Blog » HOW NOT TO DO DIRECT MARKETING? LEARN FROM THE MISTAKES OF TELEKOM!
HOW NOT TO DO DIRECT MARKETING? LEARN FROM THE MISTAKES OF TELEKOM!
28 May 2018
In the recent past the Hungarian Data Protection Authority imposed a fine of 2 Million Hungarian Forints against Telekom, a major Hungarian telecommunication company, because of his unlawful direct marketing activity. Although the decision has been made before the entering into force of the GDPR, it is worth to examine the mistakes of Telekom. Indeed, the fine would have been much higher if it was imposed after the GDPR.
1. The lack of freely given consent
Telekom has based his data processing activity in relation with the direct marketing on the consent of the complainant which firstly he requested and „obtained” in the service contract. Nevertheless, in the contract the client did not have a real choice to opt-in since if he signed the contract, he has “given” his consent with his signature.
The Data Protection Authority pointed out that if the client does not have a real choice whether he gives his consent to the data processing or not, the consent cannot be considered as freely given thus it is invalid.
The practice of Telekom would be unlawful after the GDPR too, since based on the Regulation “combined” consent requests cannot be applied. For example, if you enter into a sales contract with your client, you cannot hide the consent to direct marketing activity in the terms of the contract. Instead, you need to request the client’s consent distinguishable from the basic objective of the contract.
2. Pre-ticked checkbox
The second basis of Telekom to send promotional information to the complainant was the declaration of the client made during the registration of his Telekom account in which he has consented to the processing of his data for direct marketing purposes.
However, the checkbox with the consent for direct marketing purposes was pre-ticked by Telekom during the registration. The client should have un-ticked the checkbox in order not to receive direct marketing messages.
According to the Data Protection Authority this practice is inappropriate as the pre-ticked checkbox does not enable the consent to be clear and unambiguous, thus it is also invalid. The GDPR sets forth the same requirements in relation with the consent, so you better forget the pre-ticked checkboxes.
3. The lack of prior notification
Another mistake of Telekom was that before „obtaining” the consent of his clients, he failed to inform them about the circumstances of the data processing. Both during the conclusion of the service contact and during the registration of the Telekom account Telekom provided only an incomplete and general information to the client about his data processing activity.
The lack of the sufficient prior notification about the data processing results in the invalidity of the consent, too, as the Data Protection Authority emphasized.
The GDPR provides a detailed list about the sets of information which the controller shall give to the data subject in relation with the facts and circumstances of the data processing. Further, the GDPR sets forth that in order for the consent to be valid you must at least inform the client who the data controller is and what the exact purpose of the data processing is.
4. Ignoring the objection of the client
Telekom has crowned his already unlawful direct marketing activity by sending further direct marketing (DM) messages to the client after he has revoked his consent and objected to the processing of his data.
The Data Protection Authority, to put it mildly, has not praised Telekom when he discovered that despite the client has revoked his “consent” in his Telekom account and requested Telekom 3 times not to send him promotional information, Telekom has sent him at least 10 DM messages through different channels.
Based on the GDPR that data subject has a right the erasure of his data by the controller if he has revoked his consent or objected to the processing of his data. Thus, for the future it is better if you take such requests of your clients seriously.
5. Lesson learnt
The mistakes of Telekom show what you should pay attention to in case you process personal data for direct marketing purposes.
First, you shall request the consent of your client in a clear and concise was. Forget the pre-ticked checkboxes and notify your client in prior how you will process his personal data.
Further, if your client does not want to receive DM messages from you, respect his request. An annoyed client could very quickly turn into a complainant before the Data Protection Authority and you will find yourself in an official procedure where you need to explain yourself while the threat of a fine of 20 Million Euros hanging over you.
ONLINE CONSUMER CONTRACTS – IS YOUR BUSINESS CONCERNED?
Black Friday is once again around us: the time when online shops and the consumer protection authority cash in some extra income every year. We guess you’ve already read about the extreme discounts and the record-breaking fines by the authorities, so in our article, we will explain, that without your knowledge, your own business can easily step into the field of consumer protection, in which case, your contracts are subject to special rules. In our article, we show you how you can recognize these situations and, of course, summarize the obligations.Read more »
HOW TO TRANSFER PERSONAL DATA TO NON-EEA COUNTRIES? - NEW EDPB RECOMMENDATION
Since in the middle of summer 2020, the Court of Justice of the EU (CJEU) invalidated the Privacy Shield and put into question the applicability of the standard contractual clauses, we were wating for guidance from the European Data Protection Board (EDPR) how to transfer personal data to non-EEA countries in a GDPR-compliant way. Finally, the EDPB broke the silence and provided a 6-step guide which we summarize in this short article.Read more »
THE SUPREME COURT RULED – FLEXIBLE WORKING TIME CAN ONLY BE ORDERED IN WRITING IN HUNGARY
It is often the case that the employer does not clearly regulate the employment relationship of the employees, which later leads to an employment lawsuit. This happened in the case before the Hungarian Supreme Court, where a legal dispute arose in connection with the employee's work schedule, the stake is the payment of several million forints of overtime work compensation to the employee. In our short article, we analyze the Supreme Court’s decision and draw conclusions on how the employer can avoid similar situations.Read more »