In the United Kingdom (“UK”), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”) dictate that direct marketing via electronic mail necessitates explicit prior consent or compliance with the soft opt-in. This allows businesses to engage with individuals who have previously expressed interest in their offerings, provided certain requirements are met.
However, questions arise regarding the applicability of the soft opt-in for sub-contractors or third parties not directly contracted with the end-customer. This blog explores the intricacies of soft opt-in consent for direct marketing and evaluates its viability for external entities within the regulatory framework of PECR.
What is the soft opt-in?
The concept of soft opt-in primarily revolves around existing customers within the realm of direct marketing. Essentially, if an individual has recently made a purchase from your business, provided their contact information and hasn’t explicitly opted-out of receiving marketing communications, it’s presumed they’re open to receiving similar offers from you. However, it’s crucial to have given them a clear opportunity to opt-out at the time of collecting their details and in every subsequent marketing message. This rule allows businesses to communicate with their existing customer base.
If your business wants to use the soft opt-in rather than obtain explicit prior consent, you must meet all of the following requirements:
• You obtained the individual’s contact details;
• In the course of a sale or negotiation of a sale of a product or service;
• You are marketing your similar products and services;
• You provided an opportunity to refuse or opt-out when you collected the individual’s contact details; and
• You give an opportunity to refuse or opt-out in every subsequent communication.
Can the soft opt-in be relied upon by a sub-contractor or a third party?
To answer this question, the first three requirements of the soft opt-in will be explored below.
1. You obtained the individual’s contact details
To satisfy this requirement, the organisation must obtain the contact details directly from the individual it intends to target with marketing communications. If someone else obtains the contact details, then the soft opt-in does not apply. There is no such thing as a third party marketing list that is “soft opt-in compliant”.
The Information Commissioner’s Office (“ICO”) gives the following example:
A restaurant buys a list of people’s mobile phone numbers which the third party claims are “soft opt-in compliant”. The soft opt-in does not apply because the restaurant did not obtain the contact details directly from these people. The restaurant did not satisfy the first part of the soft opt-in.
When a sub-contractor or third party directly acquires contact details directly from individuals that they intend to target with marketing emails, this requirement is satisfied. However, if the contact details were initially acquired by the contracting party, rather than the sub-contractor or third party, the soft opt-in does not apply.
2. In the course of a sale or negotiation of a sale of a product or service
This requirement means that the individual must actively express an interest in buying the product or services from the organisation. For example, by requesting a quote or asking for more details of what it offers. The organisation must have some form of clear and express communication.
For instance, individuals must actively express interest in purchasing products or services offered by the party initially contracted with the end-customer. If a sub-contractor or third party facilitates this process on behalf of the contracting party and individuals engage in expressions of interest or negotiations through them, then this requirement of the soft opt-in is likely to be fulfilled. However, if the sub-contractor or third party is not involved in the sale or negotiation process and individuals haven’t expressed interest or engaged in negotiations with either the party initially contracted with the end-customer or the sub-contractor or third party regarding the products or services, then the soft opt-in may not be applicable.
3. You are marketing your similar products or services
This requirement means an organisation can only send electronic mail regarding its similar products or services. The key question is whether individuals reasonably expect direct marketing about the organisation’s particular product or service. Since the soft-opt in applies solely to the organisation’s similar products and services, it does not extend to marketing messages from other entities. The ICO gives the following example:
A customer buys bread and bananas online from a large supermarket chain. Afterwards, however, they are unlikely to expect emails about banking or insurance products sold under the supermarket brand. These products are not bought and sold in a similar context. Also, the supermarket is usually not the same organisation as the one that provides banking or insurance products under its branding.
In cases where a sub-contractor or third party promotes products or services on behalf of the contracting party, it’s unlikely that this requirement would be met. The soft opt-in would not extend to cover marketing messages for products or services offered by the contracting party, even if they are similar to those offered by the sub-contractor or third party themselves.
Can organisations use bought-in lists to send marketing by electronic mail?
• In order to use such a list for electronic mail marketing, the individuals on the list must have given their explicit prior consent to receive such marketing.
• If the third party claims that individuals on the list consented to direct marketing, the organisation must check that any consent is valid.
• The soft opt-in does not apply to bought-in marketing lists. This is because as part of the soft opt-in, an organisation must collect the details directly from the person it wants to send marketing to during the course or negotiation of a sale of a product or service.
• Clearly this does not apply to details an organisation got from a third party.
Conclusion
In conclusion, the criteria set forth by the ICO regarding the soft opt-in for electronic marketing suggest that sub-contractors and third parties acting on behalf of the contracting party may face significant challenges in relying on it. The essence of the soft opt-in requirement dictates that contact details must have been acquired during the sale or negotiation process of a product or service. While sub-contractors and third parties facilitate transactions, they may not always possess the direct relationship with customers necessary to meet the criteria of the soft opt-in.
Aria Grace Law CIC
At Aria Grace Law CIC, we understand the complexities of navigating regulatory frameworks like the soft opt-in for electronic marketing, not only in the UK but also across various jurisdictions within Europe. Our data privacy team is dedicated to assisting organisations in complying with these laws and regulations effectively. If you’re seeking guidance on direct marketing strategies, we offer tailored solutions to ensure compliance while maximising marketing opportunities. Please feel free to get in touch with our team on privacy@aria-grace.com if you have any questions.
Article by Puja Modha (Partner) and Sarah Davies (Trainee Solicitor) – 9th April 2024