Should Your Online Shop Be a D2C (Direct-to-Consumer) Brand?
The Direct-to-Consumer strategy has become very popular in recent years. Should your business become a D2C brand? Learn more in our blog article.
The basic rule is simple: No newsletters without consent. Learn more about the legal grounds and possibilities that you have.
Table of contents:
Basics
Data protection is regulated in the UK primarily by the Data Protection Act 1998. For electronic marketing, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended), in short PECR, are relevant.
There is a wide definition of an electronic message. It covers any kind of communication that can be stored electronically. Hence, e-mail, sms, photo messages, video messages, voice messages and also direct messages via social media are covered.
Fair processing
Data may only be processed fairly and lawfully. This will be the case if a customer orders a product in your shop and you use the data they submitted to send them the goods, or when you get an enquiry via your contact form and reply to the customer’s e-mail address.
The Data Protection Act mentions different cases where data processing is deemed to be fair. Consent counts as the first grounds.
In order for processing to be fair, the user must be informed before data is processed. Therefore, it is important to have a clearly worded privacy policy in the shop that informs about all uses of data in the shop, especially for email marketing purposes.
Consent
Shutterstock/nikkytok
Consent is the main requirement for direct marketing. Based on EU principles, consent must be specific, freely given and fully informed. The retailer needs to obtain consent directly from the user. Therefore, relying on third-party mailing lists is not a good idea. Using data without the customer’s consent will usually be unlawful unless there are other grounds of justification.
Consent vs. Soft opt-in
So, the basic rule is that consent is required for e-mail marketing. There is an exemption to this: the so-called soft opt-in rule.
When the retailer has obtained the contact details of the recipient in the course of the sale, or negotiations for the sale, of a product or service to that recipient, they can sell e-mail marketing:
- If at the time of collection of the e-mail address, the customer has had the opportunity to object to the marketing purposes, and this opportunity is also given in every consecutive e-mail, and
- If direct marketing in respect of its similar goods and services only
The scope of the soft opt-in marketing possibilities is very limited, and therefore, retailers should better obtain consent via a checkbox with appropriate information attached to it.
Sanctions
The ICO may enforce the PECRs in different ways.
Without notice, an audit can be conducted, and binding recommendations can be given. For offences, monetary penalties up to 500,000 GBP may be imposed. In some cases, prosecution may lead to imprisonment.
Checklist for sending a newsletter to individuals:
- Have you obtained the consent directly from the individual?
- Is your complete supplier identification given in every email?
- Is there an easy way to withdraw consent?
- Is the newsletter marked clearly as marketing?
- Are there mechanisms in your processes that allow you to respect an opt-out request as soon as possible?
For tailored legal advice for the UK and numerous other European markets, we recommend reaching out to our partner law firm, FÖHLISCH Rechtsanwälte. If your online shop is based in Germany or Poland, you can explore the Trusted Shops Legal Products site, where you can get further guidance on e-commerce legal topics.
29/08/16
