Why can’t I add someones name to my mailing list if they give me their card at a networking event?

There seems to be a great deal of confusion about consent for sending marketing emails.

Under the Data Protection Act 1998 opt-out (or similar) consent is generally sufficient in the case of marketing emails involving non-sensitive personal data. However, express or opt-in consent would be required for any direct marketing communications which involve the processing of sensitive personal data, such as data relating to ethnicity, politics or medical conditions.

Opt-in or equivalent consent is required under the Privacy Regulations for marketing emails sent to individual subscribers, unless the soft opt-in provisions apply i.e..  (NB the Privacy Regulations do not use the terms “opt-in” and “opt-out”.)

You should also check the requirements of your email service provider’s terms and conditions. These often required a more stringent standard of consent than the general law.

So you will need to do something more than simply harvesting email addresses to legitimately send marketing emails.

This entry was posted in Crimson Crab, Data Protection, Information Risks, What we are being asked about and tagged , , . Bookmark the permalink.