The Information Commissioner’s Office (ICO) recent Guidance told us that the next big hurdle for bulk email marketing will be consent. It warned us to take care with regards to time limits of consent, but were irritatingly unspecific.
The ICO has highlighted four particular areas where time limits on consent will be of concern:
1. When a person joins an email marketing list as part of signing up for a particular service
2. When a person gives consent for a specific individual purpose
3. Where there is a significant change in circumstances regarding the consent
4. Where the consent is “indirect”
It seems the ICO will take a stricter view on indirect consent for email marketing. Given the heavy dependence many British companies have on list rental, this will be of concern. One particular point is where consent has been garnered by way of promising that addresses will only be given to “selected third parties” when that third party passes them on further.
Apart from those who rent their email marketing lists, this new push from the ICO should give little concern in practice. Procedures can be introduced which, subject to the ICO moving the goalposts, should cover the first three circumstances above.
At the moment, when a customer signs up to join an email marketing list their action has to be overt. This is normally understood to mean that an unticked box should be provided for the person to click or the filling in of a form before they are put on such a list. This is now common, although perhaps not universal.
If we make the assumption that all those mentioned above have ticked a box already then any further checks to see whether or not a person wishes to stay on an email marketing list would not require, one would assume, the same rigorous procedure.
Customer A ticked the box in order to obtain emails offering cancelled holidays at various locations for the summer. This would fall within the definition of point 1 above. Once the summer ends, so does the consent as the assumption is that the consent was for the period specified.
However, if in the emails towards the end of the period it is mentioned prominently that further similar offers for the next holiday period would continue to be made unless the customer ‘ticks the box below’ then one might feel confident that it complies with the ICO’s new tighter controls.
The example given by the ICO, a product launch, where the consent expires once the specific occasion is over could be dealt with similarly.
The item under point 3 above is rather more complex, as significant change in circumstances covers a multitude of events. It could be assumed that a significant change in the structure of the company which owns the email marketing list would fall into this. If notification of the changes is given to the subscriber together with a prominent and simple method of unsubscribing then this might well extend the consent.
All this is, of course, speculation and the circumstances of each specific case might well change matters. The old days of never-ending consent are over. Ensure your systems can cope.