New Privacy and Electronic Communications Regulations will come into force in the UK on 11 December 2003 and will revise the ways in which businesses communicate with their customers via e-mail. Russell Brown at Manchester law firm Glaisyers explains the effects on businesses.
For many businesses, the use of e-mail has taken over from the telephone as the preferred means of communication. Many companies view it as a quick, easy and informal tool for contacting clients, while in addition, many see it as one of the most cost effective and direct means of promoting their services to potential and existing customers.
There’s a problem though.
Despite good practice recommending that direct marketers adhere to the British Code of Advertising, Sales Promotion and Direct Marketing, in reality many e-mails are being sent with neither consent nor effective targeting.
Many on the receiving end of all this activity have for some time been complaining about how their e-mail inboxes are bulging full of unsolicited commercial e-mails (UCE) or ‘spam’. As a result, the law has finally caught up.
Though many fed up businesses will no doubt be monitoring the situation with interest, those using e-mail as a means of marketing really need to sit up and take notice of what it means to them.
‘Opt-in’
The major change for December will be the introduction of an ‘opt-in’ consent procedure for commercial e-mails. This means that businesses will only be able to target people who have given their active consent to receiving communications.
An important exception to this ‘opt-in’ rule comes into play when e-mails are sent from a business to an existing customer. Businesses may continue to market to their own customers as long as they only include their own products and services in the communications. In these cases, the addressee will still be able to opt-out of such communications, should they wish to do so. However, marketing through faxes will remain an ‘opt-out’ form of communication.
In essence, businesses which currently use electronic marketing will no longer be able to make initial contact with new or potential customers through e-mail, and existing databases of e-mail contacts will have to be checked thoroughly to ensure that their details have been legitimately collected.
Telephone marketing
Though e-marketing has replaced telephone marketing in some areas, changes to the law could mean that businesses will switch back to more traditional methods of communication.
It will not, however, be as simple as that.
Under the Privacy and Electronic Communications Regulations 2003, unsolicited direct marketing calls will continue to be allowed, however recipients will have the right to ‘opt-out’ of such communications.
New rules are also expected in spring 2004 which will enable businesses to subscribe to the Telephone Preference Service (TPS). This will mean that marketers must screen the numbers they use, thus avoiding nuisance marketing phone calls.
Cookies
The Regulations will also lay out new parameters for the use of ‘cookies’ on company websites. At their simplest, cookies are snippets of information about Internet users, which allow the site server to store details such as visitor numbers and user preferences. Using this information, website operators can tailor their marketing communications to target individual needs.
As of 11 December 2003, businesses will be obliged to inform their customers that their website uses cookies, and provide an opt-out facility for those who do not wish for them to be used.
Website users will be given clear and comprehensive information about the ways in which cookies are to be used, through a ‘privacy’ or ‘cookies’ statement. This will also contain detailed information to advise users on how they can turn off cookies, should they wish to prevent their information from being stored. This can be done via the computer’s browser settings, either by a service provider or by the user.
Enforcing the law
So what are the punishments?
From 11 December, anyone suffering damage from individuals or companies which contravene the new Regulations will be entitled to sue for compensation.
However, a loophole in the legislation could make prosecutions difficult. Accused parties which prove, in their defence, that they took all appropriate measures to ensure compliance with the Regulations are expected to avoid prosecution.
The Information Commissioner’s enforcement powers under the Data Protection Act 1998 will also be applied to the new Regulations. The Information Commissioner will therefore be able to investigate breaches and, in appropriate circumstances, bring enforcement proceedings.