Submitted by: denise cox on Tue, 20/01/2009 - 12:58
On 22 December, 2008 the Irish Data Protection Commissioner’s office issued a press release regarding amendments (S. I. No. 526 of 2008) to the European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2003 (S.I. 535 of 2003).
I am posting this amendment information as it relates email. It’s important to note the regulations and amendments pertain to all electronic communications.
In broad strokes the amendments are:
(1) increasing the penalty for a summary offence,
(2) creating an indictable offence for a contravention of regulation 13 relating to unsolicited communications and providing for the penalties that may be imposed on conviction of same,
(3) the amendment of regulations or part thereof relating to confidentiality of communications, unsolicited communications and enforcement respectively in the interest of clarity.
Opt-in exemption for natural/individual addresses has been further clarified
In “regulation 13” the opt-in exemption for natural/individual addresses has been further clarified: you must give an opt-out option to a natural/individual customer during collection of contact details:
(7) A person who, in accordance with the Data Protection Act 1988, the Data Protection Regulations or these Regulations, obtains from a customer the customer’s contact details for electronic mail, in the context of the sale of a product or service, shall not use those details for direct marketing unless—
- (a) the product or service is the person’s own product or service, and
- (b) the product or service is of a kind similar to that supplied to the customer in the context of the sale by the person, and
- (c) the customer is clearly and distinctly given the opportunity to object, in an easy manner and without charge, to the use of those details—
- (i) at the time they are collected, and
- (ii) if the customer has not initially refused that use, each time the person sends a message to the customer.”;
Distinction between individual/natural & non-individual/business subscribers
The regulation still makes a distinction between a direct marketing text message or email sent to a individual/natural subscriber and a direct marketing text message or email sent to a non-individual/business subscriber. The Data Protection office has been very helpful with my questions, and have provided an example interpretation to me:
- “Individual/Natural person” – opt-in basis, aside from the stated exemption. (Guidance notes) Example of a Individual/natural person in the context of a marketing text message relates to any person who holds a private phone and pays the bills either themselves or it is paid for them by a family member, eg. a parent on behalf of a child. An example of individual/natural person in the context of a marketing email* relates to any person who holds a private email address in their own home and uses it exclusively for private, personal or family purposes.
- “Non individual/business” – opt-out basis. (Guidance notes) Example of a non-individual/business subscriber in the context of a marketing text message is a company phone or a phone in the possession of an employee where rental and call charges are paid for by the employer. Examples of non-individual/business subscribers in the context of a marketing email* include company email addresses and email addresses of staff within a company or organisation.
* Where a question arises as to whether an email address should be considered that of a natural person or a non-individual, it is suggested that the sender examine the context in which it collected that email address in the first instance. Appropriately tagging email addresses at the time of collection will minimise any doubt on the part of the sender as to the legal requirements for sending future marketing emails to that email address. Where a dispute subsequently arises about the sending of a marketing email and a complaint is made to the Data Protection Commissioner, where it is necessary to consider this question, account will be taken as to whether the email address concerned was initially obtained by the marketer in a context where the subscriber used it for a purely personal or purely non-personal purpose. Even in this situation, where what appears to be a non-personal or business use is made of what would normally be considered to be a generic email address (e.g. hotmail, gmail, etc), the Office of the Data Protection Commissioner would advise senders, for the avoidance of doubt, to treat such marketing emails as emails to a subscriber who is a natural person - i.e. prior consent of the subscriber is required.
Disclaimer: I am not a solicitor. This is not a legal document. If you have questions regarding your own electronic communications, I suggest you contact the Data Protection office directly, and/or consult with your solicitor.
2 Responses to Amendments to Irish Regulations dealing with electronic communications
You might like to see a practical example of how the Data Protection Commissioner is interpreting these regulations – see
Thanks for your clarifications,
glad you found this post useful .. i took the opportunity with the issuing of the amendments in December last year to write out something that clarified for our own customers the distinctions, and decided to post it here as well.
and thanks for the link back on your website.