Blog » HOW NOT TO DO DIRECT MARKETING? LEARN FROM THE MISTAKES OF TELEKOM!
HOW NOT TO DO DIRECT MARKETING? LEARN FROM THE MISTAKES OF TELEKOM!
28 May 2018
In the recent past the Hungarian Data Protection Authority imposed a fine of 2 Million Hungarian Forints against Telekom, a major Hungarian telecommunication company, because of his unlawful direct marketing activity. Although the decision has been made before the entering into force of the GDPR, it is worth to examine the mistakes of Telekom. Indeed, the fine would have been much higher if it was imposed after the GDPR.
1. The lack of freely given consent
Telekom has based his data processing activity in relation with the direct marketing on the consent of the complainant which firstly he requested and „obtained” in the service contract. Nevertheless, in the contract the client did not have a real choice to opt-in since if he signed the contract, he has “given” his consent with his signature.
The Data Protection Authority pointed out that if the client does not have a real choice whether he gives his consent to the data processing or not, the consent cannot be considered as freely given thus it is invalid.
The practice of Telekom would be unlawful after the GDPR too, since based on the Regulation “combined” consent requests cannot be applied. For example, if you enter into a sales contract with your client, you cannot hide the consent to direct marketing activity in the terms of the contract. Instead, you need to request the client’s consent distinguishable from the basic objective of the contract.
2. Pre-ticked checkbox
The second basis of Telekom to send promotional information to the complainant was the declaration of the client made during the registration of his Telekom account in which he has consented to the processing of his data for direct marketing purposes.
However, the checkbox with the consent for direct marketing purposes was pre-ticked by Telekom during the registration. The client should have un-ticked the checkbox in order not to receive direct marketing messages.
According to the Data Protection Authority this practice is inappropriate as the pre-ticked checkbox does not enable the consent to be clear and unambiguous, thus it is also invalid. The GDPR sets forth the same requirements in relation with the consent, so you better forget the pre-ticked checkboxes.
3. The lack of prior notification
Another mistake of Telekom was that before „obtaining” the consent of his clients, he failed to inform them about the circumstances of the data processing. Both during the conclusion of the service contact and during the registration of the Telekom account Telekom provided only an incomplete and general information to the client about his data processing activity.
The lack of the sufficient prior notification about the data processing results in the invalidity of the consent, too, as the Data Protection Authority emphasized.
The GDPR provides a detailed list about the sets of information which the controller shall give to the data subject in relation with the facts and circumstances of the data processing. Further, the GDPR sets forth that in order for the consent to be valid you must at least inform the client who the data controller is and what the exact purpose of the data processing is.
4. Ignoring the objection of the client
Telekom has crowned his already unlawful direct marketing activity by sending further direct marketing (DM) messages to the client after he has revoked his consent and objected to the processing of his data.
The Data Protection Authority, to put it mildly, has not praised Telekom when he discovered that despite the client has revoked his “consent” in his Telekom account and requested Telekom 3 times not to send him promotional information, Telekom has sent him at least 10 DM messages through different channels.
Based on the GDPR that data subject has a right the erasure of his data by the controller if he has revoked his consent or objected to the processing of his data. Thus, for the future it is better if you take such requests of your clients seriously.
5. Lesson learnt
The mistakes of Telekom show what you should pay attention to in case you process personal data for direct marketing purposes.
First, you shall request the consent of your client in a clear and concise was. Forget the pre-ticked checkboxes and notify your client in prior how you will process his personal data.
Further, if your client does not want to receive DM messages from you, respect his request. An annoyed client could very quickly turn into a complainant before the Data Protection Authority and you will find yourself in an official procedure where you need to explain yourself while the threat of a fine of 20 Million Euros hanging over you.
ILF CONFERENCE IN MILAN – PRESENTATION - TAKEAWAYS FROM FIRST GDPR PENALTIES
This May we participated in the European Conference of International Law Firms in Milan, where our managing partner Richard Schmidt held a presentation to members of ILF on recent developments of European Data Protection Law. The presentation focused on the lessons learnt from the first GDPR fines imposed by the national data protection authorities of various European jurisdictions in the 1st year of GDPR.Read more »
CAN YOU PAY MORE FOR THE SAME WORK IN HUNGARY? - FRESH DECISION OF THE CURIA
Are you negotiating on salary with a new colleague in Hungary? Even if salary is subject to free negotiation, a higher salary for the same work can cause a tension in wage levels. In our short article we summarize the fresh decision of the Curia which can serve as a compass in relation with the applicability of the equal pay principle.Read more »
CONSTRUCTION TRUSTEESHIP IN HUNGARY – SCOPE AND GENERAL PROVISIONS
Collateral management is a key issue in every construction project. In Hungary a special regime, the so-called construction trusteeship protects the interest of the participants of major private construction projects, and secures that contractors and subcontractors receive their remuneration for the work performed.Read more »