Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.

Electronic marketing and internet use

Electronic marketing
Are there rules specifically governing unsolicited electronic marketing (spam)?

There is a comprehensive set of rules governing direct marketing, resulting from the combined application of both the Data Protection Code and the Data Protection Authority’s Guidelines on Marketing and Against Spam of July 4 2013.

As a rule, data controllers may contact users for direct marketing purposes with the prior consent of the user. This rule applies to communications performed by means of automated calling or communications systems without human intervention or by email, fax or text message. Consent needs to be given only once to enable marketing activities using different means of communication, provided that the data subject can opt out at any time from one or more of the means of communication used by the data controller.

Further, when the personal data is drawn from publicly available papers or electronic directories, data controllers may contact users only by telephone or mail, provided that users have not exercised their right to object (opt-out mechanism).

Finally, where a data controller uses, for direct marketing of its own products or services, electronic contact details for emails supplied by a data subject in the context of the sale of a product or service, it need not request the data subject’s consent, provided that the services are similar to those that were the subject of the sale and the data subject, after being adequately informed, does not object to the use either initially or in connection with subsequent communications. 

Cookies
Are there rules governing the use of cookies?

As a rule, the Data Protection Code prescribes that the use of cookies, storing of information and accessing information that is already stored on a user’s device are permitted, provided that the user has given his or her prior informed consent.

So-called ‘technical cookies’ are exempt from this requirement. Technical cookies are used only to transmit a communication over an electronic communications network or in order for a service provider to deliver a service that has been explicitly requested by the subscriber or user. Under the Data Protection Code, technical cookies may be used without the user’s consent, provided that the user is informed as required.

The Data Protection Authority has issued a general provision setting out a simplified procedure for obtaining consent for the use of cookies. The provision stipulates that a suitably sized banner must be displayed on the screen immediately when a user accesses the home page or any other page on the website, and that if the user continues browsing the website by accessing any other section or selecting any item (eg, clicking a picture or link), this signifies his or her consent to the use of cookies.

Click here to view the full article.