Spamming in the context of privacy regulation

When the  CPA took effect on 1 April 2011, the fanfare around the provision in the Act meant that there was  a noticeable attempt at compliance by advertisers with its privacy provisions. However, more than a year later it seems that offenders need to be reminded of the requirements in legislation that govern unsolicited commercial messages (spam). With the PPI Bill due to be enacted soon, the legislation prohibiting this practice is thankfully once again receiving attention.

“In this regard, offenders should note that the legal landscape for spamming, while being consistent with provisions that have already been in place under the ECT Act for some time, looks set to become more rigorous. There is every indication from policy makers and government that compliance with the CPA and the PPI Bill, when it is eventually enacted, will be far more vigorously enforced,” notes Nick Altini, director and national head of the Competition and Regulatory practice at Cliffe Dekker Hofmeyr.

“The Electronic Communications and Transactions Act, 2002 (ECT Act) was ground-breaking in that, for the first time, the legislature addressed the issue of spam, or unwanted unsolicited commercial electronic communications. The ECT Act prescribes that, in the case of electronic unsolicited messages, such as spam emails and SMSes, the sender must include in the message an option for the consumer to cancel their subscription to the mailing list - in other words, to opt out. In addition, the ECT Act provides that, if the consumer requests it, the parties sending the message must disclose the source from which that person obtained the consumer's personal information,” he explains.

Altini says that failure to comply with these provisions actually constitutes a criminal offence.

“The CPA went further by providing very consumer the right not only to ask direct marketers to desist from engaging in any direct marketing practice (whether electronic or otherwise), but also to pre-emptively block any such communications (other than personal approaches).

“The CPA is also intent on creating a national registry of pre-emptive blocks and creating a regulatory regimen in terms of which a direct marketer simply will not be able to send direct marketing communications to a consumer unless they have, post 1 April 2011, first obtained the consumer's consent to do so (which only applies to existing customers and is subject always to the right of the consumer to opt out at a later stage).

“Alternatively, the direct marketer must have first checked with the National Registry that the consumer has not, in fact, registered a pre-emptive block against the particular mode and type of direct marketing, or the direct marketer itself.

However, this national registry has not yet been created.

“The PPI Bill, due to be enacted soon,  also seeks to regulate the issue of direct marketing and unsolicited communications. In this case, the bill refers specifically to electronic communications and so there is only a degree of overlap with the provisions of the CPA, but not a complete concurrence.

“The draft bill does contemplate that the provisions of the ECT Act described above will be repealed and replaced under the bill. What the bill provides is that it will simply be illegal for a direct marketer to seek to engage in direct electronic marketing (which includes by automated calling machine, fax, SMS or email) unless the data subject has given prior consent to the activity and/or the data subject is an existing customer of the marketer,” says Altini.

“In this case, the term "existing customer" is defined and the bill makes it clear that one can market directly to an existing customer if the contact details of that customer have been obtained in the context of a sale of a product or service for the purpose of marketing similar products or services (ie the details were not taken for some other purpose and the direct marketing function was not disclosed).

“The customer must also be given a reasonable opportunity to object, free of charge, to such use of their electronic details at the time when the information was collected and afterwards, in each and every electronic communication sent to the data subject for the purposes of marketing,” he explains.

Altini says that it is also made clear that every direct marketing message must contain details of the identity of the sender or the party on whose behalf it is sent, and the mode by which the recipient can send a request asking that such communication cease.

“At the same time, the advent of an era of consumer protection under the CPA has created unprecedented levels of awareness on the part of consumers of their rights in law and it is to be expected that consumer activism on its own will account for a considerable lessening of spamming  activities overall, as consumers find their voice to request that such activities cease. Consumers are reminded to find and use that voice,” he adds.