E-Privacy
Unsolicited Communications to (Persons) I
A person shall not use or cause to be used any publicly available electronic communications service to send to a subscriber or user who is a natural person an unsolicited communication for the purpose of direct marketing by means of—
- an automated calling machine,
- a facsimile machine, or
- electronic mail,
unless the person has been notified by that subscriber or user that he or she consents to the receipt of such a communication.
“Consent” by a user or subscriber means a data subject’s consent in accordance with the Data Protection Acts and the directive. An “unsolicited communication” means a communication that is not requested by the contacted party. “Electronic mail” means any text, voice, sound or image message including an SMS message sent over a public communications network which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient;
Unsolicited Communications (Persons) II
“communication” means any information exchanged or conveyed between a finite number of parties by means of a publicly available electronic communications service, but does not include any information conveyed as part of a broadcasting service to the public over the electronic communications network except to the extent that the information can be related to the identifiable subscriber or user receiving the information;
The use of electronic mail to send an unsolicited communication for the purpose of direct marketing to a natural person does not include an electronic mail to an email address that reasonably appears to the sender to be an email address used mainly by the subscriber or user in the context of their commercial or official activity and the unsolicited communication relates solely to that commercial or official activity.
Identifying Sender
The E-Commerce Directive requires the EU States to ensure that any unsolicited commercial communication by e-mail must clearly and unambiguously identify the sender. The Irish Regulations provide that an unsolicited commercial communication, by a “relevant service” provider established within the State to be clearly and unambiguously identified as such, by stating that it is an unsolicited commercial communication.
A “relevant service” is a service provided for remuneration at a distance by electronic means at the individual request of the recipient. The communication must be identified as being part of a relevant service. The persons on whose behalf they are sent must be clearly identifiable. The provider must display prominently on its website, and in other places such as on key documents and registration forms, details of how natural persons can register their choice regarding unsolicited commercial communications.
Particulars to be Given in Direct Marketing Communications
A person who uses, or causes to be used, any publicly available electronic communications service to make a call or send a communication for the purpose of direct marketing shall—
- in the case of a call, include the name of the person making the call and, if applicable, the name of the person on whose behalf the call is made,
- in the case of a communication by means of an automated calling machine or a facsimile machine include the name, address and telephone number of the person making the communication and, if applicable, the name, address and telephone number of the person on whose behalf the communication is made, or
- in the case of a communication by electronic mail, include a valid address at which that person may be contacted.
A person shall not send or cause to be sent electronic mail for the purposes of direct marketing, which—
- disguises or conceals the identity of the sender on whose behalf the communication was made,
- encourage recipients to visit websites or otherwise contravenes Regulation 8 of the European Communities (Directive 2000/31/EC) Regulations 2003 (S.I. No. 68 of 2003, or
- does not have a valid address to which the recipient may send a request that such communication shall cease.
Direct Marketing of own Products or Services to Customers
A person who, in accordance with the Data Protection Acts, obtains from a customer the customer’s contact details for electronic mail, in the context of the sale of a product or service, shall not use those details for direct marketing unless—
- the product or service being marketed is the person’s own product or service,
- the product or service being marketed is of a kind similar to that supplied to the customer in the context of the sale by the person,
- the customer is clearly and distinctly given the opportunity to object, in an easy manner and without charge, to the use of those details at the time the details are collected, and if the customer has not initially refused that use, each time the person sends a message to the customer, and
- the sale of the product or service occurred not more than 12 months prior to the sending of the direct marketing communication or, where applicable, the contact details were used for the sending of electronic mail for the purposes of direct marketing within that 12-month period.
Requirements for Marketing Mail (Details and Opt-Out)
An information society service is any service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service.
An unsolicited commercial communication by an information service provider established within the State shall be identified clearly and unambiguously as such as soon as it is received by the recipient by stating that it is an unsolicited commercial communication. The natural or legal person on whose behalf the commercial communication is made shall be clearly identifiable.
Details of how natural persons can register their choice regarding unsolicited commercial communications shall be provided; these should be prominently displayed on the relevant service provider’s website and at every point where natural persons are asked to provide information at the provider’s website (for example a registration form).
Promotional offers, such as discounts, premiums and gifts shall be clearly identifiable as such, shall comply with any enactment for the time being in force relating to such activities and the conditions which must be satisfied in order to qualify for them shall be easily accessible and be presented clearly and unambiguously, and
Promotional competitions or games, where permitted under the law of the State, shall be clearly identifiable as such, and the conditions for participation shall be easily accessible and be presented clearly and unambiguously.
Unsolicited Marketing Offences
A person who contravenes the above requirements commits an offence. This applies to electronic communications, faxes and calling machines. It is an offence to use any publicly available electronic communication service to make an electronic unsolicited call for the purpose of direct marketing to corporations or State institutions, where the sender has been notified that the subscriber does not consent and this is recorded in a national directory database.
The sending of each unsolicited communication or electronic mail or the making of each unsolicited call constitutes a separate offence.
If in proceedings for an offence under the Regulation, the question of whether or not a subscriber or user consented to receiving an unsolicited communication or call is in issue, the onus of establishing that the subscriber or user concerned unambiguously consented to receipt of the communication or call lies on the defendant.
Right of Damages for Breach
A person who suffers loss and damage as a result of a contravention of any of the requirements of the Regulations by any other person shall be entitled to damages from that other person for that loss and damage.
In legal proceedings seeking damages against a person under the Regulations, it is a defence for a person to provide that he or she had taken all reasonable care in the circumstances to comply with the requirement concerned.
Unsolicited Telephone Call
A person shall not use or cause to be used any publicly available electronic communications service to make an unsolicited telephone call for the purpose of direct marketing to a subscriber or user, where—
- the subscriber or user has notified the person that the subscriber or user does not consent to the receipt of such a call, or
- the relevant information is recorded in the National Directory Database.
A person shall not use or cause to be used any publicly available electronic communications service to make an unsolicited communication for the purpose of direct marketing by means of a telephone call or automated calling machine to the mobile telephone of a subscriber or user unless—
- the person has been notified by that subscriber or user that he or she consents to the receipt of such communication on his or her mobile telephone, or
- the subscriber or user has consented to receive such communication and such consent stands recorded on the date of such communication in the National Directory Database in respect of his or her mobile phone number.
Unsolicited SMS
A person shall not use or cause to be used any publicly available electronic communications service to send to a subscriber or user an SMS message for a non-marketing purpose which includes information intended for the purpose of direct marketing unless the person has been notified by that subscriber or user that he or she consents to the receipt of such a communication.
A subscriber or user shall be able to make a notification or make a request to record relevant information in the National Directory Database without charge. A person will not contravene the above requirement if the unsolicited communication concerned is made during the period of 28 days after a request or notification received and recorded in the National Directory Database by the operator (now Eir) in respect of the subscriber or user concerned
Cookies (E-Privacy Directive)
The ePrivacy Directive provides that Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with the Data Protection Act / GDPR. The user must be offered the opportunity to refuse such use of his terminal equipment (computer, device etc)
This covers sso-calledcookies which are data sent from a website and stored on the user\’s computer by the user\’s web browser while the user is browsing.
This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.
Consent re Cookies
The consent of the user must be captured. Consent may be obtained explicitly through the use of an opt-in check box which the user can tick if they agree to accept cookies.
Consent may also be obtained by implication where it is specifically notified that by continuing to use the site the user consents to the use of cookies in accordance with the cookies policy.
As best practice, a positive action may be deployed to dismiss the notification. Many websites have addressed this issue by providing a \’hide\’ button which dismisses the notification.
Consent should be sought as part of a \”prominent notification\” displayed on entry to a web site (this might be the home page of the site but may also be via a \’deep link\’ to an inner page, which a user has found from a search result, for example).
Cookie Statement
The notification should contain a link to a Cookie Statement which will outline in greater detail how the site makes use of cookies.T he Cookie Statement should contain clear and comprehensive information on
- how cookies are used,
- types of cookies used
- details on how to remove them
- description of their purpose
- their expiry dates
Clear and comprehensive information should be provided including Itemised cookie types, including their purpose e.g. preferences such as language or, font, browsing & search history, tracking, session security and any third party cookies.
Unsolicited Automated Calls or Faxes (Corporate Opt-Out)
A person shall not use or cause to be used any publicly available electronic communications service to send an unsolicited communication for the purpose of direct marketing by means of an automated calling machine or a facsimile machine to a subscriber or user, other than a natural person, where—
- the subscriber or user has notified the person that the subscriber or user does not consent to the receipt of such a communication, or
- the relevant information is recorded in respect of the subscriber or user in the National Directory Database.
A person shall not use or cause to be used any publicly available electronic communications service to send an unsolicited communication for the purpose of direct marketing by means of electronic mail, to a subscriber or user other than a natural person, where the subscriber or user has notified the person that the subscriber or user does not consent to the receipt of such a communication.