Blog » HOW NOT TO DO DIRECT MARKETING? LEARN FROM THE MISTAKES OF TELEKOM!
HOW NOT TO DO DIRECT MARKETING? LEARN FROM THE MISTAKES OF TELEKOM!
28 May 2018
In the recent past the Hungarian Data Protection Authority imposed a fine of 2 Million Hungarian Forints against Telekom, a major Hungarian telecommunication company, because of his unlawful direct marketing activity. Although the decision has been made before the entering into force of the GDPR, it is worth to examine the mistakes of Telekom. Indeed, the fine would have been much higher if it was imposed after the GDPR.
1. The lack of freely given consent
Telekom has based his data processing activity in relation with the direct marketing on the consent of the complainant which firstly he requested and „obtained” in the service contract. Nevertheless, in the contract the client did not have a real choice to opt-in since if he signed the contract, he has “given” his consent with his signature.
The Data Protection Authority pointed out that if the client does not have a real choice whether he gives his consent to the data processing or not, the consent cannot be considered as freely given thus it is invalid.
The practice of Telekom would be unlawful after the GDPR too, since based on the Regulation “combined” consent requests cannot be applied. For example, if you enter into a sales contract with your client, you cannot hide the consent to direct marketing activity in the terms of the contract. Instead, you need to request the client’s consent distinguishable from the basic objective of the contract.
2. Pre-ticked checkbox
The second basis of Telekom to send promotional information to the complainant was the declaration of the client made during the registration of his Telekom account in which he has consented to the processing of his data for direct marketing purposes.
However, the checkbox with the consent for direct marketing purposes was pre-ticked by Telekom during the registration. The client should have un-ticked the checkbox in order not to receive direct marketing messages.
According to the Data Protection Authority this practice is inappropriate as the pre-ticked checkbox does not enable the consent to be clear and unambiguous, thus it is also invalid. The GDPR sets forth the same requirements in relation with the consent, so you better forget the pre-ticked checkboxes.
3. The lack of prior notification
Another mistake of Telekom was that before „obtaining” the consent of his clients, he failed to inform them about the circumstances of the data processing. Both during the conclusion of the service contact and during the registration of the Telekom account Telekom provided only an incomplete and general information to the client about his data processing activity.
The lack of the sufficient prior notification about the data processing results in the invalidity of the consent, too, as the Data Protection Authority emphasized.
The GDPR provides a detailed list about the sets of information which the controller shall give to the data subject in relation with the facts and circumstances of the data processing. Further, the GDPR sets forth that in order for the consent to be valid you must at least inform the client who the data controller is and what the exact purpose of the data processing is.
4. Ignoring the objection of the client
Telekom has crowned his already unlawful direct marketing activity by sending further direct marketing (DM) messages to the client after he has revoked his consent and objected to the processing of his data.
The Data Protection Authority, to put it mildly, has not praised Telekom when he discovered that despite the client has revoked his “consent” in his Telekom account and requested Telekom 3 times not to send him promotional information, Telekom has sent him at least 10 DM messages through different channels.
Based on the GDPR that data subject has a right the erasure of his data by the controller if he has revoked his consent or objected to the processing of his data. Thus, for the future it is better if you take such requests of your clients seriously.
5. Lesson learnt
The mistakes of Telekom show what you should pay attention to in case you process personal data for direct marketing purposes.
First, you shall request the consent of your client in a clear and concise was. Forget the pre-ticked checkboxes and notify your client in prior how you will process his personal data.
Further, if your client does not want to receive DM messages from you, respect his request. An annoyed client could very quickly turn into a complainant before the Data Protection Authority and you will find yourself in an official procedure where you need to explain yourself while the threat of a fine of 20 Million Euros hanging over you.
CAN YOUR DEBTOR ESCAPE LIQUIDATION BY SETTING OFF CLAIMS IN HUNGARY?
The initiation of a liquidation procedure is an effective debt collection method, since the debtor may only avoid being liquidated by paying the claim if the conditions specified in the Act on Bankruptcy Proceedings and Liquidation (Bankruptcy Act) are met. For this reason, in the case of liquidation, one of the most common defences of the debtor is the reference to offsetting. But can the debtor refer to offsetting without limitation during liquidation? In our short article we answer this question.Read more »
SZIGET FESTIVAL FINED RECORD HUF 30 MILLION FOR GDPR BREACHES – WHAT WENT WRONG?
A few days prior to the first anniversary of the entry into force of the GDPR the Hungarian Data Protection Authority imposed the biggest data protection fine in Hungary so far. The target was the biggest Hungarian festival organizer company thanks to whom the public may enjoy the SZIGET, the VOLT or the Balaton Sound Festival. The Data Protection Authority reviewed the check-in system of the festival and the data processing in relation with the check-in. In our short article we summarize the mistakes the Authority identified.Read more »
CONSTRUCTION TRUSTEESHIP IN HUNGARY - GETTING PAID IN CONSTRUCTION PROJECTS AS SUBCONTRACTOR
Construction trusteeship, as mandatory collateral management of major private construction projects in Hungary, strives for protecting subcontractors against non-paying general contractor, by allowing direct payments from employer under certain conditions. How does it work in practice and what are the limits of subcontractor protection? We address these issues in this article.Read more »