Many privacy policies and registration forms include an opt-in of consumers to also receive direct e-mails for products or services of affiliated third parties. A recent decision by OPTA (the Independent Post and Telecommunications Authority) confirms that for this opt-in to be valid it needs to specify who these third parties are and the products they offer. A general opt-in for partners' offers is insufficient.
On 2 October 2012, OPTA published its decision of 11 September 2012 which imposed a EUR 100,000 fine on Companeo S.A. for sending spam emails to consumers.
Companeo acted as an intermediary between small businesses and suppliers, and allowed users to submit an online request for future offers by several suppliers. Before submitting the request, users could check a box entitled "I would like to receive offers from Companeo partners". Companeo would then periodically send these users third-party commercial emailings at random.
OPTA decided that these third-party emailings amounted to spam because they had been sent without the users' prior and specific consent. Even though the users had checked the box "I would like to receive offers from Companeo partners", they could not reasonably have expected that by doing so, they were consenting to receive random third-party advertisements. In order to be able to specifically consent to receive advertisements from third parties, a user needs to have a clear view of these third parties and the kind of products that will be advertised. A general reference to "Companeo partners" is insufficient for constituting specific consent. According to the decision, in order for opt-in consent for third-party commercial emailings to be valid, the (categories) of third parties should be specified, including the type of data that will be provided to these third parties and the products these third parties offer. Furthermore, when emailings are subsequently sent on behalf of such third parties, the name of the company having obtained the opt-in consent on behalf of the third parties (in this case Companeo) should be clearly referenced.
With this decision, OPTA again confirms the duty to obtain consent for sending unsolicited emails on behalf of partners or affiliates, as well as clarifies what information should be provided in order to obtain valid consent.