The Telecoms Authority (OPTA) and the Dutch Data Protection Authority have recently published a joint opinion stating that viral marketing and ‘tell a friend’ schemes on websites are permitted, provided that certain conditions are met.
Viral marketing and ‘tell a friend’ schemes allow internet users to forward particular messages or news from a site to a friend or acquaintance. This marketing method is used widely on websites and is governed by both OPTA and the DPA. A well-known example was an online contest organised by an air carrier where participants had to solve a puzzle in order to enter a competition to win a city-break. If they did not solve the puzzle they could enter the competition again, provided that they invited five friends to participate as well. Although this marketing method has been used for a number of years, the two authorities have only now drawn up a joint opinion in order to clarify the conditions under which ‘tell a friend’ schemes can be used in a lawful way.
Such viral marketing and “tell-a-friend” schemes fall under the prohibition on spam, in the Telecoms Act (Telecommunicatiewet) (i.e. use of unsolicited electronic messages for commercial, idealistic or charitable purposes). Furthermore, a personal e-mail address will most likely be required, so that the Dutch Personal Data Protection Act (Wet bescherming persoonsgegevens) will also apply.
Conditions for lawfulness
In the joint opinion, OPTA and DPA state that ‘tell a friend’ schemes must meet the following minimum conditions to be lawful:
- no incentives or rewards: the message must be sent completely on the initiative of the internet user (i.e. sender). The website must not provide incentives or (any chance of) reward to the sender or recipient.
- sender’s identity: it must be clear to the recipient who the initiator of the e-mail is, in order that he can contact the sender should he not wish to receive such e-mails.
- sender responsible: the sender must know the full content of the message sent on his behalf so he can assume responsibility for it.
- no harvesting of personal data: the website concerned must not use or save the e-mail addresses or other personal data for any other purpose than for the once-only dispatch of a message on behalf of the sender. In addition, the website must protect the system from being abused, such as use for automating dispatch of spam.
This is not the first time OPTA and the DPA have worked together. The authorities have entered into a cooperation protocol which includes arrangements on the way the two authorities work together in matters where both have certain powers, for example, where the protection of the privacy of internet users is concerned and where the processing of personal data by providers of electronic communications services takes place.