Customers and Marketing

• Author: Katherine H Woodcock; W Gregory Voss
• Pages: 151-171

151

6

Customers and Marketing

I. DIR ECT ELECTRONI C MARKETING

AND THE E-PR IVACY DIR ECTIVE

General marketing practices involving the processing of personal data of individuals

are governed by the Directive and its corresponding principles. Article 14(b) of the

Directive grants an individual the right

[t]o object, on request and free of charge, to the processing of personal data

relating to him which the controller anticipates being processed for the purposes

of direct marketing, or to be informed before personal data are disclosed for

the rst time to third parties or used on their behalf for the purposes of direct

marketing, and to be expressly offered the right to object free of charge to such

disclosures or uses.1

This right permits all individuals to object to, or opt out of, processing for direct

marketing purposes and the disclosure of their personal data to third parties for the

same purposes. This opt-out basis, together with the core principles of the Directive

should be applied to personal data in the context of marketing activities, together

with any applicable national laws regulating marketing practices.2 In practice, this

means that companies must comply, inter alia, with the notice requirement and have

an applicable legal basis under Article 7 for processing.3

However, where electronic communications are used to directly transmit adver-

tising or marketing materials to customers and consumers, the Directive is sup-

plemented by the e-Privacy Directive. In addition to regulating Internet Service

Providers and providers of “publicly available electronic communications service,”

the e-Privacy Directive seeks to protect the “legitimate interests” of legal persons

1. Directive 95/46/EC of the European Parliament and of the Council of 24 Oct. 1995 on the protection

of individuals with regard to the processing of personal data and on the free movement of such data [here-

inafter Directive], 1995 O.J. (L 281) 31 (Nov. 23, 1995), art. 14(b), at 43.

2. See Directive, recital 71, at 38: “this Directive does not stand in the way of a Member State’s regulating

marketing activities aimed at consumers residing in territory in so far as such regulation does not concern

the protection of individuals with regard to the processing of personal data.”

3. The various legal bases for processing are discussed in Chapter 2 Section IV.

woo51396_06_c06_151-172.indd 151 12/7/15 8:35 AM

152

Navigating E U Privacy and Data Protec tion Laws

and the “fundamental rights” of natural persons.4 Thus, the e-Privacy Directive

sits at a peculiar crossroads of telecommunication regulation and privacy and data

protection. Here, we will specically look at the EU rules on direct marketing by

electronic communications, including e-mail, fax, automated calling, and electronic

messages, such as multimedia message service (MMS) and short message service

(SMS) (e-marketing). It is important to keep in mind that in addition to compli-

ance with the e-Privacy Directive, organizations will also have to comply with the

provisions of the Directive (95/46/EC). Here, the discussion will begin with (1) an

introduction to the e-Privacy Directive, followed by (2) a discussion of the e-Privacy

Directive specically applied to e-marketing issues, and it will nish with (3) an

exploration of a code of conduct used in the direct marketing sector—that of the

Federation of European Direct Marketing (FEDMA).

A. Privacy, e-Marketing, and the e-Privacy Directive

The e-Privacy Directive is a successor to Directive 97/66/EC that covered personal

data and privacy in the telecommunications sector.5 The e-Privacy Directive brought

personal data and privacy in telecommunications into the Internet era, with its adop-

tion in 2002.6 Although the e-Privacy Directive contains provisions on e-marketing, it

is also concerned with privacy and the protection of personal data (including location

data and telecommunications trafc data) in the electronic communications sector,

including mobile and xed-line telecommunications services.

The e-Privacy Directive applies to e-marketing, dealing with a gamut of issues in

this sector such as (a) an opt-in requirement to receive commercial communications

and the concept of prior consent, (b) spam or “unsolicited communications” and the

existing customer exception, (c) recent guidance on the existing customer exception to

the general rule, and (d) notice and transparency requirements. Each will be examined

in order.

1. An Opt-in Requirement to Receive Commercial Communications

and the Concept of Prior Consent

The e-Privacy Directive is, accordingly, the EU legislative instrument that established

the characteristic opt-in principle of EU law with respect to e-marketing. It sets out

4. Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002, concerning

the processing of personal data and the protection of privacy in the electronic communications sector

(Directive on privacy and electronic communications), 2002 O.J. (L 201) 37, (July 31, 2002) [hereinafter

e-Privacy Directive], recital 12, at 38.

5. Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 Concerning

the Processing of Personal Data and the Protection of Privacy in the Telecommunications Sector, 1998 O.J.

(L 24) 1 (Jan. 30, 1998) [hereinafter Directive 97/66/EC].

6. See G S, I L  R 437 (4th ed. 2007), para. 7.3.1 (§ 7-011), at 692.

The 1997 Directive was seen as “out of date” almost as soon as it appeared and “it was far from clear how—

if at all—it would apply to the internet and other developing technology.” As an example, the e-Privacy

Directive extended provisions on “unsolicited calls” to e-mail. Compare Directive 97/66/EC, supra note 5,

art. 12, at 6 with e-Privacy Directive, supra note 4, art. 13, at 45.

woo51396_06_c06_151-172.indd 152 12/1/15 5:49 PM