Organisations which send direct marketing emails should check their policies to avoid fines under electronic privacy laws. A court fined a high-street retailer this month for sending marketing emails to an individual, despite the fact he had created an online account and been given an opportunity to un-tick a box relating to receiving marketing emails.

Electronic privacy laws require potential customers to provide specific consent before organisations can send marketing emails. There is an exception to this is for existing customers, where organisations may use a "soft opt-in". The "soft-opt in" provides that organisations can send marketing emails when:

  • contact details have been obtained in the course of a sale or negotiation for sale
  • the emails are only marketing the organisation's own similar products or services
  • the person is given a simple opportunity to opt out of the communications, both when collecting the details and in every message after that.

In the case earlier this month involving a high-street retailer, the individual had been browsing the website and set up an account. The court ruled that this did not amount to a negotiation for sale and so the "soft opt-in" exception was not available.

To avoid the risk of similar fine, organisations should ensure that they comply with all privacy regulations in relation to marketing emails or texts. Advice from the Information Commissioner suggests this should include:

  • only sending messages where either opt-in consent has been given, or soft opt-in consent has been given and the conditions above have been met
  • offering an easy opt-out with every message
  • maintaining a list of anyone who opts out
  • regularly checking against the list of opt outs.

Organisations also have obligations under Data Protection laws which they must meet, including informing customers why contact details are being collected and ensuring consent is obtained. Organisations should ensure that they, and any contractor which they use to supply direct marketing services, comply with all Data Protection and privacy laws.

A simple checklist for SMEs and further detailed guidance can be found on the Information Commissioner's website: Direct Marketing Guidance.