Email marketing in the EUptII

28 July 2004

Ruth Boardman

Introduction

This paper considers whether the Directive on Privacy and Electronic communications (2002/58/EC) has led to a harmonised approach to e-mail marketing in seven EEA countries

This is the second part of a three part paper. In Part I we looked at the UK and France. Here we look at Belgium and Germany and in Part III we look at Italy, The Netherlands and Sweden.

Belgium (Peter Van de Velde, peter.van.de.velde@twobirds.com).

Implementation

At present, Belgium has only partially implemented the Directive. The spam provisions of the Directive were implemented by a Royal Decree of 4 April 2003 (the “Royal Decree”)[1], which came into force on 28 May 2003 and which completed the general opt-in regime provided by the Law of 11 March 2003 on certain legal aspects of information society services (the “Law”)[2].

The remaining provisions of the Directive will be part of Belgium’s new Telecom Law. A draft of this is currently before Parliament, whose objective is to vote on this before the end of July.

Individual subscribers

Under the Law, electronic mail[3] may not be sent for marketing purposes without the free, prior, specific and informed consent of the recipient. The Royal Decree has provided exceptions to the opt-in regime for individual subscribers.

The Royal Decree provides for a conditional “soft opt-in”, i.e. a set of conditions under which providers do not need the prior consent of the recipients to send them electronic mail for marketing:

  • where the electronic contact details are obtained in the context of a sale of a product or service (as opposed to mere contacts), in accordance with data protection legislation
  • carried out by the same legal entity that obtained the individual’s details
  • limited to similar products and services
  • to individuals who were offered an opt-out when their details were first obtained and on the occasion of each message

Third party bought-in lists cannot be used on the basis of the soft opt-in. Other companies within the same group of companies are considered third parties (being other legal entities).

The soft opt-in rule is not limited to “consumers”, but applies to all persons, corporate and non-corporate.

Corporate subscribers

The general opt-in regime does not apply to corporate subscribers, provided the electronic contact details do not contain any personal information, such as in sales@companyname.com.

This exception thus only applies to legal entities. It remains unclear which regime applies to associations that are not legal entities (which do not have, as such, legal personality).

Consent

The Belgian Minister of Economic Affairs on 12 May 2004, commented on whether it would be permissible to send an unsolicited e-mail to obtain consent to e-mail marketing. The Minister suggests that this should be permissible, provided that the e-mail meets the following criteria:

  • the e-mail address has been collected lawfully;
  • it must make its purpose (of obtaining consent to future e-mailings) explicit
  • it may not itself be a form of marketing
  • it must inform the recipient that he has a right to object to e-mail marketing
  • it may not suggest that failure to respond will be taken as consent

Further, if the recipient fails to respond, or rejects the offer in the e-mail, then the sender may not send any similar e-mails within a “reasonable period of time (2 years?)”

E-mail opt –out registers

Under the Law, a direct marketer must provide an effective means to opt-out. The Royal Decree provides that the marketer must keep an up-to-date list of recipients that opted-out, which may be individual or general (a so-called Robinson-list).

No concealed identities

Similar provisions apply to those under French law described above.

One other issue addressed in the Minister’s letter was the legal requirement (Article 13 E-commerce Law) that each marketing e-mail should contain the word “publicity” (publicité/reclame) in an explicit and unambiguous way. This requirement caused a lot of concern within the direct marketing industry. However, the Minister admits that this is not consistent with the wording of both the E-commerce Directive and the Belgian Trade Practices Law of 1991. She therefore suggests amending the law so that in the future it would be sufficient for marketing e-mails to be “identifiable” as such (and only if they are not, would they need to contain an explicit reference to the word “publicity”).

Historic data

Belgian legislation has not provided any transitional regime. The opt-in regime equally applies to new data collected after the entry into force of the Law and e-mail data collected before that date i.e. to historic or “legacy” data. From a strict legal point of view, providers may only continue to use such legacy data for direct marketing to individual subscribers if they comply with the “soft opt-in” exemption.

In October 2003, the Belgian Data Protection Commission issued a (non-binding) statement in order to specifically highlight the omission of the Belgian legislator to regulate the issue of contact data collected before the entry into force of the Law. The Data Protection Commission proposed a pragmatic solution to the problem by suggesting that providers that had collected their data in a lawful and fair way prior to the entry into force of the Law should be allowed to use their existing contact lists one more time in order to offer their contacts the possibility to opt-in for future direct marketing e-mail. In its statement, the Data Protection Commission suggested a deadline of two months following the entry into force of the Law, i.e. 31 October 2003. This solution aims at allowing providers to maintain their existing databases (that are often the result of a considerable investment). The Data Protection Commission also issued standard wording for providers wishing to send such a final e-mail to their contacts before 31 December 2003.

A Belgian commercial court[4] has recently been called to interpret the new opt-in regime for commercial e-mail. According to the court, the spam provisions of the Law are not meant to oblige providers to destroy all their existing prospects lists. On the contrary, Article 14 of the Law would implicitly authorise providers to continue to use the existing prospects lists for the sending of commercial e-mail after the entry into force of the opt-in regime of the Law.

Consequently, even under the new opt-in regime, providers would, according to this case law, be allowed to continue to send commercial e-mail to their existing e-mail contacts since all recipients should be considered to have accepted commercial e-mail prior to the entry into force of the opt-in regime. In other words, the fact that the recipients were on the mailing list of the provider at the time of the entry into force of the opt-in regime means that these recipients have not used their right to opt-out under the old regime. The court thus considered the absence of an opt-out to be the equivalent of an opt-in. It remains to be seen whether other courts will follow such an interpretation.

Territorial application

The territorial application of the opt-in regime is determined under the rules of the Law, providing a specific exception to the country of origin principle regarding commercial communications. This means that the opt-in regime applies to service providers located on Belgian territory as well as recipients located on Belgian territory.

Enforcement

The Law provides for several mechanisms, both preventive and curative, to ensure proper enforcement.

The Ministry of Economic Affairs[5] supervises the application of the Law and may issue a warning to the service provider to comply with the Law or even impose a settlement fine in case of infringement.

In case of failure to comply with the Ministry’s warning or rejection of the settlement proposal, the Ministry may either launch “cease and desist” proceedings against the provider or transmit the file to the Public Prosecutor.

Cease and desist proceedings also can be initiated by other concerned parties, e.g. the recipient of the electronic mail or a competitor[6].

The Public Prosecutor may initiate criminal proceedings. Depending on the nature of the infringement, fines of €500 to €250,000 may be imposed by the Criminal Court.

Moreover, the courts may order the publication of the court order and an attachment of the profits obtained through the infringements.


Germany, (Jan-Peter Ohrtmann, jan.peter.ohrtmann@twobirds.com)

Implementation

The provisions in the Directive on spam have been incorporated into Section 7 of the new German Unfair Competition Act (“Gesetz gegen den unlauteren Wettbewerb”) as decided by the German Parliament on 1 April 2004. As a result, obvious unwanted direct marketing will be unlawful, establishing contact to individual subscribers will require prior approval whereas establishing contact with corporate subscribers might only need implied consent. The new Unfair Competition Act is expected to come into force in July 2004.

Individual subscribers

Section 7, para 2 of the new Unfair Competition Act generally requires the prior consent of the recipient. This is in line with preceding case law. However, according to Section 7, para 3 Unfair Competition Act a company may send e-mails without prior consent if:

  • the company has obtained the e-mail address in context of the sale of goods or services;
  • the company uses the e-mail address for direct advertising of its own similar goods or services;
  • the customer has not opted-out; and
  • the customer has been clearly informed during collection of the e-mail address that he/she can opt-out at any time without additional cost other than the general fees of transmission.

Consent

Therefore, as a rule, e-mail marketing is only lawful if the addressee has given his express prior consent. Implied consent is regarded as sufficient only to a very limited degree. (The sending of an e-mail without express prior consent has been considered as lawful in a case in which an individual has accessed the marketers database via the Internet for a certain time and has paid a specific fee for this service.[7] However, this is not the normal rule).

This raises the question whether consent must be given in any specific form. It is not clear whether a direct marketer can market straightaway based on an e-mail address provided by subscriber - as it is possible that an incorrect address may have been provided. To avoid this, it may be necessary to send an e-mail to the address provided and obtain a reply back giving permission to market (a double, or confirmed opt-in).

The rules for e-mail marketing have also been applied to SMS marketing. According to a decision of the Regional Court of Berlin of 14 January 2003[8], the disturbing and potentially privacy-breaching effects of a SMS are the same or even more invasive than of an e-mail. Therefore the Regional Court of Berlin regarded unsolicited SMS marketing as unlawful.

Practically this means direct marketers should obtain written consent from the data subject. The consent should be carefully worded so that it is broad enough to cover the intended use. If the direct marketer is buying addresses the form of consent given by the prospects should be carefully reviewed – as such use is only rarely covered adequately.

Corporate subscribers

The opt-in rule also applies to corporate subscribers. It is regarded as an act of unfair competition[9] and as a breach of established business operation[10]. This just recently has been confirmed by the Federal Court of Justice in a decision of 11 March 2004. In general, the same assessment applies as for individual subscribers.

A deviation from the rule is, that the requirements for implied consent are easier than for individuals. In the case of B2B marketing there are better chances that a business relation with the recipient justifies the sending of unsolicited e-mails than with individual subscribers[11]. Lawfulness depends on the specific circumstances of the case.

E-mail opt –out registers

As German law is governed by the “opt-in” concept, an “opt-out” register for unsolicited commercial e-mails is not required.

However, practically such lists do exist. To avoid unsolicited e-mails and SMS an eRobinson list has been established by the Interest Association German Internet (I.D.I. Interessenverband Deutsches Internet e.V.). This list is available at www.robinsonlist.de. As most of the German spam originates in the US it is also recommended to register at the American Direct Marketing Association (www.dmaconsumers.org/optoutform_emps.shtml).

No concealed identities

Similar provisions apply to those under French law described above.

Territorial application

German provisions on spam apply to data controllers in Germany. They also apply to data controllers outside Germany who send spam to recipients in Germany. This is because the tort occurs in Germany.[12]

Enforcement

Prospects may seek compensation from the marketer for unlawful unsolicited e-mails. However, this requires the prospect to have suffered damage. Since physical or economic loss due to unsolicited direct marketing rarely occur and, besides this, must be proven, such claims rarely succeed. Competitors may also bring a claim as unsolicited e-mails are an act of unfair competition.

Under German law claims due to unsolicited e-mails may not only be directed at marketers but also at service providers. According to a very recent decision of November 13, 2003[13], the Regional Court of Leipzig has held a service provider liable under Sect. 1 Unfair Competition Act because it was unable to provide information on the identity of the organisation which sent the direct marketing communication.

In addition to civil law claims, the Data Protection Authorities may address spam by investigation, order or even imposition of fine.

1 Royal Decree of 4 April 2003 regulation advertising by electronic mail, Belgian State Gazette 28 May 2003.
2 Law of 11 March 2003 on certain legal aspects of information society services, Belgian State Gazette 17 March 2003.
3 There is currently a draft law pending in Parliament to expand the opt-in regime to pop-ups: Draft Law of 20 November 2003 modifying article 14 of the Law of 11 March 2003 on certain legal aspects of information society services, Belgian Senate, 2003-04, Nr. 3-355/1.
4 Commercial Court of Nivelles, 26 November 2003, http://www.droit-technologie.org

5 The Minister of Economic Affairs has designated officials to carry out the supervisory task: Ministerial Decree of 4 April 2003 designating the officials charged with supervising the infringements of the Law of 11 March 2003 on certain legal aspects of information society services, Belgian State Gazette 15 April 2003.
6 Law of 11 March 2003 on certain legal aspects of information society services as described in article 77 of the Constitution, Belgian State Gazette 17 March 2003.
7 cf. Regional Court of Augsburg NJW 2000, 593
8 15 O 420/02
9 According to Sect. 1 Unfair Competition Act
10 According to Sect. 823 Civil Code
11 cf. Regional Court of Berlin NJW 1998, 3208
12 cf. Federal Supreme Court GRUR 1971, 153, 154; 1998, 419, 420
13 12 S 2595/03