May I send an email before my guest arrives offering additional services at limited rates? When may I send a newsletter to old clients or just new prospects? How do I ensure that I can do online marketing through cookies, but also stay within the legal framework? Recently, the subject of privacy has come up a lot in public debate. It also includes the permissibility and limits of direct marketing because, as follows from the term, it involves personal contact between advertiser and individual.
Authors: Elise Troll & Cees Plaizier
Personal contact, and thus use of personal data, makes direct marketing involve legal questions such as: do I have to ask the person's permission beforehand? And can that be done via opt-out, or must it be done with opt-in? What information do I need to provide about the use of individuals' data? With any form of direct marketing, certain conditions must be met and pitfalls lurk. Below we discuss two important forms of marketing: direct marketing by e-mail and the use of (marketing) cookies.
Direct marketing by e-mail has various manifestations, such as a periodic newsletter or a cross- or upselling e-mail to a prospective guest. These forms of e-mail marketing fall under the legal regime of the Telecommunications Act. The main rule there is: consent is required for sending unsolicited e-mails for commercial purposes. That consent must be by opt-in (that is, with an active action), and it must be clearly explained beforehand what the consent is for, and what processing of personal data is involved.
There are - fortunately - exceptions to the main rule. In particular, the existing customer exception is relevant. This applies if: (i) the e-mail address in question was obtained in the context of selling a product or service. Subsequently: (ii) the marketing e-mail must concern own and similar products or services, (iii) an opt-out must be offered for receiving marketing e-mails, and (iv) an unsubscribe possibility must be offered in each subsequent marketing e-mail.
The rule for direct marketing by e-mail is therefore: opt-in, but opt-out if the existing customer exception can be invoked.
Manage the expectation of addressees - make sure they are well informed in advance.
Provide an unsubscribe option with every marketing e-mail. This does not apply to service emails with no commercial intent.
Is the booking going through an intermediary? Ensure that consent has been obtained and adequate information has been provided before you send out marketing emails.
Avoid asking for redundant consent by always reviewing for exceptions.
Within already topical privacy law, the use of cookies is a hot topic right now. In practice, the rules are still often incorrectly applied or even deliberately violated for the sake of a commercial interest, and the regulator is trying to raise its profile and bring the market up to speed in response. The interpretation of cookie rules has been put on edge over the past year and a half by new legislation; for example, cookie walls are no longer allowed by the regulator and forms of implied consent for marketing cookies are under fire. Consider, for example, a cookie banner that reads as follows: 'by continuing to use this website, you consent to the use of cookies'.
Many organizations wrestle with the balance between the importance of complying with the cookie rules and not risking a fine, on the one hand, and the importance of having a clear picture of who visits the website and being able to offer targeted advertisements to these individuals, on the other. With the use of marketing cookies (also called tracking cookies) and with the use of certain analytical cookies, the main rule is that prior information about the use of these cookies must be provided and prior consent must be obtained. In practice, the questions (i) what provision of information can be considered sufficient, and (ii) how to arrange consent that restricts as little as possible the marketing activities via the website, are the main ones being wrangled with.
For the use of marketing cookies, it is therefore important that sufficient information is provided and that active consent is given by the website visitor.
Avoid using cookie banners that are in apparent violation of the rules. In particular, these are cookie walls, use of implied consent, and opt-out cookie banners.
Map out which cookies are used on your website, and what they are used for.
Seek advice on a cookie banner design that can be used for marketing purposes and also complies with regulations.
Possibly use service providers that offer cookie banners that are in compliance with applicable regulations.
More articles by Kennedy Van der Laan
This article can also be found in the ePrivacy file
