The Irish Data Protection Commissioner has weighed in on the use of email addresses for marketing, and it hopefully portends how things will shape up under the General Data Protection Regulation.
The problem is email addresses collected in the course of providing electronic receipts. You can’t use them for marketing without giving the consumer a chance to opt out.
Yet that is more liberal for marketers than an affirmative consent, or opt-in. It remains to be seen whether the GDPR is interpreted in the same way.
The DPC states that if the customer fails to unsubscribe using the cost-free means provided, then “he/she will be deemed to have remained ‘opted-in’ to the receipt of such electronic mail for a twelve month period from the date of issue to them of the most recent marketing electronic mail.”
The DPC issued this guidance after finding in an audit that “e-mail addresses, gathered for the purpose of issuing e-receipts, were being used to subsequently issue marketing material,” it says.
The practice of issuing e-receipts is “becoming more common in Ireland,” it continues. But it warns that customers should be advised at the point of purchase that the e-mail address is being requested to provide them with the e-receipt.
The DPC continues that contact information collected for other purposes may “only be used for direct marketing by electric mail,” if these conditions are met:
The product or service is similar to that bought by the customer at the time you collected the contact details.
You gave the customer the chance to object to the use of contact information for marketing purposes — at the time it was collected.
You give the customer the right to object to further messages — each time you send a marketing communication.
The initial sale occurred not more than a year prior to the sending of the marketing email, or — if appropriate — when the details were used to send an electronic marketing message in that 12-month period.