Unsolicited Commercial E-mail Checklist

August 31, 2003

I was walking to work one day when it occurred to me that all the various rules about sending out unsolicited commercial e-mails needed to be brought together. The checklist below is the result. I would like to thank Susan Singleton, Peter Carey and Simon Chalton for their helpful comments on my first draft.

1.1 How did you get the data subject’s contact details, and were they fairly obtained? (see the fair processing code: Data Protection Act 1998, sch 1, part II, paras 3-11)?

1.2 Is your data processing about the target necessary for the purposes of legitimate interests pursued by you? (DPA 1998, sch 2, para 6(1)). Your “legitimate interest” must be balanced against the rights and freedoms of data subjects.

1.3 Does your processing require transfer of personal data to countries outside the European Economic Area? If so, can you get within the exemptions in the DPA 1998, sch 4 and, if not, have you the necessary contracts in place to secure adequate protection of personal data?

2. Has the target registered under the Mailing Preference Service, Telephone Preference Service or Fax Preference Service? (note that the Mailing Preference Service applies only to individuals, sole traders and partnerships).

3. Has the target previously given you notice that they do not wish to receive direct marketing from you? (DPA 1998, s 11).

4. If your message is electronic (e-mail, SMS or MMS)

4.1 Is there an existing customer relationship between you and the target or has the target given their prior consent to your contacting them in this way? (This is essential under reg 21 of the Privacy and Electronic Communications (EC Directive) Regulations 2003, which come into force at the end of October 2003 and clause 43.4 (c) of the British Code of Advertising, Sale Promotion and Direct Marketing).

4.2 Do all of your messages to the target contain an opportunity for the target to opt out easily from any further contact from you? (Article 13 of the Directive on Privacy and Electronic Communication).

4.3 Does the message make it clear that it is a commercial communication and on whose behalf it is being sent? (E-commerce Regulations 2002, reg 7).

4.4 If your message contains a cookie, have you made the target aware of this and explained the function of the cookie to them? (Article 5(3) of the Directive on Privacy and Electronic Communication).

4.5 If your message offers electronic contracting, does your message contain your name, address, e-mail address and VAT number, clear indications of prices and details of any trade organisation to which you belong? (E-commerce Regulations 2002, reg 6).

4.6 If your message offers electronic contracting, have you provided a clear description of the technical steps required to enter into the contract, how targets may correct any inputting errors and how targets can access and store the terms of the contract made? (E-commerce Regulations 2002, reg 9).

5. If your message to the target is not electronic, have you provided the target with an opportunity to opt out from any further contact from you? (There is no legal obligation for this but it is good practice).

6. If your message offers to sell goods or services to consumers over a distance (eg via the Internet, telephone or by catalogue, letter or press advertisement), has the target been provided with the following information before any contract is made (Distance Selling Regulations 2000, reg 7):

6.1 your name and your geographical (rather than an Internet) address;

6.2 a description of the goods or services;

6.3 the period that the offer remains open;

6.4 the price (including all taxes and delivery charges);

6.5 the right to withdraw within 7 working days; and

6.6 the arrangements for delivery of any goods?

7. Does your message comply with the regulations of the British Code of Advertising, Sale Promotion and Direct Marketing? (The 11th edition came into force on 4 March 2003).

Jeremy Holt is a partner at Clark Holt (www.ClarkHolt.com)