On December 3, 2008, the Dutch DPA (CBP) and the Dutch Telecom Regulator (OPTA) published a joint decision relating to web-based “Tell-a-Friend” systems. Tell-a-Friend systems are viral marketing mechanisms whereby an Internet content provider requests its readers and consumers to circulate prepared commercials to their friends and contacts using their e-mail. The decision discussed specific mechanisms whereby an Internet user (the sender) provides the email addresses of third parties (the recipients) to the Internet content provider (the data controller) via a form on its website. The data controller subsequently sends emails to the addresses provided. In their decision, CBP and OPTA state that Tell-a-Friend mechanisms may be legitimate if the following requirements are met: (1) it is up to the sender to decide whether or not to send a message; (2) the message must unambiguously indicate who is sending the message; (3) the sender must receive unambiguous and complete information about the message to be sent in order to take full responsibility for its contents; and (4) the data controller cannot use or keep the provided contact details for purposes other than the sending of a message on behalf of the sender. Any other email sent to these contact details will be considered as spam. The decision is available (in Dutch) here.