EU Regulation On Data Protection Unlikely To Become UK Law Before 2019
Nearly four years into the process, the Council of the European Union has now decided on its negotiating position for the trilogue with the European Parliament and the European Commission. There is now a timetable running to December 2015, during which representatives from the Council, the Parliament and the Commission will come together to decide on the final wording of the new EU-wide data protection regulation. This means that if they stick to this timetable, which on past form is by no means certain, by the end of 2015 we should know how the new regulations will affect direct marketers in the UK.
Among the controversial questions still to be thrashed out are:
What is the precise definition of ‘personal data’?
How will the ‘right to be forgotten’ work in practice?
What exactly is meant by the ‘legitimate interest’ of data controllers? Does this include marketing? And if it does, does it include any or all of consumer marketing, B2B marketing, online marketing and offline marketing?
Must consent be ‘explicit’ or not?
Will compulsory data breach notification apply to minor breaches or just high risk breaches?
Will all businesses be required to have a data protection officer?
What happens if EU data protection rules conflict with a non-EU country’s data protection rules?
While we might know what the new regulations will be by the end of 2015, they are unlikely to be adopted into EU law before mid-2016. In fact the Information Commissioner’s Office now estimates that the two year run-in period before the regulations become compulsory can realistically be expected to start at the end of 2016, meaning that they will not be enforced in the UK before the beginning of 2019.
Get Me Off This Mailing List! The Insider’s Guide To Removing Yourself From Mailing Lists and eMail Lists.
Electric Marketing mailing lists are targeted, compiled mailing lists of 60,000 corporate influencers and budget holders. If you’re included in our mailing lists and you don’t want to be, we’ll remove you within hours. We won’t be pleased about it. We’ve selected you as a business person with senior responsibilities that other companies want to reach. And we only allow verified companies offering products and services pertinent to your role to access our data. But we will swiftly remove you from the mailing list.
We often get messages requesting removal from people who are not on our mailing lists and messages from corporate managers who do not believe that we have removed them from our mailing lists because they still receive business marketing emails. Here is our guide to the mailing list business and how, if you really don’t want to receive information that is pertinent to your job and industry, you can get yourself taken off mailing lists for good.
- Remove your email address from the internet. First type your email address into a search engine. You may find that your email address has been scraped from the web and added to a mailing list. Your email address may be on your company’s website as a senior manager or perhaps your email has been added to the end of a corporate press release or enquiry form; either way your email address is sitting on the web, ready to be picked up by web spiders or web crawlers. These are programs which trawl the internet, ‘scraping’ email addresses from web pages and adding them to mailing lists which are then sold at bargain basement prices. If you’ve ever received an offer of a mailing list of a million contacts for $99, this is the source of that data. No human has been involved in the compiling of that data, just the guy who wrote the sales pitch. It leads to a lot of untargeted emails coming from outside the UK and no amount of Data Protection Regulations can protect you from these data pirates.
- Go back to your favourite search engine and put in your name and company name “jane+doe” “electric+marketing”. Are you listed in an online email directory such as RocketReach or Contactout.com?
- Are you receiving somebody else’s emails? Maybe you are still receiving all the emails forwarded from your predecessor’s inbox? These emails will look as if they are addressed to you (but may begin with Hi Neville). Ask your IT department to set up an automated reply for that email address that says something like “Neville left Electric Marketing in 2015. Please contact the office on 020 7419 7999 and we’ll be pleased to help you with your enquiry”. Or you can go back to step one and start removing Neville’s email from the Internet which is the time-consuming smart thing to do if Neville still receives emails from clients and sales prospects.
- Do not tick the opt in boxes when you buy online. Do not add yourself to any more mailing lists. GDPR makes consumer mailing lists opt-in and forbids the box that adds you to the mailing lists of a company’s “selected partners” if you fail to tick it. But this not does apply to business-to-business marketing. There is still the box that opts you in to a business mailing list if you fail to tick it and opt yourself out.
- Stop accepting free stuff. When you sign up to receive a free industry magazine or email, part of the deal is often that you accept “marketing messages”. Selling email lists and advertisements on newsy industry updates pays for the writers and compilers of your free business information.
- When an unwanted email comes in, click through to the unsubscribe page and read the name of the list you are on. Sometimes it will give the name of the company which supplied the data. Search online for that data company and contact them directly so that they cannot pass your email address to any new email marketing customers. They are obliged by law to remove you within 28 days of your notifying them that you do not wish to be on their emailing list.
- Take yourself off LinkedIn. LinkedIn charges for its InMail service and when you sign up you agree to receive those InMail messages. But if you have put your name, job title, company name and location on LinkedIn, it is easy for other business people to find your phone number and to call your company or send you an email. GDPR allows companies to email people at other companies providing the email is about a business matter.
- Or remain on LinkedIn but disguise yourself. Some people are describing their role and company in their LinkedIn headline eg Heading Up Marketing at Major High-Street Bank or eCommerce Specialist at Top Five UK Supermarket. Alternatively, use a different version of your name, Rob or Robert, Amanda or Mandy whichever your do not use in your email address.
If you are doing an important job in a significant UK company, other business people want to contact you. You may not want to hear from them, what they have to say may not interest you, but if you are in a senior role with budgetary responsibilities, accept that other business people will get in touch. And their right to contact you once by email is enshrined in the UK’s Privacy & Electronic Communications (EC Directive) Regulation 2003. The law is different in Ireland and most of the rest of Europe.
The UK is a marketing friendly business space.
Serious business people keep their minds open to new ideas, refresh their supplier base and take on new business practices. Pushing forward with new ideas, updating company business processes and being an early adopter of new technology are hallmarks of successful corporates and their senior teams. How can you find out about the latest trends and new technology if you don’t read pitches from potential suppliers?
Obviously some companies abuse this right, take hold of your email address and send you stuff three times a week.
Hit the unsubscribe button.
Show no mercy.
I’ve written about over-frequent emailers here.
Posted 10 August 2015
Updated 1 November 2018
We are following the progress of the proposed EU Regulation on Data Protection very closely.
While the MEPs voted overwhelmingly for a set of proposals which would outlaw list broking, cold telemarketing and cold mailing to named contacts, the Ministers of Justice & Home Affairs from each of the 27 EU nations are taking a more business-friendly, risk-based approach. They met on 10 October to agree their own set of proposals. They will meet again in January 2015 to try to reach agreement on the issue of the ‘right to be forgotten’.
When the Ministers of Justice & Home Affairs have reached agreement, then the three-way negotiations with the European Parliament and the European Commission begin. This is likely to happen in the second half of 2015.
According to the DMA (Direct Marketing Association), this progress means that the Regulation could be passed into EU law by late 2015. The UK then has two years to implement the law, which means that the Regulation could be enforced in the UK by late 2017 or more likely, early 2018.
To increase the uncertainty of what may happen in direct marketing, David Cameron has promised an ‘in/out referendum’ on Britain’s membership of the EU before 2018. It seems unlikely, but by 2018 we might be negotiating our way out of the EU.
To read the full text of the DMA’s article, written by solicitor James Milligan, see here.
Proposed EU Regulation on Data Protection will affect all businesses using mailing or email lists to prospect for new customers
We’ve been lobbying against the proposed new EU data protection legislation for getting on for two years now.
Earlier in 2014 the EU Parliament agreed a piece of draconian legislation that would outlaw list broking, insist on written consent for all marketing communications sent to a named person, with no distinction between b2b and b2c, and effectively finish off personalised marketing to anyone other than your recent customers. If that legislation were enacted it would mean the end of direct marketing as we know it. We will return to the days of writing to Dear Marketing Manager or Dear Stationery Buyer.
Following this vote there have been some alarmist blogs placed on the DMA’s website which have stirred the small business community into panic. Here’s one from June
However the reality is that the EU is still debating what form the legislation will take and what that legislation will be. The European Parliament has voted for this legislation but that does not mean that it will become law.
The European Commission, the European Parliament and the Council of Ministers have now all drafted three different versions of the proposed data protection regulation. The European Parliament draft is by far the most damaging for anyone who uses mailing or email lists to prospect for new customers. The three bodies will enter into negotiations as to which elements of each version will become EU law.
There are two types of EU legislation;
1. EU Regulation which obliges all countries to enact the legislation without amendment
2. EU Directive which has to be debated and passed through the UK Parliament at Westminster and to which amendments can be made.
The current UK Government is pushing for the laws to become a Directive, which will give UK MPs some leeway to alter the legislation as it applies to the UK.
It should be borne in mind that the UK amended the last similar piece of EU legislation (a Directive) with the Electronic Communications Act specifically allowing the sending of B2B emails in the UK without the sender first obtaining consent.
The UK coalition government opposes the proposals and is lobbying for them to be a Directive at the very worst. Unfortunately the Labour party is currently in favour of the proposals and has not replied to any of our letters on the subject.
As things stand we have at least two years until the law is changed.
If your company buys in data to use to prospect for new customers, please write to your MP, explaining what the proposed legislation will mean for you. Also write to Simon Hughes MP who is in charge of the UK negotiation with the EU. The more letters MPs receive, the more attention will be paid to the issue and it becomes less likely that the UK sleepwalks into agreeing to legislation that is damaging for business.
The time to write to your MEP has passed as the vote has happened and most UK MEPs (bar UKIP) voted in favour of the new draconian data laws. But it is always worth explaining to an MEP the consequences of their vote and the effect it will have on your business, our industry and the wider economy.
The European Parliament has voted to adopt the less business-friendly version of the Data Protection Regulation, proposed by the European Parliament’s Civil Liberties Justice and Home Affairs Committee (LIBE) in the November 2013 report.
The European Commission, the European Parliament and the Council of Ministers have now all drafted different versions of the proposed data protection regulation.
Europe’s Justice and Home Affairs ministers failed to reach an agreement on the draft legislation at their Council meeting in December 2013.
The Greek government has taken the chair of the Presidency of the EU Council and hopes to thrash out an agreement on the wording of the new legislation by summer 2014. If this happens it is possible that the new regulations could be agreed in 2014 and become law in 2017.
What impact will these changes have on your business? See http://www.electricmarketing.co.uk/EUdata.html
We wrote to a variety of MEPs, MPs, government ministers, other politicians and business organisations.
Here are summaries of their responses:
Charles Tannock MEP, Conservative – no response yet
Claude Moraes MEP, Labour – no response yet
Baroness Sarah Ludford MEP, Liberal Democrat – I am seeking to create an instrument with standards that are workable, realistic and enforceable by being user-friendly for citizens, allowing reasonable business to proceed, focused on outcomes rather than on process and tick-box exercise, and tough in sanctions on companies which practise deception or otherwise cheat the customer.
Dr Syed Kamall MEP, Conservative – The regulations must protect the privacy of citizens without putting too much of a burden on small and medium sized businesses. There is still a long way to go but we are optimistic a good result can be achieved.
Gerard Batten MEP, UK Independence Party – All legislation affecting citizens of the UK should be made at Westminster. I will therefore be voting against these regulations.
Jean Lambert MEP, Green – no response yet
Mary Honeyball MEP, Labour – I do not sit on the committees considering this matter. [BUT SHE DOES GET TO VOTE ON IT]
Marina Yannakoudakis MEP, Conservative – The regulations must protect the privacy of citizens without putting too much of a burden on small and medium sized businesses. There is still a long way to go but we are optimistic a good result can be achieved.
David Cameron, Prime Minister – It’s the responsibility of the Business Secretary, so I’ve passed your letter to Vince Cable.
Vince Cable, Business Secretary – Letter passed to the Ministry of Justice.
Lord McNally, Justice Minister, Liberal Democrat – We want to protect the civil liberties of individuals while allowing for economic growth and innovation. The UK benefits of the proposals are outweighed by the costs of additional administrative and compliance measures they introduce. The regulations in their current form could have a net cost to the UK economy of £100m-£360m per annum. The Government’s position is to negotiate for EU legislation that does not impose disproportionate burdens on business, including the direct marketing industry.
Ed Miliband MP, Leader of the Opposition – Your comments have been noted.
Boris Johnson, Mayor of London – I have no input to this. Try writing to the Direct Marketing Association.
Chuka Umunna, Shadow Business Secretary – no response yet
Nick Clegg, Deputy Prime Minister – no response yet
Institute of Directors – We are working on forming a policy position around the incoming legislation.
Federation of Small Businesses – We agree that the new rules will have a devastating effect on the direct marketing industry and are working hard to have them changed.
You may have heard that the European Union is planning sweeping changes to data protection laws. What you may not have realised is the impact these changes will have on your business.
As the proposals currently stand it will become illegal to
- send a mailshot
- send a promotional email
- make a telemarketing call
to any named individual either at home or at work without first obtaining their explicit consent.
Quite simply it will mean the end of targeted direct marketing in the UK.
These proposals are probably well intentioned. It is likely that tougher data protection laws would protect vulnerable and elderly people from unscrupulous companies. But the proposals make no distinction between a company phoning an 84-year-old widow in her home and a company writing to the marketing director of British Gas at the company’s head office.
How can we stop this happening?
The best course of action is to write to our MEPs. Before becoming law the new data protection proposals have to be approved by the European Parliament. Each region of the UK has several MEPs. The contact details of these MEPs can be seen here: http://www.europarl.org.uk/view/en/your_MEPs/List-MEPs-by-region.html
All that’s needed is a brief letter or email to each of the MEPs that represents your region describing what your company does, how many people it employs and the impact this legislation would have upon you.
What we think
Electric Marketing’s view is that the proposals should make a distinction between business-to-business marketing and consumer marketing. We believe that the current opt-out system works perfectly well for the business-to-business arena and that a switch to an opt-in regime would severely limit the ability of small companies to promote their goods and services to larger businesses. It is anti-competitive and would lead to the failure of many potentially successful start-up businesses.
Whatever your view NOW is the time to make it known by writing to your MEP.
More details of the EU’s proposals can be seen on the Direct Marketing Association’s website: http://dma.org.uk/eu-data-protection/the-proposals-at-a-glance
If you’d like to contact me about this please send an email to firstname.lastname@example.org
Electric Marketing Ltd