UK law relating to the sending of unsolicited direct marketing material by electronic means are based on the EC Directive on Privacy and Electronic Communications and are modified by the General Data Protection Regulation which started to be enforced in the UK in May 2018.
A major aim of the Directive was to cut down on the amount of ‘spam’ that e-mail users receive from companies with whom they have never had dealings. The Department of Trade and Industry defines spam as ‘unsolicited commercial bulk e-mail sent without the consent of the addressee and without any attempt at targeting recipients who are likely to be interested in its contents’.
Whilst the intention behind the law is clear, the regulations only apply to UK businesses and will do nothing to prevent spam originating in countries where the relevant laws are less strict or, indeed, non-existent. For genuine UK businesses seeking to increase sales of their products to a targeted market, the effect will be more red tape in order to ensure they do not fall foul of the regulations.
The regulations apply to unsolicited commercial e-mails and text messages (SMS) sent to individual subscribers, rather than to company addresses, so much business-to-business e-marketing is not affected. However, under the regulations the term ‘individual subscriber’ includes sole traders, non-limited liability partnerships and their employees.
All direct marketing e-mails, regardless of whom they are sent to, must include clear sender and contact details. In addition:
- businesses must gain prior consent in that an individual must have actively opted in before they are sent unsolicited marketing e-mail;
- individuals are given greater rights to decide whether they wish to be listed in subscriber directories. Directory providers will have to give them full information and a reinforced chance to be ex-directory.
If the recipient of the e-mail was a customer prior to 11 December 2003, you may continue to market to them providing:
- their e-mail or SMS details were obtained through the sale, or negotiations for the sale, of a product or service;
- the product or service you are marketing is a similar one;
- the individual had the opportunity to opt out of receiving direct marketing material at the time they gave their contact details and is given the chance to unsubscribe or opt out on each new message that is sent; and
- the identity of the sender is not concealed.
However, where a customer has previously registered an interest in a company’s products or services, but has neither bought anything nor entered into negotiations to purchase which then fell through, then that individual’s consent must be sought before you can contact them again for direct marketing purposes.
The Office of the Information Commissioner is responsible for enforcing the regulations by issuing enforcement orders to those who do not comply. Breach of an enforcement order is a criminal offence liable to a fine of up to £5,000 in a Magistrate’s Court or an unlimited fine if the trial is before a jury. Any individual who has suffered damages as a result of a breach of the regulations has the right to sue the person responsible for compensation.
The GDPR requires that consent to be sent marketing email must be unambiguouis and freely given and that the recipient must be given adequate information on how their information will be used.