The European Guide to Data Law



Similar documents
PHONE SELLING ADDITIONAL INFORMATION

User tracking: Scope and Implementation eprivacy Directive Article 5(3)

1. Perception of the Bancruptcy System Perception of In-court Reorganisation... 4

Mondelēz International entity which issued the PO matches Mondelēz International entity to which you issue your invoice

International Compliance

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.

Statistics on Requests for data under the Data Retention Directive

Direct marketing - list to avoid advertisi Websites/links Applicable Law

Response to the European Commission s consultation on the legal framework for the fundamental right to protection of personal data

How to get your invoice paid on time?

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.

FEDERATION EUROPEENNE DE LA MANUTENTION Product Group. industrial trucks. A brief guide for identification of noncompliant. - Exhaust Emission -

Delegation in human resource management

UTX Europe V2 - Enhancements

Appendix A Data Protection and Marketing Regulatory Considerations for the European Union

To summarise some of the key points of the Regulations are as follows:

Canada GO 2535 TM World Traveller's edition Maps of North America (Canada, US, Mexico), Western and Central Europe (including Russia) CAD 349,95

Briefing note. Survey of environmental liability insurance developments

AN INTRODUCTION TO THE EU DIRECTIVE ON THE PROTECTION OF PERSONAL DATA

INNOBAROMETER THE INNOVATION TRENDS AT EU ENTERPRISES

Definition of Public Interest Entities (PIEs) in Europe

C h a r t 1 - KPNQwest Group

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data

Value of production of agricultural products and foodstuffs, wines, aromatised wines and spirits protected by a geographical indication (GI)

The coordination of healthcare in Europe

EUF STATISTICS. 31 December 2013

EN ISO Safety of machinery Risk assessment. Sicherheit von Maschinen Risikobeurteilung Teil 1: Leitsätze (ISO :2007)

ÖNORM EN The European Standard EN has the status of an Austrian Standard. Edition: Standards group B

Vermont Global Trade Partnership Topic: Exporting Software to the E.U. Summary

Media and Privacy Opt in/opt out Regulations in major world markets produced by the members of the Lucerna Iuris Legal Network

Family benefits Information about health insurance country. Udbetaling Danmark Kongens Vænge Hillerød. A. Personal data

SERVICE LEVEL AGREEMENT! CONFIRMATION

Data buyers guide. all the business you want

ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012

COMPANIES ENGAGED IN ONLINE ACTIVITIES

INTERNATIONAL TRACKED POSTAGE SERVICE

Planned Healthcare in Europe for Lothian residents

Premium Data Centre Europe Pricing, Business Model & Services

About us. As our customer you will be able to take advantage of the following benefits: One Provider. Flexible Billing. Our Portal.

SESAR. Luftfahrttechnologie - Auftaktveranstaltung zum 7. EU-Forschungsrahmenprogramm Wien, 4 Dezember 2006

Data Transfer Policy London Borough of Barnet

Optimising the B2B Sales Funnel

DRAFT ÖNORM EN

Pan-European opinion poll on occupational safety and health

Appendix C. National Subscription Television Regulations

SURVEY ON THE TRAINING OF GENERAL CARE NURSES IN THE EUROPEAN UNION. The current minimum training requirements for general care nurses

Electricity, Gas and Water: The European Market Report 2014

TOWARDS PUBLIC PROCUREMENT KEY PERFORMANCE INDICATORS. Paulo Magina Public Sector Integrity Division

Gilead Transparency Reporting Methodological Note

Data Protection for Fundraisers

Credit transfer to Customer account with AS "Meridian Trade Bank" EUR, USD free of charge * Other countries currency information in the Bank

IMPORTANT Invoice Instructions for Timely Payment of your Invoices

PUBLIC VS. PRIVATE HEALTH CARE IN CANADA. Norma Kozhaya, Ph.D Economist, Montreal economic Institute CPBI, Winnipeg June 15, 2007

Electricity and natural gas price statistics 1

INTERNATIONAL COMPARISONS OF HOURLY COMPENSATION COSTS

SD Worx Connect Erasing the borders of payroll

The European Organisation For Insolvency Professionals

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

Drink Driving in Europe

TPI: Traffic Psychology International on a common European curriculum for postgraduate education in traffic psychology

Cyber Security Training for Journalists, May Leuven

Labour Force Survey 2014 Almost 10 million part-time workers in the EU would have preferred to work more Two-thirds were women

ERASMUS+ MASTER LOANS

QUEST improving the quality of urban mobility policies

Drink driving in Europe

Data Protection Policy Information for Clients

2 ND CALL FOR PROPOSALS 27 October January 2009

Lawson Business Intelligence. Solutions for Healthcare

EUROPEAN EMPLOYMENT LAW UPDATE

BEST PRACTICES/ TRENDS/ TO-DOS

ERASMUS+ MASTER LOANS

Analysis on European landscape & Match making tool for Photonics Industry & Research

CASE STUDY. The Company and its History. Outils WOLF EU Directive and Production-line Testing, R&D. France. Consumer Products

Document Management Market Forecast: ~~~

International ACH: Payment Gateway to Europe

ESC-ERC Recommendations for the Use of. Automated External Defibrillators (AEDs) in Europe

Introduction. Fields marked with * are mandatory.

Size and Development of the Shadow Economy of 31 European and 5 other OECD Countries from 2003 to 2015: Different Developments

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

CABINET OFFICE THE CIVIL SERVICE NATIONALITY RULES

The prospects for data breach laws in 22 European countries

Vertical Guide to Call Centers in EMEA

THE ROLE OF PUBLIC SUPPORT IN THE COMMERCIALISATION OF INNOVATIONS

Common Minimum Standard

NEW PASSENGER CAR REGISTRATIONS BY ALTERNATIVE FUEL TYPE IN THE EUROPEAN UNION 1 Quarter

- 2 - Chart 2. Annual percent change in hourly compensation costs in manufacturing and exchange rates,

"Direct marketing" is not limited to advertising goods or services for sale. It also includes promoting an organisation s aims and ideals.

ÖNORM EN Valve proving systems for automatic shut-off valves for gas burners and gas appliances

Response to the European Commission consultation on. European Data Protection Legal Framework

COMMUNICATION FROM THE COMMISSION

Getting the right consent on data capture

The European Commission s strategy on Corporate Social Responsibility (CSR) : achievements, shortcomings and future challenges

Ownership transfer Critical Tax Issues. Johan Fall, Anders Ydstedt March, 2010

No. 1 Choice for Europe s Leading Brands e-recruitment

Summary of Data Protection Requirements When transferring Data Outside the UK End Users

Operational Companies VAT Indirect Taxes. Why Luxembourg: VAT advantages for commercial companies*

This document is a preview generated by EVS

HR Outsourcing Market Forecast: ~~~

TOMTOM BONUS INTERNATIONAL MAP INDONESIA PROMOTION HOW TO CLAIM

The structure of the European education systems. schematic diagrams. Eurydice Highlights. Education and Training

Transcription:

The European Guide to Data Law

European Data Law 1.0 Introduction & Definitions 1.1 Introduction Recent legislation in the European Parliament related to data protection and privacy, and its various implementations within the member states through national legislation, has left some confusion in the minds of European Business-to-Business marketeers on the implications for their direct marketing activities. With a marketing database of 186,000 European companies and over 883,000 IT and Telecoms end-user decision-makers, EMIG is often asked to provide guidance on these matters when supplying marketing data to its customers across Europe. In preparing this document, EMIG has applied more than 15 years of knowledge and eperience in supplying data within this industry, together with etensive research on the latest situation in key European countries both within and outside the European Community. It summarises in a few pages our interpretation of the latest legislation as it relates to business-to-business marketing and particularly marketing within the IT and Telecoms markets in which EMIG and its clients operate. 1.2 Definitions Personal data data which relate to a living individual who can be identified from those data. Database Owner - the partner(s) of EMIG allowing its clients to use the most recent personal data related to business-tobusiness marketing within the IT and Telecom markets in which EMIG and its clients operate. Data Controller - a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. Data Processor in relation to personal data, means any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller. Typical eamples of Data Processors are third party mailing houses, data warehousing and outsourcing agencies with access to personal data such as payroll, HR. Data Subject an individual who is the subject of personal data. 2.0 European Data Protection Legislation and Current Status of Implementation (including Privacy & Electronic Communications (EC Directive) Regulations 2003) 2.1 Data Protection legislation The law is based on the following eight principles, the purpose of which is to make sure that information is handled properly: They say that data must be: 1. fairly and lawfully processed; 2. processed for limited purposes; 3. adequate, relevant and not ecessive; 4. accurate; 5. not kept for longer than is necessary; 6. processed in line with individual rights; 7. secure; and, 8. not transferred to countries without adequate protection. 2.2 Privacy and Electronic Communications (EC Directive) Regulations 2003 The 2003 Regulations deal with the processing of electronic communications traffic data, location data and billing data, calling or connected line identification, directories of subscribers, the security of telecommunications services and the use of cookie type devices. These parts of the Regulations apply to the providers of telecommunications networks and telecommunications services. The 2003 Regulations also regulate the use of publicly available electronic communications services for direct marketing purposes. Some of the rules apply to both individuals and corporate subscribers, which conduct unsolicited direct marketing activities by telephone, by fa, by electronic mail (this means tet/video/ picture messaging and email) and by automated calling systems. All EU member states were required to implement this directive by 31st October 2003. As with the Data Protection Act, however, each country had the opportunity to amend the regulations to take into account cultural differences and differing business needs, and therefore not all member states were ready for implementation by this date. The fact that each country has the opportunity to amend the regulations means that Pan-European Marketers need to be aware of the differences in regulations in different member states before carrying out marketing campaigns. In all cases, it is the law of the country where the Data Controller is based that will apply. For eample, if EMIG have collected data through its UK partner, Rhetorik, UK law will apply. If Rhetorik have collected data on businesses in Italy, UK law will still apply. The confusion arises where there is more than one Data Controller, for eample, where data is collected in the UK by EMIG and sold to a customer based in Germany. In this case, UK law is applicable for EMIG and German law is applicable for the customer. See Section 6, Frequently Asked Questions, for more specific eamples or contact your EMIG partner for more information.

3.0 Legal Implications in European Marketing 3.1 Direct marketing methods Before describing the variations discussed in section 2, it is important to define the three main types of marketing affected by the legislation. Telemarketing - The use of publicly available telecommunications services for the purposes of making unsolicited calls, for direct marketing purposes. Fa marketing - The use of publicly available telecommunications services for the unsolicited communication of material, for direct marketing purposes, by means of facsimile transmission, whether the called line is that of a subscriber who is an individual or that of a corporate subscriber. E-marketing - The use of electronic mail services for the unsolicited communication of material for direct marketing purposes to a personal or business e-mail address. 3.2 Business-to-business marketing implications by country The following table provides a summary of the key implications for each of the three direct marketing methods brought about by national legislation or pending legislation in each European country. Country Austria Belgium Czech Republic Denmark Finland France Germany Ireland Italy Norway Portugal Slovakia Spain Sweden Switzerland The Netherlands United Kingdom Outbound Telemarketing Fa Marketing Email Marketing Opt-in Opt-out Opt-in Opt-out Opt-in Opt-out Current Acts Name of Act (effective date) Telecommunication Act (19 August 2003) Act concerning certain legal aspects of the services of information society (11 March 2003) Certain Information Society Services Act (1 January 2006) Marketing Practices Act (21 December 2005) Act on the Protection of Privacy in Electronic Communications (16 June 2004) Act for trust in the digital economy (21 June 2004) Law against unfair competition (3 July 2004) Forthcoming Personal Data Protection code (1 January 2004) Marketing Control Act (25 July 2003) Section 22 Decree- Law no 7/ 2004 (7 January 2004) Act on Electronic Communications (1 April 2006) Act 34/2002 of 11 July on information Society Services (12 July 2002) Swedish Marketing Act (27 April 1995) Law against Unfair Competition (1 April 2007) Telecommunication Act / Code e-mail business receivers (1 October 2007) Privacy & Electronics Comms (EC Dir) Regs 2003 Notes: (1) Opt-in Prior consent must be received from the recipient before the marketing method can be used (2) Opt-out No prior consent is required but the recipient must have the option to request removal from future marketing activity (3) Data gathering Although this table summarises data protection implications based on the legal situation in each country, as specified in Section 3.2, it is the law of the country where the Data Controller is based that will apply. For eample, EMIG gather information on UK, Norway, Sweden, Finland, Denmark and Ireland in the UK UK law will apply for the data gathered by EMIG for all these countries. Following are details specific to each country: Austria - Opt-in legislation applies for all three forms of direct marketing. Belgium - Opt-out applies to named individuals for telemarketing. Opt-in is required for fa marketing and email marketing. Czech Republic - Opt-in legislation applies for all three forms of direct marketing. Denmark - Opt-out applies to named individuals for telemarketing, opt-in for fa marketing and email marketing. The option must be given to allow opt-out on each email marketing communication. Finland - Opt-out applies to named individuals for telemarketing, fa marketing and email marketing. The option must be given to allow opt-out on each email marketing communication. France - Telemarketing, fa and email marketing are opt-out when marketing to all named individuals. However, email marketing can only be undertaken without prior consent if the email is business/function related and an opt-out option has to be provided for both the specific marketing activity and the database itself. Germany - Opt-in legislation applies for all three forms of direct marketing to all named individuals, SOHO organisations and corporate entities. Republic of Ireland - Opt-out applies to named individuals for telemarketing, fa marketing and email marketing. The option must be given to allow opt-out on each email marketing communication. Italy - Opt-in legislation applies for all three forms of direct marketing. Norway - Opt-out applies to named individuals for telemarketing. Opt-in is required for fa marketing and email marketing.in addition, there is in eistence a legal entity called the Central Marketing Eclusion Register. Lists need to be cleaned via this register prior to marketing in any medium. Norway is not part of the EU and therefore transfer of any data to Norway should be subject to the usual guidelines for transferring data outside the EU. Portugal - Opt-out applies to all three forms of marketing where the recipient is a named individual. The option must be given to allow opt-out on each email marketing communication. Slovakia - Opt-in legislation applies for all three forms of direct marketing. Spain - Opt-in legislation applies for all three forms of direct marketing. Sweden - Opt-out applies to all three forms of marketing where the recipient is a named individual. Transfer of data outside the EU is only permissible with the consent of the individual. Switzerland - Opt-out applies to named individuals for telemarketing. Opt-in legislation applies to fa and email marketing. Switzerland is not part of the EU and therefore transfer of any data to Switzerland should be subject to the usual guidelines for transferring data outside the EU. The Netherlands - Opt-in legislation applies for all three forms of direct marketing. United Kingdom - Telemarketing and fa marketing are opt-out. Furthermore, the Corporate Telephone Preference Service (CTPS) register and a similar register for fa preference (FPS) are in place for named individuals who do not wish to receive these communications. Email marketing is opt-out provided that the email is business/function related and an opt-out option is provided on each communication.

4.0 Best Practice and the Law 4.1 Sourcing data Data should only be sourced from reputable suppliers who give a written undertaking that they comply with the local and European data protection legislation and The Privacy and Electronic Communications (EC Directive) Regulations 2003. Customers should check the frequency with which this data is updated, as this can not only impact upon legal obligations but also impact on the success of any planned marketing campaign. 4.2 Using data Data should only be made available to those individuals who have a need to use that data. Systems should be in place to ensure that it is not possible for individuals to copy the data without need or permission. Data should be destroyed once it is no longer needed, and in any case once the license period from the Data Vendor has epired. THIS IS A LEGAL REQUIREMENT UNDER EUROPEAN DATA PROTECTION LEGISLATION. If the data is passed to a Data Processor during the course of its use in a campaign, customers need, by law, to ensure that the Data Processor has controls in place to safeguard the data and that these are adhered to. If the data is to be passed to any country outside the EU, then that country should have legislation in place to protect the data at least equal to the legislation in place inside the EU. Special conditions apply in some countries regarding this please see individual country notes in Section 3.2. 4.3 Training All individuals who have a need to use data should be made aware of local and European data protection legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as well as the steps needed to comply with these Acts. EMIG is able to provide consultancy to its customers in this regard. 5.0 How Can EMIG Help? As a leading database provider for businesses in the Information Communication Technology industry, EMIG not only has an in-depth understanding of the target markets for our customers, but also of the Regulations relating to the data needed for targeted marketing campaigns. EMIG is a major supplier of IT and Telecoms end user data across western Europe and also has an etensive network of data contacts throughout the world and can offer a competitive brokerage service to complement our own data services. In addition, EMIG specialises in consultancy advice to its customers on a wide range of topics from Data Protection to more specific tailored advice depending on client needs. 6.0 Frequently Asked Questions Q. How do I know that the data I have bought complies with data protection legislation? A. Data should only be sourced from reputable suppliers that comply with the local and European data protection legislation and The Privacy and Electronic Communications (EC Directive) Regulations 2003. Customers should check the frequency with which this data is updated, as this can not only impact upon legal obligations but also impact on the success of any planned marketing campaign. Q. What do I do if I want to prepare for an e-marketing campaign? A. See Flowchart in Appendi 1 Q. I don t understand which laws apply in a pan-european campaign. A. Here are some specific eamples: Data on UK - based data subjects collected in UK - UK Laws apply Data on UK - based data subjects collected in France - French Laws apply Data on France - based data subjects collected in UK - UK Laws apply Data on France - based data subjects collected in UK, then sold to a company based in Germany - UK Laws AND German Laws apply Q. What happens if I don t comply? A. If a breach of the regulations is investigated and the Data Controller is prosecuted, a fine plus unlimited compensation may be awarded to the Data Subject. Each European Member State has differing levels of fines. Q. What obligations are there on me regarding using data? A. You should always ensure that the data you are using is relevant to its intended use, accurate, kept secure and not kept for any longer than is necessary. All staff involved in the use of data should be made aware of their legal obligations regarding that data. Q. Can I e-market business customers? A. See Flowchart in Appendi 1 Q. How can EMIG help with data? A. At EMIG our processes and procedures are believed to fully comply with the requirements of the Privacy and Electronic Communications (EC Directive) Regulations 2003 for direct marketing purposes. All staff involved in the collection of information receive training on the legal implications of all relative legislation and procedures are in place to record the permissions given by contacts. The EMIG license agreement gives guarantees regarding EMIG s compliance and also covers the legal obligations of the Licensee.

APPENDIX 1 Flowchart to determine if e-marketing is legal BUSINESS TO BUSINESS FINLAND, FRANCE, IRELAND, PORTUGAL, SWEDEN & UK Has contact opted out? AUSTRIA, BELGIUM, CZECH REPUBLIC, DENMARK, GERMANY, ITALY, NORWAY, SPAIN, SLOVAKIA, SWITZERLAND & THE NETHERLANDS Has contact opted in? NO NO E-MAIL DO NOT E-MAIL DO NOT E-MAIL E-MAIL BUSINESS TO CONSUMER Did recipient consent for the use of his or her e-mail address for commercial purposes? NO Did recipient give/send contact details during the course of a sale or negotiation for sale? Are you marketing your own products/services? Is recipient aware of your products/services from initial contact? NO Has recipient previously been given option to Opt out? Are sender s details clear on DM e-mail? Has opt out facility been provided on DM E-mail? DO NOT E-MAIL E-mail

European Partners The EMIG currently consists of 9 marketing companies across Europe. Austria Belgium France Germany Italy Netherlands Spain Switzerland United Kingdom Jota Strategic Selling GmbH Mariahilferstrasse 103/3/1, 1060 Wien, Austria Phone: +43 (0)1-58 58 200-0 Fa: +43 (0)1-58 58 200-100 Web: www.jota.at Email: office@jota.at Computer Profile bvba Horizon Park 6, Leuvensesteenweg 510 nr 45,1930, ZAVENTEM, Belgium Phone: +32 (0)2 7205133 Fa: +32 (0)2 7201148 Web: www.computerprofile.com Email: pierre@computerprofile.com Comm Back Comm Back 178-184, Av du Maral de Lattre de Tassigny, 94120 Fontenay sous Bois, Paris, France Phone: +33 (0)1 48 77 74 94, Fa: +33 (0)1 48 77 43 82 Web: www.comm-back.fr Email: commercial@comm-back.fr ama Adress- und Zeitschriftenverlag GmbH Sperberstr. 4, 68753 Waghäusel, Germany Phone: +49 (0) 7254 95960 Fa: +49 (0) 7254 9596 300 Web: www.ama-adress.de Email: emig@ama-adress.de Sirmi Spa P.zza Castello 4, 20121 Milano Mi, Italy Phone: +39 02 876541 Fa: +39 02 876985 Web: www.sirmi.it Email: sirmi@sirmi.it Computer Profile Nederland bv Saksen Weimarplein 6, 4818 LD Breda, The Netherlands Phone: +31 (0)76 5229430 Fa: +31 (0)76 5201975 Web: www.computerprofile.com Email: michiel@computerprofile.com Samira & Sineb Islas Macarenas, 6, 28035, Madrid, Spain Phone: +34 91 700 42 20 Web: www.samira.com Email: samira@samira.com JPJ Direct Marketing AG Schönenwerdstrasse 7, 8902 Urdorf, Switzerland Phone: +41 (44) 701 81 11 Fa: +41 (44) 701 81 12 Web: www.userbase.ch Email: jpjdm@userbase.ch Rhetorik 1 Markham Mews, Broad Street, Wokingham, Berkshire, RG40 1AB, England Phone: +44 (0)118 989 8580 Fa: +44 (0)118 989 8590 Web: www.rhetorik.com Email: info@rhetorik.com www.emi-group.com Copyright EMIG 2008 All information accurate at time of publication All trademarks acknowledged Version 2 - January 2008

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information