Looking for new clients? Don’t we all. Why not expand your client base to the US, Europe or India? Before you send out that gorgeous email campaign, let’s check the rules around marketing to people in those countries.
Here is a quick summary of the rules about consent, opting in and opting out in a few key countries. But maybe it is best to start on our own doorstep.
We must look at the rules in both the Consumer Protection Act (CPA) and in the Protection of Personal Information Act (POPI). It is a bummer and we don’t understand why POPI didn’t just repeal the direct marketing sections of the CPA (like it does for ECTA), but there it is.
POPI (when it becomes effective) says that you can only market directly to new customers once the person has given their consent. The consent must be a voluntary, specific and informed expression of will. You can contact the person once to get their consent. We wrote something about this previously.
You do not need to get marketing consent from existing customers if:
- the consumer provided their details ‘in the context of the sale of a product or service’ and
- the details were obtained ‘for the purpose of direct marketing’ similar products and services from the supplier, and
- the consumer was given a reasonable opportunity to object to receiving the marketing material (in a way that is free and easy) both when their information was first collected and every time they receive the marketing material.
So look at your unsubscribes urgently, otherwise you won’t be able to use your database for direct marketing once POPI comes into effect. You will have to ask for consent first – and we know how low the uptake can be.
When sending direct marketing to people in the UK you need to check the Privacy and Electronic Communications (EC Directive) Regulations, 2003 (PECR) and the Data Protection Act, 1998 (DPA). PECR and the DPA regulate marketing messages sent to natural persons, sole traders and some partnerships in the UK. It does not apply to electronic marketing sent to companies and other corporate bodies.
You will generally need an individual’s consent before you can send marketing emails. To be valid, consent must be knowingly and freely given, clear and specific. The person must have a genuine choice. The clearest way of obtaining consent is to invite the customer to tick an opt-in box confirming that they wish to receive marketing messages via specific channels. Consent can also be obtained when the individual clearly and knowingly indicates their agreement by clicking an icon, sending an email, subscribing to a service, or providing oral confirmation.
The DPA gives individuals the right to object to the use of their personal information for the purposes of direct marketing. According to PECR individuals have the right to opt-out of receiving marketing at any time.
Soft opt-in is required for existing customers. This means that you can send marketing emails if:
- they have obtained the contact details in the course of a sale (or negotiations for a sale) of a product or service to that person; and
- they are only marketing their own similar products or services; and
- they gave the person a simple opportunity to refuse or opt-out of the marketing, both when collecting the details and in every message after that.
Specific consent and taking a positive step is required for new customers. Electronic marketing communications require specific consent for the type of communications e.g. email or SMS.
Luckily, the UK Information Commissioner’s Office has given some guidance on how to interpret these rules.
The US does spam bigly! Sad! The US has the CAN-SPAM Act, 2003. No, it does not say that you can spam people. The CAN-SPAM Act regulates commercial messages sent by a US based business to anyone in the United States. A ‘recipient’ of a commercial message covered by the Act includes both natural persons and businesses.
No consent is required to send a marketing message, but the message must contain a clear and conspicuous explanation of how the recipient can opt-out of getting an email from you in future.
The EU has updated their regulations recently. The General Data Protection Regulation 2016/679 (GDPR) entered into force on 24 May 2016 and will apply from 25 May 2018. It repeals the Data Protection Directive 95/46/EC. The GDPR applies to all businesses (even those outside the EU) who offers goods or services to or monitors the behaviour (within the EU) of EU data subjects (natural persons only).
The GDPR requires consent for the processing of a personal data for one or more specific purposes (for example direct marketing). Consent in terms of GDPR means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Businesses will not be able to rely on silence or opt-outs and instead, an active process such as box-ticking will have to be put in place.
Need some more information? Get our newsletter. From ‘oh ****’ to ‘aha!’, get free advice on doing direct marketing right.