The digital age has revolutionised the way personal data is processed in both the private and commercial spheres. The relentless drive for innovation and technological progress is radically shaping up our present and future. The Internet, which sees its origin from a military networking project, has become omnipresent in our daily agenda.
Commercial organisations are conveniently using the electronic platform to promote their products and services in a fast, reliable and cheap way. Marketing is a core tool in business management and strategies are usually devised to reach as many target recipients as possible. In this regard, capitalising on gathering personal information is fundamental for persons engaged in a commercial activity. However, does this endeavour always ensure that the individuals’ privacy rights are safeguarded and put at the forefront of any other prevailing commercial interest?
The process of sending an electronic communication for the purpose of direct marketing is regulated by the provisions of the data protection legislation. The law stipulates that no person can send such communication without having sought the prior consent of the intended recipient provided that the contact details were not collected in relation to an earlier sale of a product or service. In this eventuality, the electronic communication shall solely promote a product or service, similar to the one previously sold or rendered.
The recipient shall always be given the opportunity to object, free of charge and in an easy and simple manner from receiving further marketing electronic communications. It is imperative that the opt-out clause is included in each and every outgoing message. Disguising or concealing the sender’s identity runs counter to the transparency principle and is prohibited by law.
The spirit of the data protection regime is, principally, to provide protection of natural persons against the violation of their privacy rights; however this regulation goes a step further and extends the applicability to legal persons.
The national legislation empowers the Commissioner to investigate cases of privacy breaches within the boundaries of the Maltese jurisdiction. This means that the law applies to marketing communications which originate from a sender in Malta and where the email address, or mobile number in case of a short message service, leads to the identification of the same sender. This notwithstanding, in cases of unsolicited communications originating from other EU Member States, the Office can assist the receiving person in the resolution of the complaint through the collaboration mechanism established amongst our European counterparts.
It is an undisputed fact that the majority of unsolicited marketing communications, commonly known as spam, originate from the United States. Anti-spam filtering mechanism hosted on the service providers’ servers coupled with spam filtering solutions locally installed on personal computers, play a pivotal role in reducing the amount of spam mails which incessantly reach our mailboxes.
One may justifiably argue that unwanted marketing communications do also flood our letter boxes and also reach our telephone sets. This is also a nuisance.
The law makes provision for the sending of marketing communications by conventional postal services and lays down that such communications can be sent given that the recipient is provided with the opportunity to object from receiving further marketing letters.
Where marketing communications are addressed to ‘The Occupier’ and do not contain personal data, the law does not apply due to the exclusion of the processing of personal information. However, one may clearly indicate the unwillingness of receiving further junk mail by fixing a note on the letter box.
Similarly, the data protection legislation does not prohibit telephone calling, specifically intended to promote a particular product or service. However, the caller is obliged to inform the person with the true purpose of the telephone call at the start of the conversation and allow the person to freely decide whether to continue with the call or not. The data subject’s decision should be respected in the event of future calls.
Having said this, the privacy legislation clings to a couple of principles which establish the platform for good practice processing. Personal information should be obtained legitimately and not processed for a purpose which is incompatible with that for which the information has been collected. For instance, the telephone directory, a publicly available register, may be used by any person to contact a subscriber whose name appears thereon. Anyone who wishes not to be contacted has the fee option to withdraw the details from the directory and switch to ex-directory status.
Complaints received by the Office on this subject are always on the rise. The Commissioner is committed to promulgate more data protection awareness and to investigate each complaint with a high degree of responsibility and equal importance. Advocating the data protection requirements should not be deemed as a legal burden by the business community but, on the contrary, a major selling factor.