28 April 2018
Under the Privacy and Electronic Communications Regulations (PECR), it was possible to use lists of people who purchased good or services in the past and give ‘opt-out’ of future mailings.
Under GDPR is this no longer valid because there is no clear and active consent, as it has been assumed or implied. Soft opt-in, however, is not changing, and so this can still be used. For those customers who have not previously opted-out or gone on a TPS list it is not permissible to email them asking for consent if there is no consent or soft opt-in.
The Data Processing Bill includes a number of provisions for direct marketing
Where you wish to market existing customers then there is a legitimate interest to market similar products, as long as the recipient is given the chance to opt out. In respect of third party lists, they will need to have GDPR-compliant consent from those listed, prior to marketing to them.
The European Commission has stated that “Confidentiality of online communications is essential, but the EU rules designed to protect privacy in electronic communications need to reflect the world that exists today”.
These rules must be broad enough to cover all forms of electronic communications including telephone, internet, mobile phones and IoT and ensure confidentiality is protected on all publicly accessible networks, including public Wi-Fi.
Any interference with the right to confidentiality of communications is contrary to the European Charter of Fundamental Rights. It follows there that no communications should be subject to unlawful tracking and monitoring without freely-given consent, whether by cookies, biometrics, or other technological means.
Rules against unsolicited communications (adverts) should be updated and strengthened and require prior consent of recipients and should complement the protections available under GDPR.
To find how our friendly and knowledgeable solicitors can help you, contact us today.
Make a free enquiry - Call now - 0151 659 1070