Information Commissioner on how to can ‘spam’

New legal restrictions on email marketing ahead of next month’s clampdown on ‘spam’ were clarified last week, when the Information Commissioner published guidelines to help businesses comply with the Privacy and Electronic Communications Regulations (SI 2426/2003).

The new regulations (which implement Directive 2002/58/EC on Privacy and Electronic Communications 2002) come into force on 11 December and will place new restrictions on companies engaging in electronic marketing campaigns. In many circumstances, businesses will have to obtain permission from consumers before sending them online marketing material. The regulations will also require that the use of cookies (files sent to the hard drives of internet users so they are recognised when they revisit a site) and other tracking devices are made clear. Any breach will be a criminal offence liable to a fine of up to £5,000 in a magistrates’ court, or an unlimited fine if the trial goes before a jury.

“The guidelines are a very good compromise and make for probably the most commercially-minded [regime] in Europe,” commented Jeff Rodwell, head of the technology group at Reed Smith. In particular, the guidance resolves business concerns about how the regulations would apply to ‘third party’ lists.

“If an organisation runs a competition for £10,000, for example, and in that competition they clearly indicate they’ll send your information to interested suppliers, then it’s taken as an acceptance that you’re agreeing to permit other suppliers [to contact you],” he explained. “The directive and regulations just by themselves would appear to prohibit that, and I suspect in many European countries that will be the case.” According to the solicitor, “the only significant omission” relating to third party lists is that there is no means of compulsion that an internet user can rely upon to oblige a supplier to disclose the identity of the original list provider.

The guidelines also make clear that there is no prohibition on ‘corporate spamming’, and so if a message is sent to a business email address it is not caught by the regulations. “That’s also a relief to business, but the concern is that it might lead to an increases in spam, or unsolicited emails directed to corporate addresses,” Rodwell said.

Related links
Guidance to the Privacy and Electronic Communications (EC Directive Regulations 2003: Part 1 (Marketing by Electronic Means) and Part 2 (Security, Confidentiality, Traffic and Location Data, Itemised Billing, CLI and Directories).