Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.

Electronic marketing and internet use

Electronic marketing                                                                                                                

Are there rules specifically governing unsolicited electronic marketing (spam)?

There is a comprehensive set of rules governing direct marketing, resulting from the combined application of both the Personal Data Protection Code and the Data Protection Authority’s Guidelines on Marketing and Against Spam of July 4 2013.

As a rule, data controllers may contact users for direct marketing purposes with the prior consent of the user. This rule applies to communications performed by means of automated calling or communications systems without human intervention or by email, fax or text message. Consent needs to be given only once to enable marketing activities using different means of communication, provided that the data subject can opt out at any time from one or more of the means of communication used by the data controller.

Further, when the personal data is drawn from publicly available papers or electronic directories, data controllers may contact users only by telephone or mail, provided that users have not exercised their right to object (opt-out mechanism).

Finally, where a data controller uses, for direct marketing of its own products or services, electronic contact details for emails supplied by a data subject in the context of the sale of a product or service, it need not request the data subject’s consent, provided that the services are similar to those that were the subject of the sale and the data subject, after being adequately informed, does not object to the use either initially or in connection with subsequent communications.

As of May 25 2018, where personal data is processed for direct marketing purposes the data subject must have the right to object at any time to processing of his or her personal data for such marketing, including profiling to the extent that it is related to direct marketing.


Are there rules governing the use of cookies?

As a rule, the Personal Data Protection Code prescribes that the use of cookies, storing of information and accessing information that is already stored on a user’s device are permitted, provided that the user has given his or her prior informed consent.

So-called ‘technical cookies’ are exempt from this requirement. Technical cookies are used only to transmit a communication over an electronic communications network or in order for a service provider to deliver a service that has been explicitly requested by the subscriber or user. Under the Data Protection Code, technical cookies may be used without the user’s consent, provided that the user is informed as required.

The Data Protection Authority has issued a general provision setting out a simplified procedure for obtaining consent for the use of cookies. The provision stipulates that a suitably sized banner must be displayed on the screen immediately when a user accesses the home page or any other page on the website, and that if the user continues browsing the website by accessing any other section or selecting any item (eg, clicking a picture or link), this signifies his or her consent to the use of cookies.

A revision of the current rules governing the use of cookies is under discussion at EU level. The new EU ePrivacy Regulation to replace the existing ePrivacy Directive (Directive 2002/58/EC as amended in 2009) is expected to come into force next year.  

Click here to view the full article.