Feeds

First UK ruling under new email marketing regime

Explicit consent confirmed

  • alert
  • submit to reddit

Top three mobile application threats

A landmark decision published today confirms that you need to check for explicit consent before using a marketing list for an email campaign, even if you believe in good faith that the list comprises only those who opted to receive marketing.

That is the view of the UK's Advertising Standards Authority, which today published its first public decision based on new requirements for consent before marketing by email. It clarified another important point: what is necessary to identify a marketing communication as such.

Southampton seminar provider The Training Guild lost a key part of its case before the ASA over a recent e-mail campaign. It sent messages headed "Business Seminars – Telesales & Selling Skills Made Easy" which, when opened, promoted "a selling sales course for non-aggressive people". One recipient complained.

This was not a court case, and no laws were referred to. However, marketers in the UK are obliged to follow what is known as the CAP Code – and the complaint was made under two new provisions of the Code, introduced in March this year.

The complaint was, firstly, that the email did not make clear in its subject field that it was a marketing communication; and secondly that The Training Guild did not get explicit consent to send e-mail to the complainant.

The CAP Code is a set of rules produced by the UK’s Committee of Advertising Practice which are administered by the ASA, governing the content of UK non-broadcast marketing communications. Although lacking the force of legislation, the Code should be followed by all businesses and there are penalties available for non-compliance.

The Code states that marketers, "should ensure that marketing communications are designed and presented in such a way that it is clear that they are marketing communications. Unsolicited email marketing communications should be clearly identifiable as marketing communications without the need to open them."

This echoes a legal requirement introduced by the E-commerce Regulations of 2002. However, there has been little or no guidance under either the CAP Code or the Ecommerce Regulations on how to identify marketing communications as such.

Some suggest adding "ADV" to the start of a subject line, to indicate an advert, as is a requirement under Californian and other anti-spam laws. But until today, there has been no guidance from an authoritative source. The ASA's adjudication takes a more forgiving approach than California: its decision says that the words in subject field of The Training Guild's e-mail - "Business Seminars – Telesales & Selling Skills Made Easy" - made clear that the email was a marketing communication.

Unfortunately for e-marketers, the ASA was less forgiving on the second ground of complaint.

The most controversial addition to the CAP Code in March 2003 was that "the explicit consent of consumers is required" before "marketing by email or SMS text transmission, save that marketers may market their similar products to their existing customers without explicit consent so long as an opportunity to object to further such marketing is given on each occasion."

This reflects another legal requirement, found in the Directive on Privacy and Electronic Communications, which is due to be implemented in the UK by the end of October 2003. That requirement refers to unsolicited communications; the CAP Code does not, but this CAP Code provision only applies to marketing to consumers.

The Training Guild argued that over the past nine years it had built up a list of customers who wished to receive its promotional emails. It said that although one person in an office may have asked to be kept informed of its products by email, another person in that office may be unaware of that request and would also have received emails.

The Training Guild explained that it had bought a list of email addresses it thought were for businesses, not for individuals, which it believed had opted to receive information about training and business development topics by email. The company added that it had a strict policy of immediately removing someone from its mailing list if requested.

The ASA noted the complainant's email address was a personal one and not a business address. Claire Forbes, a spokesperson for the ASA, confirmed to OUT-LAW.COM that the issue would not have been adjudicated had it concerned a work email account.

In its decision, the ASA also acknowledged that the advertisers had bought a list of email addresses of people who had opted to receive information about business development topics by email in good faith.

But the ASA nevertheless considered that "it was the advertisers' responsibility to ensure that recipients on the list had given their explicit consent to receive such emails."

The ASA considered that The Training Guild "had not got explicit consent to send the email to the complainant."

Ultimately, the ASA was lenient in its punishment, simply advising the organisation to take more care in its targeting of marketing emails in the future. The ASA's Claire Forbes said that failure to comply would likely result in sanctions.

The case will resonate among e-marketers who face a major consent problem when trying to exchange email address lists.

OUT-LAW.COM's Louise Townsend, a specialist in data protection, comments: "If buying email lists, companies can get warranties that the lists are 'clean' and indemnities to support these warranties. But this will not give the company any protection against the ASA, just a come-back against the provider of the list.

"If your business has its own lists, make sure that you know what information was given when the details were collected. You need to check whether you fall within the exemption for similar products. You need to check if someone opted-in."

These are difficult and serious issues for marketers, and the CAP Code must not be overlooked: it is increasingly apparent that it goes further on the issue of consent than the forthcoming regulations implementing the EU Directive.

© OUT-LAW.COM

Top three mobile application threats

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.