Bonce,

What I'm aware of is:

The DTI said:

Organisations which promote their business by sending emails and direct marketeers are particularly affected by the regulations which: - make it a legal requirement for businesses to obtain individuals' prior consent to the use of details provided by them before sending unsolicited direct marketing via e-mail or SMS (text) messages. - require businesses to inform individuals at the time of purchase about the potential use of their details for future marketing and give them the opportunity to object to this. - require customers to be given the opportunity to object to future marketing after each marketing e-mail or SMS message. - allow such marketing to be undertaken if a customer is being marketed a "similar product" to the product purchased when the customer originally provided their details. What is a "similar product" remains unclear. - require individuals to be informed if any software tracking device (such as email tracking software or a cookie) is used to identify, monitor or store their information. - allow individuals the option to decline access to a web site which uses cookies.

Also:

Website Dataharvestingdotcom said:

How the Communications Data Protection Directive affects you: There is a new EU directive – the E-Privacy Directive: ‘Directive 2002/58/EC Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector, 2002 O.J. (L 201) 37’ – it is being called the "Communications Data Protection Directive" for short. All being well with the UK legislators it will become law later this year and you need to understand its impact on your e-marketing activities including emails, websites, web forms, list-building and data management. 1. The new EU Data Protection Directive Q. When do the new laws come into effect? A. Officially, on 11th December 2003. Originally set for 31 October 2003, things have been delayed, so you have a few more weeks to get your house in order. Q. Why is this important? A. Because getting it wrong could land you in hot water with some pretty heavyweight UK and European bodies. You could also upset your clients, your boss, your legal department and even your employer. Keeping your head buried in the sand on this one is not the answer. This one won't go away. Read on. Q. Why the sudden change? A. SPAM or Unsolicited Commercial E-mail (UCE). It's a big problem, and the law-makers want to stop people sending it out, so we can all enjoy email the way it was meant to be. Nice idea. Even though I am not naive enough to think it will totally work, we all have to support this move in the right direction, even if it hurts a little right now. Like all medicine that is good for us, it tastes horrible. Q. In a nutshell, what do the new laws mean? A. The new rule for sending unsolicited commercial e-mail (‘UCE’) (and SMS, although we are concentrating on e-mail here) is basically: ‘not without prior consent’. In other words, you can only send an individual unsolicited commercial e-mail if they have explicitly opted in to receive such communications from you. There are two exceptions to this rule however. Q. Is there any good news? A. Yes. It appears that there two significant exceptions. Whereas, at first glance it appears that this new law will bring your email marketing programme to a complete halt – that is NOT necessarily the case. The Directive differentiates between the different types of individual that you may have on your list – they will either be a ‘natural person’ (apply the ‘opt-in’ rule), a ‘legal person’ (apply the ‘opt-out’ rule), or a ‘customer’ (apply the ‘soft opt-in’ rule). Q. What is the difference between a ‘natural person’ and a ‘legal person’? A. Oddly enough, it is down to who pays the telephone bill on which the email is picked up. Essentially, if Bob gets email at bob.smith.35622@aol.com at home and pays his own home bill, they he is a ‘natural person’. If, when Bob arrives at work and gets his work email at bob.smith@abcindustries.com he is a ‘legal person’. Yes I have been asked ‘what if Bob goes into an Internet café and picks up his work email and pays for it himself?’ and ‘what if Bob has Web Mail and can pick up his work email from his home PC?’. I don’t know, good questions, but the broad distinction is extremely clear. Bob has protection from UCE at home but not at work. Q. What is a ‘customer’? A. Someone with whom you have an existing relationship because they have paid you for goods or services provided (sometime called ‘soft opt-in’). Not someone who ‘looks like a really strong lead’ or who has ‘clicked all over our website so they must be really interested’. Following a commercial transaction they can be treated as a customer. Do however make sure that you send all emails about ‘similar products’ and that you include an opt-out. Just take care of these ones and use best practice, kid gloves, common sense and judgement. 2 . What you might be doing right now Q. But I don't send SPAM, I have built a targeted list of people who should be interested in my kind of service, and I think our e-mails are full of interesting information. A. Really? Time to check your list because if there are any ‘natural persons’ it doesn’t sound like they explicitly opted in, more like you targeted them. It sounds like the new laws would classify your activities to these ‘natural persons’ as classic SPAM. The ‘legal persons’ can still receive your emails though, but they need to be able to opt-out easily each time, and you must honour any such request faithfully. Q. I must be OK, I have used a permission-based rented list of personal emails from a list broker. A. Opt-in for all personal email addresses is clearly going to have a significant effect on email marketers and render virtually impossible the use of third-party provided email address lists for commercial email purposes. The law now makes some clear determinations on how individuals grant permission. You need to be certain that, for personal emails, any third party supplier provides you with properly opted-in, not opt-out lists. The difference is crucial. Ask how they comply in the light of the new laws. If they don’t give you a water-tight answer, find another supplier who will. It’s your neck on the line, not theirs. Q. My visitors said they didn’t see my opt-in text because it was too small. Am I still OK? A. No. Too small, too difficult to understand, hidden several links deep. All bad practice from the old days and not allowed now. It's about clarity and visibility at the time of sign-up. If you try to hide away the opt-in text in a 6-point pale grey font at the bottom of some text – you are asking for trouble. 3. Building lists and using web forms Q. How do I get my website visitors to sign up to our e-newsletter now? A. The same as before. Make a web form available, ask only for the information you need, and explain everything very clearly in your Privacy Policy, a link to which must be adjacent to the ‘submit’ button on the form. Make sure visitors understand what they are doing as they opt in. They must opt in. Q. What do you mean 'opt-in'? A. It’s not what you end up with by ‘not opting out’. It is an explicit and clearly-understood voluntary submission by an individual of their e-mail address in the understanding that will receive further certain specified email communications from you in the future. They opt in and they know they have opted in by ticking an empty box, not by unwittingly agreeing to some hidden small print. Q. Won’t opt-in forms warn some people off from signing up? A. Yes. Some but by no means all. The good news is it will only warn off those who don’t want your commercial emails, won’t buy from you, and will just kick up a fuss if you email them. You don’t want them on your list anyway. The right ones will sign up, especially if receiving your emails is to their benefit. Q. What’s the best way to display the opt-in question on my web form? A. Display this kind of text: ‘Do you want to receive further information, etc by email?’ For the answer, provide an empty radio button with a 'yes' and 'no' and make sure it’s a validated field. Also add a link to your Privacy Policy. This ensures that everyone who signs up has to answer the question either yes or no, and you get no blanks. Q. What is wrong with just sending emails with an 'opt-out’ in them? A. There is nothing wrong with sending UCE to ‘legal persons’. The law does not however allow you to send commercial emails to ‘natural persons’ on an 'opt-out' basis. Offering an individual the chance to opt out still means you sent them an email in the first place – and that was SPAM. That is never going to reduce SPAM, is it? Q. How much information can I get from subscribers? A. No more than you need right now. Resist the temptation to request too much information - the 1998 Data Protection Act covers processing sensitive data, and also holding data too long. Inform your subscribers what you will use their data for in your privacy policy. Q. Should I build our opt-in subscriber list and also rent it to third parties? A. No. Unless you inform the subscriber at the point of sign-up that you intend to do so, but most normal individuals will run a mile if they think they are inviting junk email into their lives. The words ‘we may release your details to carefully-selected third parties’ usually means you will sell it to anyone who can afford it. Want to read all about how SPAM got out of control for Nadine? Also think hard about the benefits to be derived from list-broking or providing an email distribution service, compared with the time, effort and risks involved. Better to stick to what you do best, leave list-broking and distribution to those who do it for a living. Build your own list and use it for your own business - that’s where your profit lies. Q. Do I need to say exactly who we are in our commercial e-mails? A. Yes. And plenty more besides. Who and where you are, why the recipient is getting an email from you, how they can get off your list, why you think this email is relevant and interesting and matches their preferences and how they can view/change their preferences. Your emails should inspire confidence, not arouse suspicion. The Charter from EMMA covers this well. Read more about commercial email content here. Q. Should I use marketing companies that can send my e-mail messages to 75 million opt-in emails on their lists? A. No. It’s nearly always a scam. It would therefore be SPAM. You would lose your money. If any emails actually ever went out, it would do you enormous harm for a very long time. 4. Things to do Q. Is this anything to do with the 1998 Data Protection Act? A. Directly, no. Indirectly, yes. As a Data Controller you will continue to notify the Registrar annually, and follow the 8 principles, etc. Essentially, you must be clear about the purpose you collect data for, and use it accordingly. If you didn't tell your data subjects what they were signing up to, don't be surprised if they kick up a fuss when they get your emails. Data subjects have rights and are more likely to be aware of them following the introduction of this new legislation. Q. Does every website need a Privacy Policy? A. Yes, if it collects information from visitors. That’s not directly related to the new Directive however, it’s more a Data Protection Act compliance issue. Q. Do I need to update my existing Privacy Policy? A. Probably, yes. I don't know how comprehensive your existing one is. For guidance on content, see the Charter that EMMA (The UK's Email Marketing Association) provides as best practice. Your policy should clarify how information about individuals is collected, stored, accessed, updated and used, etc. You need to be clear on these points too. Q. Should my Privacy Policy be 'P3P' compliant? A. P3P is the Privacy Preferences Project. It’s your choice. P3P compliance may well future-proof your Privacy Policy. The latest versions of Internet Explorer look for this XML information in the ‘View: Privacy report…’ menu. You can use a great online tool from <a href="http://www.P3Pwriter.com">www.P3Pwriter.com</a> to build your own P3P-compliant Privacy Policy – they charge a $29.95 fee but it looks worth it to me as things can get a little complicated. If you want to use a DIY approach, visit the W3C web page about P3P. Q. Do cookies fit into this somewhere? A. Yes. The Directive says that cookies may be activated as a visitor arrives on your website, so long as the site provides easy access somewhere on the site to ‘clear and comprehensible’ information about the operation of the cookie and an opportunity to opt out. Here in the UK, Richard Thomas, our Information Commissioner has long held the view that under the Data Protection Act 1998, cookies can only be activated after a cookie warning has been given and an opt-out opportunity provided. Well that’s as clear as mud then! Q. Do I have to update my Website Disclaimer and Legal Notice? A. Probably. Your website Disclaimer & Legal Notice page (often linked to just as ‘Legal’) may be a good place to include some extra text about data protection/data privacy obligations, and a quick review right now will probably bring it up to date anyway. 5. All about SPAM Q. Are these new laws the only way to prevent SPAM? A. No. These laws stop you and others sending it out. They won’t necessarily stop you receiving it however. You should therefore practice good self-defence. Stop email extractor software from ripping off all the email addresses from your website by simply changing all the mailto links to safe mailto links. Check that you only sign up on websites that comply. Read Privacy Policies - your browser can do this for you with P3P compliant websites. Set up several sacrificial email addresses that you can bin if they get onto SPAM lists. Keep your personal email for those you already trust. Q. I personally get too much SPAM – how do I stop it all? A. You can’t stop it all. Live with it, or change your email address. SPAM-blocking software can stop some, your webmaster or ISP can block some more at your mail server by installing mail filters, and you can set up extra rules in Outlook to bin any that does reach you. You can contact one of the associations devoted to preventing junk e-mail (CAUCE, Privacy International, etc.). Other services exist to assist individuals to prevent junk e-mail, such as <a href="http://www.spamcop.com.">www.spamcop.com.</a> Remember, it is an uphill battle that you can’t completely win. Q. Are there any other SPAM laws? A. Yes. Beside this E-Privacy Directive, there is also the E-Commerce Directive: Directive 2000/31/EC on Certain Legal Aspects of Information Society Services, in Particular Electronic Commerce, in the Internal Market, 2000 O.J. (L 178) 1 [EUR-Lex] [EuroCAUCE], the Telecommunications Privacy Directive: Directive 97/66/EC Concerning the Processing of Personal Data and the Protection of Privacy in the Telecommunications Sector, 1998 O.J. (L 024) 1 (repealed and replaced by Directive 2002/58/EC) [EUR-Lex], the Distance Contracts Directive: Directive 97/7/EC on the Protection of Consumers in Respect of Distance Contracts, 1997 O.J. (L 144) 19 [EUR-Lex] and the Data Protection Directive: Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personal Data and on the free movement of such data. Thrilling stuff. Better than counting sheep.

Hope this helps! Phew!

Greg

>> Edited by GregE240 for format

>> Edited by GregE240 on Tuesday 2nd December 12:12

Sorry for it being so detailed Bonce!

I imagine its taken you the best part of an hour to trawl through it.

Yeap, work for a company that specialises in this type of thing and as Greg says - its a bit of a minefield. However, comply with the rules and be open and honest with customers / browsers etc and you will get respect and usually happier customers.... ignore the law at your perill - the various legal bodies are poised to come down with a very heavy hand as most of the points they are clamping down on are very easy to prove....

Its good though - should cut down on the amount of UCE that you get. Targeted and concented email is fine - its just all the crap you get from the US that needs to be dealt with next..... anyone hear about the recent court case against the Gator people from Wells Fargo?

Wells Fargo the bank were somewhat peeved to see that people who have Gator installed (spyware but they claim it is legitimate) that happen to visit the banks website - get to see competitive pop-up adds from other banks directly targeting Wells Fargo.... all completely unsolicited and all completely anti-competitive..... and the interesting point is..... wait for it......

Wells Fargo lost!

Yep, it is legal in the US to install spyware against the users knowledge, push, point or actively obscure the website you wish to visit with marketing.... Nice.... Thank god that activity is illegal in the UK / EU....

do you have the original URL for this so i can show me boss?

ta, Danny.