If you’ve ever received an email from a business and wondered how they got your information or when you signed up for emails, you were dealing with direct marketing communications.
It might seem like a business is being tricky, but in many cases, it was actually their right to send you an unsolicited or spam email. This is because of laws around direct marketing communications and consent.
1- What is direct marketing?
Direct marketing is a promotional method companies use to present information about a product or service to their target audience. You probably have dozens of direct marketing emails in your inbox at this moment. The information could also be delivered via SMS text message, phone call, or direct mail.
A business might send a direct marketing email, message, or call in order to start a new business relationship, to garner sales, to build brand awareness, or to reach previous consumers.
Why you might receive unsolicited direct marketing is related to the matter of, or exemption from, consent.
2- When did I give consent?
Consent, in terms of your personal information privacy, is the indication of your agreement for a business to process your information. Express consent requires some type of action on the part of the consumer when providing their information. Implied consent is assumed where the consumer doesn’t decline.
Your consent could have been provided when you ticked a box on a website that said “Send me promotional email offers.” Maybe you gave your email address despite a warning that you would receive email marketing. Or you could have initiated a relationship with the business by emailing them about or purchasing a service or product. All these instances would be considered prior express consent for direct marketing communications.
Of course, there are exceptions to the consent requirement in certain situations that may allow companies to initiate marketing unsolicited and without prior consent.
3- GDPR and the ePrivacy directive
It may surprise you that there aren’t explicit rules for direct marketing in the General Data Protection Regulation (GDPR), which is regarded globally as one of the most prescriptive privacy laws. For EU data subjects, the ePrivacy directive and GDPR provide only a baseline or guide for unsolicited marketing emails.
The General Data Protection Regulation (GDPR) guarantees the right for all EU data subjects to object to any form of direct marketing at any time.
The ePrivacy directive establishes the justification for Member States to require prior explicit consent from recipients of unsolicited communications for direct marketing.
Both of these leave room to be preempted by Member States’ laws, so we’ll have to look at the laws by country. I have pulled out Germany and France for EU examples against the U.K., Japan, Brazil, Canada, and the U.S.
4- Consent exemptions around the world
German and U. K. laws exempt businesses from seeking prior opt-in consent from recipients when offering the same or related products or services as previously purchased, and when the recipient has been and continues to be informed of their right to opt-out of marketing emails but has yet to do so.
France differentiates between marketing to another business versus a direct customer. For other businesses, the recipient only needs to be informed of their email address being potentially used for direct marketing and given the chance to object. With a customer, they’ll need prior consent.
These laws generally provide more protection than other direct marketing laws across the world.
The only exemption in Japan is for prior business relationships.
Canada specifically allows implied consent to include prior business or non-business relationships, conspicuously published email addresses, and recipients having not opted out.
The only requirements in Brazil and in the U.S. are that recipients be informed of their information being used and beable to opt out of future marketing emails.
Most counties have some sort of national “Do Not Call” list for direct marketing phone calls that businesses need to honor. For Japan, Brazil, the U.K., and the U.S., the list itself is the only restriction for telemarketing calls.
Telemarketing calls are included in the definition of messaging where implied consent includes prior business or non-business relationships, conspicuously published email addresses, and recipients having not opted out in Canada.
The EU Member States tend to be more prescriptive here as well.
It is illegal in Germany to call a private person without their prior consent, but a business could call another business with the assumption that they would consent to the call. In France, the recipient should be informed of their contact information being used for direct marketing and offered the chance to opt out.
Feel free to contact our team for more information or assistance on privacy laws or concerns.