Bluetooth Marketing: The current legislation and proposed changes

13 October 2008


The E-privacy Directive 2001 as it currently stands states that prior consent is needed when engaging in certain types of direct marketing.

“The use of automated calling systems without human intervention (automatic calling machines), facsimile machines (fax) or electronic mail for the purposes of direct marketing may only be allowed in respect of subscribers who have given their prior consent.”

However, the E-privacy Directive applies to marketing over a communications network. Strictly speaking messages sent by Bluetooth are not sent over a communications network. Therefore it is not clear from the wording of the E-privacy Directive whether marketing by Bluetooth would be covered. In this article we consider a number of jurisdictions’ approaches to Bluetooth marketing.

It should be noted that the wording of the E-Privacy Directive is in the process of being amended. It has been suggested that this should include a change to make it clear that marketing by Bluetooth is covered.
Current position:

Our agency has suggested an advertising campaign using bluetooth technology in the shopping centre where we have our unit, but I'm worried about consumer consent and data issues. Is there anything of which I should be aware?
View from the UK

Until October 2007, the ICO’s view had been that the laws about email marketing applied to Bluetooth technology. This had given rise to some difficult questions as to how these laws could be applied in practice, particularly in respect of how to obtain appropriate consent.

However, in October, the ICO revised its guidance so that Bluetooth technology is now excluded.  Their view is that the relevant laws will only apply to messages sent over a public communications network and that Bluetooth messages are not in fact sent using such a network.

However, regardless of whether Bluetooth is covered by the legislation, consumers are increasingly aware of and concerned about the sophisticated uses to which their information is put. As such, the ICO suggests that organisations should still take consumers’ concerns into account when designing marketing strategies and should still consult industry guidelines on good marketing practice.

The DMA is also urging marketers to exercise caution when designing Bluetooth marketing campaigns and it considers that the spirit of the relevant rules for email marketing should apply to any electronic messaging medium. It is recommending that its members err on the side of caution when considering the permission implications of Bluetooth. It is suggested, therefore, that a consent based approach to Bluetooth marketing may still be appropriate in certain circumstances to help consumers recognise legitimate, marketing communications.

View from Spain

The use of Bluetooth technology has not been specifically contemplated by the current legislation nor by the Spanish Data Protection Agency (the “SDPA”) or the Spanish Commission for the Telecommunications Market (“CMT”). The lack of any kind of guideline regarding Bluetooth raises certain doubts about the applicability of the laws regarding marketing via email and other electronic means in this respect.

The Spanish Law 34/2002, on the Information Society Services and E-Commerce (the “LSSI”) regulates the commercial communications sent by email or other equivalent electronic means. This law does not expressly mention Bluetooth technology, but since this technology may involve the transportation of information (short mobile messages) using an electronic communication network the possibility of it being deemed as an electronic means may not be discarded.

However, Bluetooth technology is different to other technology (such as email and SMS) and it is possible that this difference is sufficient to avoid the application of the LSSI and its strict requirements for the sending of commercial communications.

The lack of any guideline or institutional opinion regarding this technology has not prevented its use  by several companies in Spain for marketing. Nevertheless, we recommend being very cautious in using it, as the relevant regulation is not absolutely clear and the requirements of the LSSI (that could be deemed applicable to this kind of technology) are strict.

In this regard, this law requires, among other conditions, the prior, express, consent of the recipient of the commercial communication. As Bluetooth technology does not “discriminate” the recipients of the commercial communications, it is not possible for senders to check that they have previously obtained the recipient’s consent.

Would it be possible to seek the express previous consent required to send commercial communications by using Bluetooth technology?

In order to do so, the messages should be limited to seek the consent, and they should not include any commercial content. Although in theory this could be a legitimate way to obtain the consent, in practice there is a risk that such messages could qualify themselves as unsolicited commercial communications, given the broad definition of “commercial communication” contained in the LSSI (any communication that directly or indirectly promotes goods or services of a company, organization or person developing commercial, industrial, handmade or professional activities) and the strict approach of the SDPA.  If Bluetooth technology is considered to be covered by the LSSI, then it is going to be very difficult for organisations to be able to meet the consent requirements under that legislation in practice.

View from Germany

German law provides no specific regulations on the use of Bluetooth technology as a means of marketing. Nor is there any applicable case law. However, there are good reasons to argue that commercial use of Bluetooth technology for marketing purposes without the recipient’s consent triggers liability in light of unfair competition law and is a breach of the privacy rights of the recipient.

According to the German Act against Unfair Competition ("Gesetz gegen den unlauteren Wettbewerb", UWG) marketing activities causing an unacceptable nuisance to market participants constitute an act of unfair competition (Section 7 para. 1 UWG). Such acts could give rise to potential damages as well as cease and desist claims, particularly from competitors. German legal commentators argue that an unacceptable nuisance is given whenever market participants are forced to deal with marketing information they have neither requested nor have a chance of avoiding. Although until now, this view has not been validated by a court, Bluetooth marketers should regard sending marketing information via Bluetooth as an act of unfair competition unless the recipients' prior consent to receiving such information has been obtained. Such consent cannot be obtained by sending a Bluetooth request to recipients because such request will already be regarded as an unacceptable nuisance to the recipient who is forced to deal with them. Rather, it is recommended to obtain the recipients’ implied consent. A way of achieving this, can be to limit the Bluetooth sender range to a range of or below 50 cm. Due to such limited range, interested recipients must intentionally approach the sender or must intentionally point their Bluetooth-enabled device to the sender to receive the marketing information transmitted. There are reasons to argue that such active involvement of the recipients constitutes their implied consent. An assessment however needs to take the individual circumstances into account.

Unsolicited Bluetooth marketing is also likely to constitute a violation of the recipients' privacy rights (allgemeines Persönlichkeitsrecht). In order to avoid liability for such breach (also potentially entitling the recipient to damages and cease and desist claims), Marketers when designing Bluetooth marketing campaigns, should therefore ensure they obtain the recipients' prior express or eventually implied consent as set forth above.

View from The Netherlands

There have been no formal or official decisions in the Netherlands as to whether Bluetooth marketing falls under the anti spam provisions of the Dutch Telecoms Act (DTA).

The DTA contains rules for 'electronic messages', ie a message with text, voice, sound or images, that is sent over a public electronic communications network and that is stored in the network or the handheld (terminal equipment) of the recipient. It is doubtful if, and if so to what extent, Bluetooth communications constitute transmission of messages over a public electronic network. It could very well be argued that 'Bluetooth networks' are in fact closed user groups, and thus not public. However, there might also be cases where such Bluetooth networks are not closed usergroups. In such cases the anti spam provisions could be applicable to Bluetooth messages.

As such, the best approach for marketers is tread carefully and treat Bluetooth marketing as electronic communications and comply with the rules for such, ie work on the basis of an opt-in regime.

View from Sweden

An advertising campaign using Bluetooth technology will probably require prior consent under Swedish law and a consent-based approach is therefore recommended. The question is whether Bluetooth technology, i.e. a secure, unlicensed short range radio frequency which enables devices to exchange information, is such communication, and part of a public communications network, that the requirement of prior consent for unsolicited communication applies. The question is yet to be answered by the Swedish courts and/or the supervisory authority, the Swedish Consumer Agency, but it is probable that the provision will apply.

Article 13 of Directive 2002/58/EC prescribes that unsolicited communication, such as e-mails and SMS/MMS, for direct marketing purposes may only be allowed in respect of subscriber who have given their prior consent. “Communication” is under the same directive defined as “…any information conveyed between a finite number of parties by means of a publicly available electronic communication service.” Article 13 has been implemented into Swedish law by Section 13 b of the Swedish Marketing Practises Act (“MPA”). As part of the implementation “e-mail” has been defined as “an electronic text, voice, sound or graphic communication which is addressed or otherwise individualised, sent via a public communications network and which can be stored in the network or the recipient’s terminal equipment until such time as it is retrieved by the recipient.”

The Swedish electronic communication legislation is technologically neutral and the applicability of the Section 13 b of the MPA seems to depend on whether the communication at hand is publicly available or not. A feature of a publicly available network is, according to the preparatory works of the former Telecommunications Act, that it is available to a wide range of users for connection and an example of this is a network which everyone within a geographically defined area can connect to. There is however no requirement that each and everyone can access the network, it is enough that the network is available to a defined group of users. Based on this description, Bluetooth technology could be regarded as a publicly available network providing services for the passers-by which have the Bluetooth function on their mobile activated, walking past a shop where the shop-owner uses Bluetooth technology to promote its products and services.

Also, looking at the purpose of Article 13 of the Directive, to prevent unsolicited communications for direct marketing purposes which can be perceived as intrusive by the individual, advertising campaigns using Bluetooth technology can be such that they need to be prevented. Taking consumers’ concerns into account, and until the issue has been resolved by the authorities or the legislator, caution is recommended and a consent-based approach to Bluetooth marketing should be used.

View from Belgium

From a legal point of view, this is a grey area. Neither the Privacy Commission nor the national regulatory authority for telecommunications (BIPT/IBPT) have issued any formal position on this yet.

Belgian law defines "electronic mail" as "a text, voice, sound or image message sent over a public communications network which can be stored in the network or in the recipient's terminal equipment until it is collected by the recipient" (Article 2 of the E-commerce Act of 11 March 2003). As such Bluetooth messages may not fall under this definition for some of the reasons already considered by other customers.

However, Bluetooth messages can still be considered as unsolicited electronic messages so that it would certainly be cautious for marketing agencies to take into account the current rules in relation to email marketing (and apply a consent-based approach).

View from Italy

The Italian Data Protection Authority has not to date publicly expressed its view on the use of Bluetooth technology for marketing purposes; moreover, there is no relevant public debate on this issue in Italy.

In absence of specific provisions or guidance from the competent authorities, a possible assessment of the problem is based basically on the examination of two main provisions:
a. section 58 of the Italian Consumer Code (Legislative Decree D.Lgs. 206/2005) concerning the restriction on the use of certain means of distance communication;
b. section 130 of the Italian Data Protection Code (Legislative Decree 196/2003) governing the use of electronic communication systems for unsolicited communications.

More precisely, from a consumer perspective, section 58 para.2 of the Italian Consumer Code suggests that the use of a technology, like Bluetooth, would be subject to the opt-out principle.

However, this view would appear to conflict with the requirement of the prior consent (opt-in) imposed by the Italian Data Protection Code (point b) above) for electronic communications.

Even if it was possible to argue that Bluetooth technology was not an electronic communication (since it does not use a publicly available electronic communications service), it will still be caught by other provisions of the Italian Data Protection Code which also require an opt-in. Given this conflict, we advise organisations which wish to use such technology to adopt a cautious approach and obtain consent from consumers.