Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.

Electronic marketing and internet use

Electronic marketing
Are there rules specifically governing unsolicited electronic marketing (spam)?

Section 27 of the Data Protection Act deals with spam and other kinds of unsolicited electronic marketing. Under this section, it is possible to process personal data in order to create specific profiles for promotional, commercial or advertising purposes or to establish consumer patterns, provided that the personal data is available to the public or has been provided with the consent of the owner of the personal data.

Decree 1588/2001 provides that consent will not be required in the case of consumer profiling, provided that the consumer is identified only by belonging to a certain category of consumers and the personal data necessary to send the marketing material to him or her. It also establishes that all communication carried out over the Internet should state clearly that the owner of the personal data can request to opt out or block – either totally or partially – its name from the database. On request, the person responsible for the database must provide information on the source of the information.

Moreover, Disposition 4/2009 of the National Data Protection Agency provides that every communication must state that the owner of the personal data can request to opt out or block – either totally or partially – its name from the database, as well as the mechanism in place to exercise those rights. Further, it should include a transcript of Section 27.3 of the Data Protection Act and Section 27(3) of Appendix I of Decree 1558/2001. It also requires that communication sent is labelled as “advertising” – in particular, in the case of spam, the subject must include the word ‘advertising’.

Cookies
Are there rules governing the use of cookies?

No specific provisions in the Data Protection Act or any related regulation deal with cookies. However, as information requires some kind of relationship with an individual or entity in order to be considered personal data, cookies are not regarded as personal information.

Click here to view the full article.