Many UK businesses are planning to shift to telephone marketing. In this blog we go through the requirements that should be met in order to do it in compliance with the ePrivacy rules.
UK businesses are no longer clearly protected by ePrivacy country of origin rule when marketing directly in EU countries, so many of them are now looking for alternatives. Are the rules on telephone marketing less strict than the ones on electronic mail marketing?
What does the ePrivacy Directive say about unsolicited communications?
Pursuant to the ePrivacy Directive “Member States shall take appropriate measures to ensure that, free of charge, unsolicited communications for purposes of direct marketing […] are not allowed either without the consent of the subscribers concerned or in respect of subscribers who do not wish to receive these communications, the choice between these options to be determined by national legislation”.
Accordingly, national implementation of the ePrivacy Directive in each Member State regulates the rules that apply in each country.
ePrivacy country of origin rule principle allows the sender to rely on the benefit of the own country less strict rules as long as there is single market. However, this does not apply to UK businesses anymore after Brexit, therefore the rules of the destination country should be considered before marketing directly in EU countries.
Automated calls are subject to stricter requirements. Pursuant to the ePrivacy Directive, the use of automated calling systems without human intervention (automatic calling machines) and facsimile machines (fax) for the purposes of direct marketing is only allowed in respect of subscribers who have given their prior consent.
General consent for marketing, or even consent for live calls, is not enough and it needs to cover automated calls specifically.
Telephone marketing from the UK through live calls
In EU countries
UK businesses that wish to market other businesses or individuals in EU countries should check national laws in order to confirm the following elements:
- Whether consent is required;
- Where consent is not required, whether the number is listed in the national opt-out register or whether the data subject has explicitly objected to receiving calls from that particular business.
Most EU countries have implemented opt-out registers rather than the consent requirement, but this must be assessed on a case by case basis in order to ensure full compliance.
In the UK
UK businesses that wish to market other businesses or individuals in the UK should take the following steps:
- Check whether the number is registered with the TPS or CTPS.
- Check whether the data subject has objected to receiving calls from them.
In a nutshell, marketing calls can be freely made unless the person has opted-out from them or is registered with the TPS or CTPS. No marketing calls should be made to any number listed on TPS or CTPS unless that person has specifically consented to calls from the particular business. Telephone marketing is also prohibited when it is for the purpose of claims management services, unless the person has specifically consented to them.
Calls in relation to pension schemes are subject to special rules.
Once determined that the call can be made in compliance with the relevant rules, a set of additional requirements should be applied, namely:
- Say who is calling;
- Allow the number (or an alternative contact number) to be displayed to the person receiving the call;
- Provide a contact address or freephone number if asked.
EU ePrivacy rules update
As reported in one of our latest blogs, earlier this month EU Member States agreed upon a negotiating mandate for revised ePrivacy rules, which would repeal the current ePrivacy Directive, starting to apply two years after its publication in the EU Official Journal. The ePrivacy Regulation may introduce new rules on telephone marketing, such as the obligation to present the calling line identification assigned to them or use a specific code or prefix identifying the fact that the call is a direct marketing call.
Do you make telephone marketing? Does your company have all of the mandated safeguards in place to ensure compliance with the ePrivacy rules, GDPR and Data Protection Act 2018 in handling customer data? Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance.