In the brouhaha over e-mail marketing opt-in/out votes, other, SMS marketing provisions of the ‘Communications Data Protection Directive’ have been missed.
Topic: M Commerce
Who: The European Commission
Where: Brussels
When: October 2001
What happened:
The draft Directive “concerning the processing of personal data and the protection of privacy in the electronic communications sector” (known as the “Communications Data Protection Directive” or the CDPD for short) has received a lot of publicity on account of its provisions affecting e-mail marketing. This has obscured the fact that it also contains a number of crucial sections affecting SMS marketing. No sideshow bearing in mind the plan to sign the CDPD off in weeks and get it in force across the EU by early 2002 at the latest, as well as the explosion in text messaging. With almost three quarters of a billion text messages being sent a day and marketers quick to see the opportunities.
In its latest form the CDPD proposes an EU-wide “opt-in” regime for the sending of SMS for direct marketing purposes. In other words marketing text messages will not be allowed without the recipient’s prior consent, unless, as with e-mail marketing, the telephone connection involved is held by a corporation or partnership.
SMS receivers using their corporate mobile will not go completely unprotected, however, as the CDPD also requires that their “legitimate interests…with regard to unsolicited communications are sufficiently protected”.
The CDPD also creates a new category of service called a “value added service.” This is any service which requires the processing of traffic data (any personal data processed in order to provide the user with a telecoms service or send him a bill) or location data (data showing where the user of the mobile phone is situated) other than for the transmission of a communication or its billing. Does this mean that a marketing message sent by SMS is a value added service? Cutting through the Euro-speak we think the answer is “yes”.
Article 6.3 provides that the telco provider used by the mobile phone owner may use the user’s traffic data for the purposes of marketing electronic communication services or providing value added services so long as the user has given his consent. A recent amendment also requires that before being asked for that consent the user must be told of the type of traffic data that will be used and for how long.
So far as location data is concerned, a similar regime applies. Prior consent is required before a telco provider can pass location data to a third party such as Pizza Hut so they can tell him he is two blocks from a pizza. Before that consent can be given, the user must be told of the type of location data that will be used, for what purposes, whether the data will be transmitted to a third party and for how long it will be held. Users must also be given the possibility to withdraw their consent to this processing at any time.
Why this matters:
This may all seem restrictive, but it’s laissez faire compared to the current regime, which, no matter what consents are obtained from the user, technically renders it a criminal offence to make marketing use of location data for anything other than promoting the telco provider’s telecoms services. Marketers can only hope the directive now enjoys a swift passage through what remains of the EU legislation process.