GDPR isn't to blame for all those dumb emails you're getting

By now, the emails will be incredibly familiar. They have the same chirpy tone, are being sent from brands and ask whether you'd like to get more emails from that company. (It's likely you completely forgot what the company was, let alone what you purchased from it in 2007).

"We're committed to managing and safeguarding the information you give us when looking for a job," reads a typical one from a recruitment website. "CLICK HERE TO STAY SIGNED UP," shouts another before continuing: "We don’t want to lose you, so please take action now". Some have even claimed user accounts will have to be deleted if a reply isn't recieved.

The majority of these emails cite the European General Data Protection Regulation (GDPR), which starts to be enforced on May 25. GDPR introduces changes to how businesses and organisations should handle personal information – and for companies faced with the prospect of huge fines for breaching the new rules, it's causing panic. And that's why you're getting all those emails.

"We’ve heard stories of email inboxes bursting with long emails from organisations asking people if they’re still happy to hear from them," Steve Wood, the deputy information commissioner for the UK wrote in a blog post earlier this week. "Think about whether you actually need to refresh consent before you send that email and don’t forget to put in place mechanisms for people to withdraw their consent easily," Wood says.

But, it turns out, most of these emails are pointless. "In the UK it has been the law since 2003 that you can only send a marketing email to an individual recipient when they have consented to receive it or you have an existing customer relationship with them and have offered them the opportunity to opt out," explains Jon Baines, data protection advisor at law firm Mishcon de Reya.
So why are they sending these emails? It's largely around the fear of GDPR. The regulation says companies can be fined up to €20 million or four per cent of their annual global turnover. Many companies are keen to get their systems in order. Although in the UK the Information Commissioner has made it clear it won't be heavy-handed with fines.

Baines believes a big reason why these emails are being sent at the moment is because of an "increased awareness around the fact that sending marketing emails requires either the consent of the recipient or an existing customer relationship". That awareness has been amplified because of the hype around GDPR.

However, the Privacy and Electronic Communications (EC Directive) Regulations – known as PECR for short – govern marketing messages. These are based upon a European e-privacy Directive and cover messages used for marketing – everything from the pesky emails to text messages.

GDPR doesn't replace PECR but sits alongside it and European regulators are coming up with a new set of e-privacy rules to replace it. Confused? So are the companies emailing you. The result is a slightly messy mix of rules: both GDPR and PECR are dense, legally complex and have a plethora of caveats with exemptions for different scenarios.

But the existence of PECR means that in a large amount of cases, companies may not have necessarily needed to send the emails re-asking for permission to keep in touch. "I think a lot of the emails people are receiving are unnecessary, because people have either already consented or are receiving them to business addresses," Baines says. Business email addresses – for instance, rowland@wired.co.uk – fall under GDPR as personal data, but for marketing messages consent to receive them may not be needed.

If people haven't already consented to receive marketing messages, the company sending them will have been in breach of PECR, potentially for many years.

But what is considered consent is a slightly murky affair. With the introduction of GDPR comes an updated definition of what consent is. It's complex but states consent has to be unambiguous and involve someone actively saying yes. For instance, a pre-ticked box saying you are willing to receive marketing emails doesn't count as unambiguous consent. But a box you have to actively tick does.

"If consent is the appropriate lawful basis...

Read The Full Article


 

1 Comments Write your comment

    1. Loading...