|Limits and opportunities
Last March 16th 2006 the Guarantor for the Protection of Personal Data decided for the standstill of the archives of an agency that, having violated the laws on privacy, by systematically sending advertisement faxes without the permission of the addressees, to offer services of direct marketing. The intervention, urged by a company that received “undesired” faxes, made a systematic and illegal use of personal data emerge (name, address, phone number, fax number, etc.), since the messages resulted in being forwarded massively without consent.
The marketing processes, as it is known, substantially use the information and data to set a relationship between individuals that offer goods and services (organisations) with the respective users or consumers (the clients).
The data may regard clients (personal data but also information on the consumption or purchasing habits, information on their satisfaction, etc), the competitors (market quotes or sales, etc) the same organisations (personal data, information referred to the product/service, etc.).
The Guarantor for Privacy has spoken on several occasion on the subject of marketing with specific measures.
In particular, regarding the market research, with the measure n° 248 dated March 2005 every possible communication of personal data to third parties was excluded.
Such regulation, for the protection guarantee and management transparency of the data towards the final client, is reached by the obligation (included in the deontology code for the treatment of data for statistical purposes) in which it is denoted that whoever uses data banks for promotional purposes, is to communicate the treatment modalities, including the declaration of the person in charge of the treatment.
Always in the same regulation the Guarantor makes clear reference to the use of the data for the forwarding of advertising information, even through sector magazines, or commercial advertising or direct sales (for example all the operations managed through the fidelity cards) that are allowed in a “ pertinent” and not “excessive” way (which means in the limits of the single operations for which the same data has been collected).
The use of modern tools of communication (sms, mms, e-mail) for advertising reasons is allowed exclusively for public order reasons, hygiene, public health or in the event of natural calamity, and when other ordinary tools do not appear to be effective; in any other case in order to send advertising material through electronic mail, telefax, sms and mms, it is necessary to get the preventive consent of the addressee, otherwise the treatment of data is illegal.
In all the cases of the use of such tools for advertising purposes or for awareness or informative campaigns, the person treating the data must obtain the subscribers’ explicit and preventive consent (whose phone numbers or email addresses are to be used), to prevent these forms of communication from being invasive of the private sphere of each user.
Now a year has gone by since the Privacy regulation obliged the realisation of new telephone directories.
To the clients of all telephone companies a questionnaire has been sent out, which asks clients, among other things, if they wish to receive advertising by traditional mail or by phone; in the case of an unreturned questionnaire, the so called “silence-rejection” is to be applied; that is, it is taken for granted that the client no longer wants to receive advertising communications, and only the explicit consent is to be taken into account.
The users that have explicitly given their consent are those that can be found in the directory with beside it an envelope (willing to receive post advertising) or a receiver (willing to receive phone advertising), or with both symbols.
Needless to say, only about 20% of the Italian subscribers of several telephone companies have seen the questionnaire, and the majority of these refused to receive promotional offers by phone. Therefore, the majority of Italians does not want to receive advertising by phone, several offers of free phone calls (or almost), several products etc,.
The last and interesting novelty regarding the treatment of data respect to the actions of marketing was represented by the Proposal of Law C 180 on “Dispositions to contrast the practice of the forwarding of unwanted commercial electronic messages” – the so called “spamming” – presented last April 2006.
One reads in the report that the actual protection structure “needs to be further consolidated, above all, through greater attention and commitment, on behalf of the institutions, to the phenomenon and to its continuous and rapid evolution”.
Article 1 of the D.d.L. introduces two new cases in matter of offence of article 130 of the D.lgs 196/2003.
In particular, paragraph 5-bis forbids conduct through which a third party is given the charge, of carrying out the commercial communication without the addressee’s consent. Paragraph 5-ter, instead, forbids the use of software whose purpose is exclusively that of facilitating the collecting and forwarding of unwanted large-scale messages.
There is a plan to set up an Antispam Committee, within the Guarantor for the Protection of Personal Data, so as to have a task-force made up of experts, that can offer consultation and solutions on the matter.
The D.d.L., finally, provides in art. 4, the legitimization to act, for the association of the consumers and users, for the protection of the collective interests damaged by spam.
Today, in this scenario, the Italian legislation regarding the protection of the privacy appears to be among the most harsh and rigid in Europe. However the Privacy Code has introduced regulations that have “clarified” the relationship between company and final client offering “transparency” guarantees and the “correct” management of data.
Moreover the Dlgs. 196/03 (Privacy Code) foresees among the minimum measures (attachment B), actions for adopting rules on documents and data management (even through data banks within the companies) that improve the conditions of protection, management (collecting and research) of the documents and of the data.
Finally, it is important to remember the spirit of the Dlgs. 196/03 (Privacy Code) designed for protecting and guaranteeing, above all, the individual (natural and juridical person), placed in the centre of any informative process.