’s “opt in/opt out” rules for teeing up compliant marketing emails have been around since Christmas 2003, but still UK businesses are getting it wrong and unable to use captured email addresses as a result. Stephen Groom cites two recent examples.
Topic: Email marketing
Who: Two substantial UK businesses
Where: UK
When: 2007
What happened:
Recently is has come to marketinglaw's notice that UK businesses are still failing to grasp the basics of email marketing laws. This, despite the fact that they have been in force now for well over three years in the form of the Privacy and Electronic Communications (EC Directive) Regulations 2003 or "PECRegs."
The continuing confusion over how to work within the PECRegs is not just exposing UK Plc to regulatory action. It is also slamming the door to significant benefits conferred on UK businesses by those who drew up the PECRegs in the first place and those who enforce it.
These were not mandarins in Brussels even though the PECRegs come to us courtesy of an EU Directive (the Privacy and Electronic Communications Directive 2002/58/EC). They were UK draftsmen and the Information Commissioner's Office, who have both had an eye to helping UK business and as a result given it advantages which are only enjoyed by a minority of other EU states.
Customer soft opt in
"Customer soft opt in" or "CSI"is an exception to the rule that marketing emails can only be sent if the sender has been previously notified that the recipient consents to receiving such emails ("opt in").
Under CSI, no prior opt in is needed provided that when the email address is captured the address's owner is buying or negotiating to buy.
Unlike in most other EU states, businesses in the UK trying to take advantage of CSI do not have to actually make a sale.
It will be enough if there are "negotiations for a sale" and this phrase has been interpreted by the Information Commissioner's Office very liberally. Even entering a clearly promotional prize draw, the ICO says, will be regarded as equivalent to "negotiations for a sale."
Of course an opt out opportunity must still be given and all the required disclosures provided about future use of the email, which can only be to market the similar products of the business capturing the email address. Nevertheless the regime is relaxed here compared to most of the rest of the EU.
That's it and all fairly straightforward you might think but no, the penny is still not dropping.
Spurned opportunity example #1
In this example a B2C business offers the opportunity to register on its website to be able to order products by email or telephone for immediate delivery.
This will save the registrant the time of providing delivery details each time they order. The sign up form requires name, postal address and email address but then says only
"If you would like us to contact you about new offers, please tick this box [ ]."
So this is a good example of CSI as applied in the UK. There is no sale as such being made here but clearly "negotiations for a sale" are happening as understood by the ICO.
So the correct approach would have been:
"Please tick here if you do not want us to email you about our new offers [ ]."
The necessary disclosures are being made about future use of the email address and the appropriate clear and simple to operate opt out mechanism provided.
With the actual disclosure and tick box in our example, whether or not those registering tick the box, the email address supplied cannot be used for future marketing purposes.
Firstly the response mechanism is opt in, not opt out, so immediately the CSI opportunity has been lost.
Secondly for the purposes of opt in, the PECRegs make it clear that this has to amount to a notification to the business capturing the email address that the person consents to receive unsolicited marketing emails.
It could be argued that the insertion of the email address would amount to a notification, but without specific reference to the email address being used for the purposes described as opposed to the postal address or telephone number provided, it is highly unlikely a ticked box would classify as suitable notification.
Spurned opportunity example #2
A commercial and consumer conference/meeting facility hands to all those attending events a facility assessment form. It also offers an opportunity to enter a free prize draw.
The form requests contact details including email address. Underneath appear the words
"If you would like one of our sales team to call you, please tick the box [ ]."
Clearly the tick box wording only refers to a telephone call so is not relevant to use of the email address which might be supplied. But what can any email address supplied be used for?
The answer is nothing by way of a marketing communication unless the individual is an employee of a limited company.
It is strongly arguable that the delegate by filling in the form is "negotiating to buy." However the CSI opportunity has been lost because there is no wording stating that the email address will be used for sending the delegate information about the conference facility unless the delegate ticks the box and no opt out opportunity.
There is also an entry into a prize draw offered, but again the CSI opportunity has been lost without the required future use disclosure and opt out wording.
This leaves the possibility of using the "corporate subscriber opt out" opportunity. This applies to commercial emails sent to employees of limited companies at their company email address (but not employees of partnerships for example) and although this may well be available in many cases, the time and inconvenience of establishing whether the individual is an employee of a limited company in each case could have been avoided by deploying CSI in the first place.
Why this matters:
The optimal time to ensure that the maximum possible marketing use of personal data can be compliantly made is the point of capture.
Once an email address has been supplied with inappropriate disclosures and opt in/opt out boxes, it is a significant undertaking to haul the business capturing it back to a point at which those contact details can be used for the intended purposes.
Armed with the advantages over their European competitors provided by UK digital marketing laws, our businesses should be leveraging every opportunity to the maximum. So far many have not appreciated the importance of getting it right and the long term disadvantages of getting it wrong, but as the medium matures and the enforcement regime tightens, this will undoubtedly change.
Stephen Groom
Head of Marketing and Privacy Law
Osborne Clarke London
stephen.groom@osborneclarke.com