Anti-spam and direct marketing privacy guidelines


The Italian Data Protection Authority issued some guidelines aimed at setting out general regulations on privacy-related obligations concerning direct marketing practices and against spamming initiatives which provide very interesting insights.

The most interesting topics covered in the guidelines are the following:

Company email address

E-mail addresses structured like the following will be deemed to be personal email addresses i.e. data relating to individuals rather than companies for the purposes of Italian data protection law with the consequential need to comply with all the obligations prescribed by Italian data protection law and the possibility for the individual to rely on all the potential actions provided by data protection regulations. This was still an open issue for some aspects.

Opt-in for marketing communications

The general rule for the processing of personal data for marketing purposes is that it requires the prior express consent (opt-in) and it is not possible to merely either warn recipients of their right to object to the future delivery of marketing communications or require the consent to the delivery of marketing communications as part of a marketing communication itself. Such consent shall be recorded with reference to its date and the person giving it in order to be used as evidence of the consent.

No unique consent for products/services and privacy

It is not possible to obtain the privacy-related consent as part of a wider consent necessary to acquire a product/service and for instance two separate consents shall be required for the registration to a website and the opt-in to the delivery of marketing communications. Likewise, the privacy consent box cannot be pre-ticked, but customers shall be able to provide a separate consent for each data processing purpose.

This is a very frequent issue for businesses that obviously try to incorporate in a single consent both the acceptance of Ts&Cs and the consent to the delivery of marketing material.

Unique marketing consent for different channels of communication

Customers may be required to provide a unique marketing consent covering the different marketing practices (e.g. marketing via SMS, email, telephone, market surveys etc.) performed through the collected data provided that such practices are outlined in the privacy policy provided to customers and the latter are informed that the objection to the delivery of marketing communications relates to all the different channels of marketing communication.

This is a major change in the approach from the Italian Data Protection Authority since up until now, they requested a separate consent per channel of communication which was extremely burdensome for businesses.

Separate consent for marketing by third parties

An additional separate consent shall be required for the transfer of collected personal data to third parties for marketing purposes i.e. if the entity collecting the data is part of a larger group and wants that its affiliate company may use the collected data for the delivery of marketing communications relating to their products, an additional consent shall be required.

Also, such third parties shall be identified at least on the basis of their category of operation (e.g. finance, cloths or press material) and provide a privacy policy to customers before the delivery of marketing communications.

Social spamming

Privacy regulations apply also to communications sent for instance through private messages on Facebook or through Skype, WhatsApp or Messenger. On the contrary, if a person is a fan or a follower of a Facebook page or a Twitter account, it may be implied that the person consented to the delivery of marketing communications of on the page/account, but such delivery shall stop when the person unregisters from the page or ceases to follow the account.

The breach of the above mentioned obligations is subject to fines as well as criminal sanctions and therefore they cannot be underestimated.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© DLA Piper | Attorney Advertising

Written by:


DLA Piper on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.