ASA adjudication on Explicit Consent Rules

06 January 2005

David Clark


On 13 October 2004 the Advertising Standards Authority (“ASA”) upheld a complaint against an online DVD rental company, illustrating just how careful companies are expected to be when they use e-mail marketing lists from a third party provider.

A division of the Peterborough based Home Entertainment Corporation,, purchased an e-mail marketing list from a liquidated company under a contract which stated that explicit opt-in consent to receive e-mails from third parties had been obtained from the addressees. Unfortunately, this was not the case and when an individual complained that he had consented to receive electronic communications from the liquidated company but not third parties,’s reliance on the contract with the liquidated company was not accepted as a defence, and the ASA upheld the complaint.

The complaint advertised free DVD rental in an e-mail entitled “30 days FREE DVD rental!”. The e-mail stated:

1 – SELECT Choose your DVDs from over 18,000 titles … 2 – RECEIVE Receive your DVDs by First Class post … 3 WATCH Enjoy your DVDs for as long as you like … 4 – RETURN Return free of charge and we’ll send you the next one …

The complainant, a Cambridgeshire resident, objected that:

  • had not obtained his explicit consent to send him commercial e-mails because although he had consented to receive e-mails from the liquidated company he had not given his consent to the liquidated company to pass on his details to third parties
  • the e-mail did not give him the opportunity to opt-out of receiving further commercial e-mails from

In relation to 2, maintained that it was their standard practice to include an unsubscribe facility in their e-mails but admitted that on this occasion that facility had been mistakenly omitted. They stated that this error had now been corrected. The ASA accepted this but upheld the complaint and cautioned to make certain that it was included in future.

The explicit consent issue was dealt with as follows.

The defence provided the ASA with a copy of the contract it had negotiated with the liquidators of the company whose customer e-mail addresses it had purchased. The contract stated that:

… [] has agreed to buy a customer list … that contains approximately 216,000 email addresses representing all of the active customers (i.e. customers who have made at least one purchase from the Seller within the period of 12 months immediately preceding the date of this Agreement) known to the Liquidators who have given opt-in consent (which has not been withdrawn and is still current at the date of this Agreement) to receive electronic communications from third parties …

The contract had even included the following declarations from the partners in the liquidated company:

I confirm that the customer database … comprises a list of e-mail addresses of former customers of the company all of whom, to the best of my knowledge and belief, have agreed to receive electronic communications from third parties … assured the ASA that their decision to buy the e-mail database had been based on this contractual undertaking that the liquidated company’s customers had given opt-in consent to receiving e-mail marketing from third parties, which they had specifically included in the contract to ensure their compliance with the relevant legislation.

The ASA’s decision

The ASA acknowledged that had bought the customer database in good faith and that the contract stated clearly that the customers had given opt-in consent to receiving e-mails from third parties. However, the ASA observed that had not adduced any evidence to show that the complainant (or for that matter any of the other customers of the liquidated company whose e-mail addresses it had bought) had given explicit consent to the liquidated company to pass on their details to third parties. The ASA said that it was the responsibility of any third party purchasing a marketing list to ensure that the first instance permission-holder from whom they are buying the list had been given explicit consent by its customers to pass on their details to third parties. The third party marketer should also be able to provide the ASA with evidence of this explicit opt-in consent upon request.

The ASA therefore accepted the complainant’s contention (‘contention’ because there is no hint in the adjudication that the complainant had any evidence of not having provided explicit consent) that he had not given the liquidated company consent to pass on his details to third parties and upheld his complaint that had sent him a commercial marketing e-mail without having obtained his explicit consent.

The specific sections of the CAP Code which was held to have breached are sections 43.4c and 43.5, which provide that:

43.4c The explicit consent of consumers is required before …sending marketing communications by e-mail or to mobile devices, save that marketers may send unsolicited marketing about their similar products to those whose details they have obtained in the course of, or in negotiations for, a sale. They should, however, tell them they may opt-out of future marketing both when they collect the data and on each occasion they send out marketing communications and should give them a simple means to do so. Explicit consent is not required when marketing business products to corporate subscribers (see 1.3j), including to their named employees

43.5 If after collection it is decided to use personal information for a purpose significantly different from that originally communicated, marketers should first get the explicit consent of consumers. Significantly different purposes include:

a) the disclosure of personal information to third parties for direct marketing purposes

b) the use or disclosure of personal information for any purpose substantially different from that which consumers could reasonably have foreseen and to which they might have objected.

The ASA instructed to acquire evidence-based explicit consent before sending commercial e-mails in future.

What does this mean in practice? was not fined or penalised directly (though the instruction to acquire evidence of explicit opt-in consent for third party marketing means that is presumably prevented from using any of the approximately 216,000 other customer addresses it had bought from the now defunct company). It is important to note that this was dealt with as a breach of the CAP Code, not as a breach of the Privacy and Electronic Communications Regulations 2003.

However, its reputation has not been improved by the adverse publicity and the response to that segment of its marketing campaign which was based on the liquidated company’s customer list may have been poor, since it is likely that the complainant was not the only recipient who had not provided explicit opt-in consent.

More broadly, this ruling makes it very clear that the ultimate responsibility for ensuring that explicit opt-in consent has been obtained lies absolutely with the marketer and this means that marketers buying in address lists of contacts to whom they wish to market can no longer accept the word of list brokers at face value. A paper trail to prove consent is required and list warranties, though commercially essential, are clearly not enough. A list purchaser should probably seek examples of the wording that was used to obtain the consent and great caution should be exercised with entities that are unlikely to be able to make good on the contractual warranties they have provided.

Finally, and uncontroversially, marketers should always ensure that an unsubscribe facility is included in their marketing e-mails.