eco Directive for Permissible e-Mail Marketing
Transcription
eco Directive for Permissible e-Mail Marketing
D eco Directive for Permissible e-Mail Marketing Guidelines for Practical Use 5th Edition 2014 NEW: wide World ut / Opt-O Opt-In List! A CH 2 INDEX Guidelines for Practical Use 5th Edition 2014 1.Foreword 2. The Consent 2.1. Transparent consent 2.2.Conscious, unequivocal, and express consent 2.3. Data economy 2.4.Co-registration and purchase of addresses 2.5. Consent of minors 2.6.Period of the validity of the consent 2.7.Formal requirements of the consent 2.8.Demonstrability of the consent (double opt-in) 2.9.Documentation of the consent 2.10.Exception from the opt-in: E-mail advertising with existing customer relationship 2.11.Advertising in transaction e-mails 2.12.Feedback inquiries after purchase 4 5 5 6 7 7 7 8 8 8 14 15 17 18 3. Unsubscribing 3.1. Can e-mails be easily unsubscribed? 3.2.Are inquiries and complaints responded to? 19 19 22 4. 24 24 26 27 Design of the content 4.1. Is the subject not misleading? 4.2.Is the sender clearly discernible? 4.3.Is the legal notice complete? 5.Contract data processing – what needs to be noted 29 6.Sample cases for permissible optimization in e-mail marketing 6.1.Statistical analysis and measurement of user behavior: Usage profiles 6.2.Performance increase in e-mail marketing: Legal opportunities and boundaries 30 7.What needs to be noted in other countries in e-mail marketing 7.1.The legal aspects in Switzerland 7.2. The legal situation in Austria 35 35 39 8.Our recommendation: Certified Senders Alliance 41 9.Opt-in or opt-out – what applies in the individual countries 43 Authors 50 30 32 3 eco Directive for Permissible e-Mail Marketing 1.Foreword More than twelve years ago, the online marketing competence group of eco Association of the German Internet Industry adopted the first “Directive for requested online marketing.” Since then, the directive has been updated on a regular basis and more than a million copies of the popular guidelines were distributed or downloaded as a PDF from the eco website. The current revision of the directive takes into account the consequences from the expiry of the transitional period for the amendment of the Federal Data Protection Act (BDSG) and a number of more recent rulings (e.g. the ruling by the Federal Court of Justice regarding the tell-a-friend function). Changes for practical use have arisen in particular with regard to the formulation of the consent to e-mail advertising and with regard to the documentation obligations. A comprehensive overview of the global legal positions of other states with regard to the handling of consents (opt-in or opt-out) was also included for the first time. E-mail marketing has become a fixed part of the customer communication of many companies. In order to highlight the special circumstances with regard to the legal conformity of this marketing communication, specific and in particular practice-oriented instructions for action are given in these guidelines. The present directive gives companies an answer to the most frequent legal questions. There are three areas for each question: 4 1. Legal requirements 2.An explanation of the question and recommendations for the practical implementation of the statutory requirements 3. Practical examples The most pressing legal issues from a company perspective relating to the sending of e-mails are: H ave the recipients given their consent? C an the consent be proven? D o the recipients know what they have consented to? H as the option of unsubscribing been pointed out to the recipients? D o the recipients receive an e-mail confirmation of their consent? C an e-mails be conveniently unsubscribed to? A re inquiries responded to? Is the subject not misleading? Is the sender clearly discernible? Is the legal notice complete? D oes it involve a case of contract data processing and have the corresponding statutory regulations been complied with? Of course, this directive cannot replace any legal advice in individual cases. It can, however, help to ensure that companies are on more stable ground when they use the medium of e-mail to contact prospective customers. Consumers should also be able to feel safer when they provide a company with their e-mail address. Safe means that addresses are not simply forwarded, that e-mails can only be sent with the addressee‘s consent, and that it is easily possible to have your own address deleted from a distribution list again at any time. The great success of e-mail as a medium is Guidelines for Practical Use 5th Edition 2014 based on trust. This directive should contribute in this respect. The directive can also be retrieved on the Internet at www.eco.de/ RichtlinieOnlineMarketing. 2. The Consent It is now generally known that advertising by e-mail fundamentally requires the consent of the recipient, both in the B2C area and in the B2B area. The necessity of the consent results from Section 7 para. 2 of the Act Against Unfair Competition (UWG) and from Section 28 para. 3 sent. 1 of the Federal Data Protection Act (BDSG). Although this principle may sound simple, its specific implementation is difficult. Through numerous rulings and amendments to laws, the requirements for declarations of consent are also being constantly tightened. The requirements of valid consent can be summarized in brief as follows: t ransparent v oluntary c onscious, unequivocal, express and s eparate In addition, it must be possible to prove consent and to record it in detail. For e-mail advertising within the framework of existing customer relationships, the law makes provision for certain alleviations (cf. chapter 2.10) 2.1. Transparent consent Valid consent must meet certain requirements with regard to form and content. It is decisive firstly that the consenting party is informed in a transparent and easy-tounderstand manner about the content of his or her declaration of consent. According to Section 4a para. 1 sent. 2 of the Federal Data Protection Act (BDSG) and the legislation issued in this respect by the Federal Court of Justice on 25 October 2012, file reference I ZR 169/10, consent is only valid when it is declared in knowledge of the circumstances and for the specific case. The consenting party must be able to gain a specific idea of who is to use his or her data and for what purposes. The company that intends to refer to the consent in the future must be clearly named. The consent is always only for the company expressly named. There is no “blank consent” that for instance could entitle a company XY and its “partner companies” to conduct e-mail advertising. The data protection law does not make provision for group privilege either. A forwarding of e-mail addresses within the group for advertising purposes of other group companies is not permissible either (if the group companies are not expressly named in the consent). A general naming of company XY “and affiliated companies” should also constitute a breach of the requirement of transparency. The content of the future advertising e-mails should also be addressed as transparently as possible in the declaration of consent. If, for instance, a company markets various product lines under different brands, the declaration of consent should indicate whether the addressee will receive advertising for the product line under the brand X in the future or whether all the company‘s brands will be advertised. 5 eco Directive for Permissible e-Mail Marketing Worst practice / n egative examples: ■ I consent to my data being used for advertising purposes. I can revoke my consent at any time by e-mail to unsubscribe@abd.com. Such a declaration of consent is invalid as it is not discernible here which media (e-mail, SMS, telephone, letter) are to be used for advertising. ■ I would like to receive advertising from ABC Co. and from partner companies of ABC Co. by e-mail. I can revoke my consent at any time by e-mail to unsubscribe@abc.com. In addition, a link to unsubscribe to other information is included in each e-mail. This declaration of consent does not inform the addressee about which partner companies are involved. The consenting party thus has no idea what companies his or her e-mail address will be forwarded to. In the case of consent which also includes the forwarding to third parties, the potential recipients of the data are to be named in detail. 2.2.Conscious, unequivocal, and express consent Pursuant to Section 7 para. 2 no. 3 of the Act Against Unfair Competition (UWG), consent must expressly be given by the consenting party, i.e in a conscious and active manner. This can be done in writing by a signature of the consenting party or in electronic form by clicking on a check box. An opt-out option, i.e. for instance a check box that can be clicked when no e-mail advertising is wanted, or a pre-clicked check box 6 do not therefore constitute valid declarations of consent. The publishing of the e-mail address in public directories, on the Internet page, in a letterhead, or on a business card does not constitute consent to the sending of e-mail advertising either. A presumed or implied consent with which interest on the part of the addressee is merely assumed is no longer sufficient. Consent to the sending of e-mail advertising must always also be given separately, i.e. it cannot be combined with other declarations. For the confirmation of a purchase in an online shop (“Order now with costs”) on the one hand and the consent to e-mail advertising on the other, two separate check boxes must thus be provided. This was confirmed again by the Federal Court of Justice in its so-called “Payback ruling.” Worst practice / negative examples: ■ I would NOT like to receive the e-mail newsletter of ABC Co. The “opt-out” in this case does not constitute a valid declaration of consent. The consent must be given by active measures by the consenting party. Here, however, the consenting party must become active if he or she does not want to give his/her consent. Best practice / p ositive example: ■ I would like to receive the weekly newsletter of ABC Co. with information on its offers from the field of telecommunication by e-mail. My data are not forwarded to third parties under any circumstances. I can revoke my consent at any time by Guidelines for Practical Use 5th Edition 2014 e-mail to unsubscribe@abc.com. In addition, a link to unsubscribe to other information is included in each e-mail. This declaration of consent meets the statutory requirements. 2.3. T he size of the list is restricted to a maximum of ten (10) companies. The threshold of transparency should at any rate be exceeded if the user can no longer recognize the participating companies “at a glance.” Data economy Under the consent, no more data may be requested from the recipient than are actually necessary for the provision of the service. Usually, only a request for the e-mail address is necessary for the sending of an e-mail newsletter. The obligatory request for the first name or surname to personalize the e-mail newsletter is seen by many lawyers as permissible but not by all data protection supervisory authorities. However, as many data as required can be requested on a voluntary basis. 2.4.Co-registration and purchase of addresses With the acquisition of address data for third parties (lead generation through co-registration), the companies for whom the addresses are to be collected are to be named in detail as well. The number of companies for whom addresses are to be collected at the same time should be manageable. In particular, it is recommended that the following requirements be met: T he companies for whom the address data are to be generated are to be specified by name and when the sector is indicated individually. It must be easy and clearly possible within the consent process for the user to take note of the list of companies. The use of purchased e-mail addresses entails increased due diligence obligations. For according to legislation, the purchaser of the e-mail addresses must ensure that the owner of the respective e-mail address is really in agreement with the sending of the advertising and that the lawfully submitted consent refers in particular not only to the mailing by the seller but also by third parties (in this case the purchaser). At any rate, it is not sufficient to rely on the assurance from the seller that the consent had been given. The purchaser must have been provided the corresponding documented records and must at least carry out a random check. In order to take the most reliable path in this area too, the records for the consent should not only be shown but also stored in the company‘s own files for documentation purposes. 2.5. Consent of minors The minimum age for the ability to give consent is not clearly defined. Within the framework of e-mail advertising, minors aged 16 and over can generally be seen as capable of giving consent. However, in the consent to the processing of so-called “sensitive data” (e.g. health, religion, etc.) higher requirements may have to be set under certain circumstances in individual cases. 7 eco Directive for Permissible e-Mail Marketing 2.6.Period of the validity of the consent It is regularly claimed that consent to the sending of e-mail advertising expires after a certain period of time. However, there is no proof in the legislation for such a limited “shelf life” either. It should merely be ensured that the consent is made use of relatively promptly after it is given. In the opinion of the Munich I Regional Court with its ruling dated April 8, 2010, file reference 17 HK O 138/10, consent to the sending of e-mail advertising which is not made use of until more than 1.5 years later is no longer valid as the consenting party will no longer expect the e-mail advertising to be sent after such a long period of time. If, however, consent is regularly given to the sending of an e-mail newsletter, there is no cause to assume that it should expire after a certain period of time. 2.7.Formal requirements of the consent Consent by postcard or letter: As a fundamental rule, consent is to be given in writing (Section 4a para. 1 sent. 3 of the Federal Data Protection Act (BDSG)). By “in writing,” the law understands the handwritten signature of the consenting party. If therefore consent is given in a document – for instance a postcard or letter – which the subsequent addressee of the advertising e-mail has signed, the consent can be proven by this document. For this purpose, it must be ensured that the document is retained. 8 Online consent: On the Internet, consent can also be given in electronic form. Pursuant to Section 13 para. 2 of the Telemedia Act (TMG), electronic consent must also meet some formal requirements, i.e.: t he consent has to be recorded, t he user must be able to retrieve the content of the consent at any time and t he user has to be able to revoke the consent at any time with effect for the future. This right of revocation is to be pointed out to the user beforehand (Section 13 para. 3 of the Telemedia Act (TMG)). Consent with personal contact and on the telephone: Consent can also be given on the telephone or in person, for instance during a call to a call center or “face to face” at a trade fair. Since the reform of the data protection law in 2009, however, such consent that is not given in writing must be confirmed in writing (Section 28 para. 3a of the Federal Data Protection Act (BDSG)). 2.8.Demonstrability of the consent (double opt-in) In the event of a dispute in court regarding the permissibility of the sending of the advertising e-mail, the sender has the burden of presentation and proof that the consent was actually given by the specific owner of the e-mail address used. The mere presentation that consent to the sending of advertising e-mails to a particular e-mail address was given is not sufficient if the sender cannot prove that the consent actually originated from the owner of the e-mail address used. Guidelines for Practical Use 5th Edition 2014 As a fundamental rule, the sender must note the following: given during registration, also submitted the consent. M erely the granting of the addressee‘s consent is not sufficient. The consent must be obtained in such a way that it can be proven when convincing a court (provability). T he consent from a person is not sufficient either on its own. It must be proven that precisely the recipient and not perhaps a third party under the latter‘s name or e-mail address has given consent (congruence: registering party – (subsequent) recipient). By using the double opt-in procedure, it can thus be prevented that advertising e-mails are sent to an e-mail address that has not been registered by its owner, but instead misused by a third party. It is also ensured that no advertising e-mails enter the distribution list with which the user has merely committed a typing error during registration. In this case, too, there is the risk that the actual holder of the e-mail address receives advertising e-mails although he or she never submitted consent. For the proof that the consent actually originated from the owner of the e-mail address used, the double opt-in procedure offers the maximum legal certainty. The use of the double opt-in procedure is therefore highly recommended – but it is not mandatory under the law. Even if we read it repeatedly: There is no statutory obligation to use the double opt-in procedure. Such an obligation was not introduced with the 2009 amendment of the Federal Data Protection Act (BDSG) either. Why actually double opt-in? As a reminder and for clarification: With the double opt-in procedure, a confirmation e-mail (frequently also called invitation e-mail or check mail) is sent to the e-mail address given during registration for a newsletter. In this confirmation e-mail, the addressee is asked to confirm his or her consent by clicking on a confirmation link. If the addressee clicks on the confirmation link, it can thus be proven that actually the owner of the e-mail address which was And is the double opt-in procedure legally permissible? In the field of dialog marketing, in actual fact, contradictory court rulings can be found for virtually all legal issues. Unfortunately, the courts are and were also not entirely in agreement in the assessment of the double opt-in process. In some rulings, the confirmation e-mail per se was already seen as an unreasonable harassment (or unlawful e-mail advertising or spam). In the process, however, the courts have overlooked the fact that ultimately there is no alternative to the double opt-in procedure if you want to conduct legally certain e-mail marketing. Not even in the (admittedly hypothetical) use of a Post-Ident procedure or a notarized certification of the consent to the sending of e-mail advertising can it be established with legal certainty that for instance the e-mail address angel23@ gmx.com does indeed belong to Mrs. Maier, who indicated precisely this address when giving her consent. 9 eco Directive for Permissible e-Mail Marketing From a legal perspective, it was therefore major progress when the Federal Court of Justice in a ruling dated February 10, 2011, that significantly bears the title “double opt-in procedure,” fundamentally gave the go-ahead to the double opt-in procedure: “If application for participation is received in electronic form, the latter‘s sender can be asked in an e-mail to confirm his or her request to participate. After receipt of the requested confirmation, it can be assumed that the application did indeed originate from the e-mail address indicated.” In contrast, the Munich Upper District Court ruled on September 27, 2012, that the confirmation e-mail under the double opt-in procedure already constitutes an unsolicited advertising e-mail. The confirmation e-mail that is used precisely to avoid spam would therefore itself be spam according to the Munich judges. The crux of the Munich ruling is the question of whether the confirmation e-mail can already be seen as advertising by e-mail. In the opinion of the Munich judges, this is the case. And consent is thus already required for the confirmation e-mail. As, however, the confirmation e-mail is used particularly to make the consent provable, there cannot be any provable consent for the sending of the confirmation e-mail. Which means that you somewhat feel as if you were in a novel by Kafka: “Do you want to obtain consent? But then please prove beforehand that you already have consent...” 10 That can‘t be how things work. And the solution to this Kafkaesque drama lies in the question as to whether the confirmation e-mail is really and truly advertising or whether it is more of a transaction e-mail. The legislation and jurisdiction are less hesitant when it comes to what should be seen as advertising. Any statement that is used directly or indirectly to sell products or services falls under the term “advertising.” As lawyers put so succinctly, the term “advertising” can be “interpreted in many ways.” For instance, the legislation also sees birthday e-mails from a company to its customers and e-mails for a market research study that is not carried out on a neutral basis but in the interest of a company, as advertising. Which is somehow still understandable as these e-mails ultimately aim to sell products or services, at least indirectly. Almost everything that a company does and communicates externally serves to sell products or services. After all, that is the reason for the company‘s existence. However, it goes too far to classify any communication from a company in blanket terms and as a type of reflex reaction as “advertising.” Companies also communicate with their customers to fulfill a contractual relationship by, for instance, sending order confirmations or invoices by e-mail. For this type of communication, nobody seriously requests express and unequivocal consent from the addressee. Such so-called trans action e-mails are lawful as part of the fulfillment of the contractual relationship between a company and its customers. And the sole purpose of the confirmation e-mail is the verification of the consent as part of the contract (or contract-like relationship) Guidelines for Practical Use 5th Edition 2014 between the company and addressees regarding the sending of an e-mail newsletter. The confirmation e-mail does not itself promote the sale of goods or services. Rather the opposite is true: The double opt-in procedure costs addressees or conversion. Experience shows that an average of around a quarter of the addressees of a confirmation e-mail do not confirm their registration for the e-mail newsletter and can thus not be written to. And for those who have experienced the vehement resistance of an average marketing department to the introduction of the double opt-in procedure will scarcely want to assert afterward that the double opt-in procedure could be classified even in the remotest sense as an advertising measure. To cut a long story short: Sending a confirmation e-mail does not require any separate, prior consent. This is firstly not possible logically; secondly, the confirmation e-mail is not to be qualified as advertising either. Confirmation e-mail without advertising However, the confirmation e-mail must always be absolutely free of advertising and may solely be used to verify the e-mail address. As is seen frequently enough, the confirmation e-mail does not have to be sent as plain text. It may indeed correspond to the corporate identity of the company and for instance include a logo, but additional advertising elements must be avoided. A confirmation e-mail loaded with advertising would fail in court as an impermissible advertising e-mail. Confirmation e-mail with full declaration of consent The confirmation e-mail serves solely to verify consent. If a user indicates a thirdparty e-mail address in subscribing to a newsletter improperly or because he or she is of the opinion that the newsletter could perhaps interest the owner of the e-mail address, the owner of the e-mail address receives a confirmation e-mail. Without being familiar with the declaration submitted by the party, he or she receives this confirmation e-mail; he or she has never submitted any kind of consent on a website. If he or she now clicks on the confirmation link, this click alone must constitute sufficient consent in order to send the newsletter to his or her e-mail address in the future. The full consent should therefore be included in the confirmation e-mail. And full consent must be given with the click on the confirmation link. Solely with the wording of the confirmation e-mail, the sender must be able to prove in court that the addressee‘s consent to the sending of e-mail advertising had been received. It is therefore not sufficient if there is a brief and concise request in the confirmation e-mail for the confirmation of the consent submitted on the website during registration, without repeating it. In other words: If you invest a lot of time and effort (and possibly even money for a legal audit) in the formulation of your declaration of consent on the website, this declaration of consent must also be reproduced in exactly the same form in the confirmation e-mail. Otherwise you can save yourself the effort. 11 eco Directive for Permissible e-Mail Marketing Confirmation e-mail without further explanations The following formulation, for instance, would be possible: The confirmation e-mail should solely be used to confirm the consent and no further declarations should be packed into it. One of the formal requirements, of which there are a great deal now, for the validity of consent is that it is submitted separately from other declarations, in almost isolated form (cf. chapter 2.2.). Many thanks for your participation in our big million-dollar competition! Please confirm your subscription of our newsletter with up-to-date information. The confirmation of consent in the confirmation e-mail should therefore, for instance, not be linked to participation in a competition (even if such a link could be permissible overall, but that is another topic). An (advertising-free) confirmation e-mail is legally OK, but it may be the case from time to time that the confirmation e-mail is overlooked or in the worst case perhaps is caught in the spam filter. If the addressee does not click on the confirmation link, is it permissible to send a reminder e-mail? This formulation in the confirmation e-mail would therefore not be recommended: One more click to big winnings! Please conclude your participation in our big million-dollar competition by clicking on the following link and confirming the conditions of participation in the competition and your subscription to our newsletter with current information. In this case, no separate declaration of consent exists anymore and the consent would be invalid. The formulation of the confirmation to be submitted must make clear that solely the consent to the sending of the newsletter is confirmed and not also the participation in the competition at the same time. 12 What is the position with reminders when the addressee does not confirm immediately? Unfortunately, there is no clear answer to this question. As stated above, it is indeed pleasing that the Federal Court of Justice established regarding confirmation e-mails that they do not constitute an unreasonable harassment. Regarding the question of whether a reminder e-mail can be seen as an unreasonable harassment, the legislation has not been forthcoming to date, as far as we can tell. However, it is to be assumed that the courts will view such a reminder e-mail as fundamentally more critical than the confirmation e-mail per se. The confirmation e-mail serves solely the purpose of verifying the e-mail address and thus acquiring legally reliable and legally permissible consent. However, the reminder e-mail tends to serve the purpose of indicating a confirmation that has not been given and to perhaps gain consent after all, even if the addressee has not confirmed it in the first run, for whatever reasons. It should therefore become Guidelines for Practical Use 5th Edition 2014 more difficult here to substantiate legiti mate interest, beyond the growth of the distribution list, in the sending of the reminder e-mail. By this, however, the aim is not to state that the sending of such a confirmation e-mail is clearly impermissible. If a reminder e-mail is sent, however, it should generally only be sent once and within a relatively short period after the sending of the confirmation e-mail. Regular reminder e-mails over a period of several weeks or months will with reasonable certainty annoy the addressee and lead to complaints. Deletion of the data in the event of non-responders How long can the data be stored then if there is no confirmation? Here, too, it is difficult to indicate an absolute period of time. In abstract terms, it can be stated that data may only be saved for as long as they are required to carry out the double opt-in procedure. The admission criteria for the Certified Senders Alliance (CSA) are accordingly also expressed in abstract form in this regard: If confirmation is not given within a suitable period of time, the data collected in connection with the e-mail address are to be deleted. Thus, we arrive at the question of how long such an appropriate period of time is, i.e. how long the confirmation from the addressee can realistically be anticipated. Based on experience, the ordering of a newsletter is confirmed within a few minutes. If, for instance, the addressee is on holiday and is not lucky enough to be reachable via e-mail, however, it may indeed take one or two weeks until the addressee confirms his or her subscription to the newsletter. Accordingly, a period of two weeks is still seen as permissible under data protection law. Tell-a-friend function Most recently, on September 12, 2013, the Federal Court of Justice pronounced an important ruling on the (im)permissibility of recommendation e-mails. The following facts were available to the Federal Court of Justice: The petitioner received several times without his prior consent product recommendations from the defendant who had set up a “tell-a-friend” function on its website, whereby the respondent was (also) named as the sender of the recommendation e-mail. The petitioner therefore wanted to file a claim for injunctive relief against the defendant. The courts of prior instances (Cologne local court and regional court) had rejected such a claim on the grounds that the respondent would not be liable for the misuse by a third party with regard to the “tell-a-friend” function. However, the Federal Court of Justice (BGH) did not share this opinion: Initially, the Federal Court of Justice qualified the disputed recommendation e-mails as advertising pursuant to the Directive 2006/113/EC (accordingly, any statement when carrying out commerce, trade, craft or free profession with the goal of promoting the sale of goods or the provision of services is defined as advertising activity). 13 eco Directive for Permissible e-Mail Marketing In addition, recommendation e-mails are always to be assigned to the sphere of the website operator, irrespective of whether a third party initiates these e-mails. A fundamental factor is in particular that the respondent appears vis-à-vis the recipient of a recommendation e-mail as the sender. Ultimately, it is also the meaning and pur pose of the “tell-a-friend” function to draw attention to the website and the services offered there. It is thus stated in the grounds for the ruling: “This assessment is not countered by the fact that the respondent does not tolerate the misuse of the “tell-a-friend” function. It is apparent that the “tell-a-friend” function is used precisely to send recommendation e-mails to third parties, without there being any certainty that they have given their consent in this respect.” Consequently, a decisive factor also in the tell-a-friend function is, at least when the recommended company appears as the sender, whether the recipient has given his or her express consent to the unsolicited sending of such content. If no consent has been given, the protection of the consumer is required who is powerless against the sending of unsolicited advertising e-mails. In these cases, the e-mails are impermissible pursuant to Section 7 para. 2 no. 3 of the Act Against Unfair Competition (UWG). Whether the ruling by the Federal Court of Justice also means the end of the tell-afriend function in the event that the recommending private individual appears as the sender of the recommendation e-mail is currently assessed differently. One argument in favor of the permissibility of corresponding 14 recommendation e-mails is that the Federal Court of Justice also bases its ruling on the fact that the respondent was the sender of the e-mails in the case to be decided upon. On the other hand, the Federal Court of Justice bases its grounds for the decision on the fact that the tell-a-friend function was specifically used by the company to draw attention to services offered and that therefore the usage of the function should be attributed to the company. If a company decides to (continue to) provide its tell-afriend function, using a private individual as the sender, it is therefore running a high risk of at least a warning. 2.9.Documentation of the consent Irrespective of the procedure used, the declaration of consent is to be documented comprehensively and permanently for the entire usage duration of the e-mail address, whereby the documentation requirements of the Federal Court of Justice (ruling dated February 10, 2011, I ZR/164/09) are to be taken into account in the recording process. In the case of dispute, the sender of an advertising e-mail must be able to at least present the following details: C ontent of the declaration of consent and information about the formulation (how was the consent declared: actively and separately?) T ime of the declaration of the consent IP address of the consenting party at the time the consent was given (with dynamic IP addresses, the IP address of course only has a very limited value as proof) If applicable, the time when the invitation e-mail was sent out (with double opt-in) Guidelines for Practical Use 5th Edition 2014 C ontent of the invitation e-mail (with double opt-in) T ime of the confirmation of the consent (with double opt-in) With consent given in personal contact, it may be possible under certain circumstances to use the recipient of the declaration as a witness. In the event of a dispute (in court), the latter‘s statement must be considered credible. There are doubts in this regard if the contact took place a considerable time ago and was made within the framework of many contacts, for instance at a trade fair. In addition, it is not ensured either that the actual contact person is actually the person who receives the advertising later on. Here, too, the carrying out of a - correspondingly adapted - double opt-in procedure lends itself. 2.10.Exception from the opt-in: E-mail advertising with existing customer relationship For e-mail advertising within the framework of existing customer relationships, the law makes provision for an alleviation. Normally, the advertising company requires the conscious and unequivocal consent from the addressee in order to be able to send advertising e-mails (so-called opt-in). With an existing customer relationship, however, the customer may be sent advertising e-mails if the customer has not objected to them being sent (so-called opt-out). This exception to the rule, however, has certain formal requirements, which is why it is also called a “qualified opt-out”. Specifically, these requirements are as follows: (1)The sender must have received the customer‘s e-mail address from the customer “in connection with the sale of goods or services.” (2)In addition, it must have been pointed out to the customer “in a clear and unequivocal manner in the collection of the address and in each use thereof” that he or she can object to the use of his or her e-mail address for advertising at any time, (3)without costs other than the transmission costs pursuant to the basic tariffs being incurred in this regard” – and the customer must not have of course objected to it. (4)In the e-mails subsequently sent to the customer, solely “the company‘s own similar goods or services” may be advertised. The law clearly states that the customer must give his or her e-mail address him- or herself to the advertiser during the order process. Accordingly, it is not sufficient if the advertiser has received or found out the customer‘s e-mail address by other means. A hotly debated issue is the question of whether the sales process must actually be completed to be able to use the e-mail address for e-mail advertising. This question becomes relevant, for instance, with inquiries from prospective customers and in the online shop with so-called shop drop-outs who in the course of the order process place merchandise in the shopping cart and indicate their e-mail address but then cancel the order process. Are in such cases the statutory requirements “in conjunction with the sale” already met or must the sale be definitively completed? 15 eco Directive for Permissible e-Mail Marketing Whereas it is undisputed in many other European countries that contract negotiations are sufficient for reference to the exception to the rule, there is cordial disagreement in this regard in Germany. On the one side, there are the advocates of the most far-reaching protection against annoying e-mail advertising, who propagate a narrow interpretation of the exception to the rule and see the conclusion of the sales process as a mandatory requirement. An argument in favor of this is also the wording of Section 7 para. 3 of the Act Against Unfair Competition (UWG) that expressly mentions CUSTOMER. On the other, it is stated that a prospective customer who has voluntarily given his or her e-mail address during an order process and has had it pointed out to him or her that he or she will receive e-mail advertising in the future if he or she does not object, is not particularly worthy of protection. In using e-mail addresses that were collected “in conjunction with the sale of goods or a service,” there is thus a residual risk if this sale is not definitively concluded. A definitive court ruling that provides an unequivocal answer to this question does not exist (as far as is discernible). At any rate, a forwarding of the e-mail address to other companies, even to group companies, is not permissible. Usage of the address for advertising purposes for other companies is not permissible either. In addition, the advertising company may only send the customer e-mail advertising for “its own similar goods or services.” Here, the question arises what is meant by this abstract formulation. The required similarity 16 between the goods purchased and the goods that may be subsequently advertised is determined from the customer‘s perspective. Based on the purchases up to that point, the advertiser must ask itself the question as to what other similar goods the customer might possibly be interested in. According to the legislation, the decisive factor for the similarity of the goods is whether the advertised goods correspond to the same typical intended use or customer need like the ones already purchased. If both goods are used for the same typical intended use, the similarity is given. In the process, accessories and supplementary goods are still recognized by the legislation as “similar”, even if the legislation fundamentally assumes a narrow interpretation of the circumstances for the exception. If a customer, for instance, orders French red wine, he or she will undoubtedly also be interested in wines from Austria or other countries – it is therefore permissible to inform him or her about them. The information about accessories for the goods originally purchased should also easily fall under the exception to the rule. Specialized online dealers who only offer goods from a certain segment will therefore be able to use the exception to the rule better than an e-mail order company with a comprehensive range of goods who advertises goods in its newsletter from all areas in unspecific form. If the advertiser has used an “active opt-in” up to now within the framework of its online shop in which the customer must click on a check box in order to receive its newsletter, it can, as an exception, integrate this check box in “pre-clicked” form in the order Guidelines for Practical Use 5th Edition 2014 process. In the process, it must always be pointed out that the sending of advertising e-mails can be objected to at any time, without costs other than the transmission costs pursuant to the basic tariffs being incurred in this regard. In this case, the user must become active and “deactivate” the check box if he or she does not want to receive the newsletter. Experience shows that such a changeover results in at least a doubling of the conversion. The advertiser must then, however, of course note the restriction of the advertising to “own similar goods or services.” If he or she wants to use the addresses acquired in this way for the sending of the newsletter, he or she may only advertise goods of a similar type. For example, a travel operator who integrates the following text in its order process should generate considerably higher conversion: We will send you your booking confirmation to the e-mail address that you have indicated. By indicating your e-mail address, you will not receive any unwanted spam e-mails. In connection with your booking, you will receive from us, in addition to the booking confirmation, other e-mails tailored to your trip. You can object to the sending of these e-mails at any time by sending an e-mail to unsubscribe@xyz.com, without costs other than the transmission costs pursuant to the basic tariffs being incurred in this regard. After receipt of your objection, we will suspend the sending of e-mails immediately. This organization guarantees a virtually 100% conversion; however, the content of the subsequent advertising communication should definitely be restricted to information that is actually limited to the specifically booked trip. Information about the right of objection must be provided directly when the e-mail address is collected, i.e. at the point in time when the customer notifies the advertiser of his/her e-mail address. Existing customers who did not have their right of objection pointed out to them when they indicated their e-mail address, cannot thus have this pointed out to them subsequently by e-mail. Rather, they must be motivated to provide their e-mail address again and then have their right of objection pointed out to them. For this purpose, the customer can, for instance, be subsequently offered an additional service (possibly also for free), during the order of which the e-mail address is then to be given. However, the subsequent qualification is made more difficult by the fact that existing customers may not have the additional service pointed out to them by e-mail. Here, alternative forms of contact, for instance via the website, by mail or as part of transaction e-mails are to be selected. 2.11.Advertising in transaction e-mails Transaction e-mails are e-mails that a company sends as part of the fulfillment of a contract, for instance, order confirmations, dispatch confirmations or invoices. For such transaction e-mails, the sender does not of course require the consent of the addressees. From a marketing perspective, it lends itself to also advertise for other products and services of the sender in 17 eco Directive for Permissible e-Mail Marketing such transaction e-mails as advertising in transaction e-mails has above-average conversion rates. Section 7 of the Act Against Unfair Competition (UWG) for e-mail marketing have to be complied with. The major question here is: May transaction e-mails contain advertising if the addressee has not consented to the sending of advertising e-mails and if the requirements of the exception for e-mail marketing with existing customer relationships (cf. 2.10.) are also not met? 2.12.Feedback inquiries after purchase For advertising e-mails, the addressee‘s consent is required as an “unreasonable harassment” through unsolicited mass advertising is to be avoided. In the legislator‘s opinion, the “unreasonable harassment” lies in the addressee being forced to deal with every e-mail that he or she has received and to delete it if it is unsolicited advertising. However, this “unreasonable harassment” cannot exist at all with a transaction e-mail. The addressee receives the transaction e-mail, i.e. for example the dispatch confirmation, at any rate and has to deal with it, irrespective of whether this also contains advertising content as an accompanying measure or not. As long as it involves advertising content that merely accompanies transaction-related content (the focus is clearly on transaction content), this should not be an unreasonable harassment. However, the advertiser should also not go overboard with the advertising contained in transaction e-mails. If the transaction-related content is merely feigned in order to make an advertising e-mail supposedly permissible or if the transactionrelated content takes a complete back seat to the advertising, an advertising e-mail has to be assumed – and the specifications of 18 Customer feedback is extremely valuable for many companies to enable them to improve the products and services they offer and to adapt them to the requirements of the market. In addition, customer ratings are increasingly becoming the basis for purchase decisions. More and more suppliers are therefore sending e-mails out after a purchase has been made, with the request for a rating and feedback from the customer. Are, however, such feedback inquiries also permissible after purchase if the addressee has not consented to the sending of advertising e-mails and if the requirements of the exception for e-mail marketing with existing customer relationships (cf. above) are also not met? The decisive question here is whether feedback inquiries are advertising. The Coburg Regional Court answered this question in the negative with its decision dated February 2012. Accordingly, a one-off feedback inquiry is not advertising but predominantly “customer service that aims to help improve processes and eliminate defects.” Furthermore, feedback inquiries have since then also become common practice. The court therefore did not see consent by the addressee to advertising as being necessary. This ruling was strongly criticized, in part with good arguments. It is also not certain under any circumstances that other courts will decide exactly the same when it comes Guidelines for Practical Use 5th Edition 2014 down to it. You are therefore on the legally permissible side if you meet the formal requirements of the exception in e-mail marketing with existing customer relationships (cf. above). 3. Unsubscribing 3.1.Can e-mails be easily unsubscribed? Those who send advertising e-mails are obligated to give the recipients the opportunity to delete their names from the distribution list and to clearly point out this possibility (Section 28 para. 4 of the Federal Data Protection Act (BDSG), Section 7 para. 2 no. 4 of the Act Against Unfair Competition (UWG), Section 13 para. 2 no. 4 of the Telemedia Act (TMG), Section 13 para. 3 of the Telemedia Act (TMG)). The best variant is an unsubscribe link directly in the e-mail. After clicking on this link, the deletion must be done in a prompt manner. The information with regard to the unsubscribe option must already be available when consent is obtained. The legislator stipulates that the service provider gives the user the option of revoking his or her consent to the use of his/her data and/or his/her opt-in at any time (Section 13 of the Telemedia Act (TMG)). In addition, the legislator expressly demands that the information regarding this right must be given to the user as a mandatory measure before the declaration of the consent (Section 13 para. 3 Telemedia Act (TMG), Section 28 para. 4 of the Federal Data Protection Act (BDSG)). It is therefore not sufficient to place the information in a newsletter with an unsubscribe link. The legislator already demands corresponding information during registration. Irrespective of whether the consent has been generated via postcard/letter, fax, online, during personal contacts, by telephone, via SMS/MMS or any other communication channels. Ostensibly, this formal issue appears unimportant and rather self-evident. Particularly as the user is also alleviated of some of his/ her fear to give his or her consent “for always.” Nevertheless, not all companies by far succeed in meeting this requirement of the legislator. Because such information also generates trust, this opportunity should be used and the recipients given the assurance that they can unsubscribe to the newsletter at any time (with just one mouse click). Formulation examples: Y ou can conveniently unsubscribe to the newsletter at any time with a single click of the mouse. In every newsletter, we will offer you the possibility of terminating your subscription. E ach newsletter will contain an unsubscribe link via which you can independently delete your name from the distribution list again at any time. Y ou can object to the use of your data for advertising purposes at any time. The implementation of the objection to the further processing or usage of the contact data of a person concerned for advertising purposes must be done immediately in the 19 eco Directive for Permissible e-Mail Marketing respective company, Section 28 para. 4 sent. 1 of the Federal Data Protection Act (BDSG). Act (BDSG), Section 43 para. 3 of the Federal Data Protection Act (BDSG). The unsubscribe option must be given in each advertising e-mail. In order to carry out the timely notification regarding the right of objection, there are several possibilities, not all of which, how ever, are recommended. It is stipulated by law that an unsubscribe option must be made available in each advertising e-mail and reference must be made to it (Section 7 para. 2 no. 4 of the Act Against Unfair Competition (UWG), Section 7 para. 3 of the Act Against Unfair Competition, Section 13 para. 2 no. 4 of the Telemedia Act (TMG) and Section 28 para. 4 of the Federal Data Protection Act (BDSG). Section 28 para. 4 of the Federal Data Protection Act (BDSG) is worded as follows: If the person concerned files an objection to the responsible organization regarding the processing or usage of his or her data for purposes of advertising or market or opinion research, a processing or usage for these purposes is not permissible. When approached for advertising purposes, the person concerned is to be informed […] about the organization responsible and about the right of objection […]; In plain text: The (subsequent) recipient must have his or her right of objection pointed out to him/her. As soon as he or she announces that he or she would not like to receive any further e-mails from the sending company, it must be ensured that he or she is promptly excluded from future mailings. The breach against an objection pursuant to Section 28 para. 4 of the Federal Data Protection Act (BDSG) can be prosecuted with a fine of up to EUR 300,000 (Section 43 para. 2 no. 5b of the Federal Data Protection 20 The best way because it is the most userfriendly is the integration of an unsubscribe link in each e-mail sent. In most cases, this link is at the very bottom of the e-mail. An example: If you no longer want to receive our news letter, simply click here: Unsubscribe to newsletter Any good e-mail marketing software offers a corresponding functionality that ensures that every user who clicks on this link automatically does not receive any further e-mails. After clicking on the link, the user should land on a page on which the deletion from the distribution list is confirmed. A formulation example: We have deleted you from our distribution list. You will not receive any further e-mails from us. It is not necessary to confirm the unsubscribe to the user by e-mail. Rather, it is the case that this additional e-mail in extreme cases can already be understood by the user as an unreasonable harassment as he or she has just withdrawn his or her consent to the advertising company sending him or her further e-mails. Guidelines for Practical Use 5th Edition 2014 Processes that make it more difficult for the user to unsubscribe, such as the so-called “double opt-out” in which the user receives an e-mail after he or she has unsubscribed and is asked to confirm the unsubscribe by clicking on a link, should not be used in any case. Experience shows that a not-to-be-underestimated percentage of users does not click on this link: Perhaps precisely this e-mail got caught in the spam filter by mistake, or the user thought the e-mail was nothing but a confirmation of the unsubscribe, without reading it in more detail – there are many possible reasons. The fact is only that the user in this case will continue to receive the respective newsletter. This leads very quickly to the user getting annoyed – not really what you actually want to achieve with a newsletter. Some e-mail marketing systems do not offer the use of automatic unsubscribe links. The unsubscribe is implemented by e-mail in this case. There are two common variants. Example variant 1: To unsubscribe to our newsletter, reply to this e-mail and write “unsubscribe” in the subject line. Example variant 2: If you do not want to receive any other e-mails from us, please send an empty e-mail to unsubscribe-635094235835@companyname.com In both cases, the e-mail marketing soft ware analyzes the incoming e-mails and deletes the corresponding recipients from the distribution list. Unsubscribes by e-mail are also used for the so-called “list unsubscribe.” Unfortunately, this is not yet standard and thus only a few e-mail program and web mailers currently offer their users this additional service. The way it works is pretty straightforward. The sender not only integrates the unsubscribe link in the content of its newsletter, but also stores it additionally in the e-mail header. The e-mail program or the web mailer then provides an extra button for unsubscribing. If the recipient clicks on it, an e-mail is automatically sent in the background to an e-mail address provided by the sender for this purpose and the newsletter is unsubscribed. Advantage of this variant: The “unsubscribe” button has a fixed place in the e-mail program and applies to newsletters of all senders who support the “list unsubscribe” method. A search for the unsubscribe link in the newsletter is thus no longer necessary. In addition, there must be the possibility of also correctly processing unsubscribes via other means. If a user therefore sends an informal e-mail in which he or she asks to be deleted from the distribution list, it should be guaranteed that this inquiry is read and processed promptly. Companies who are in contact with their customers via a call center or hotline must ensure that unsubscribes that are received over the phone are processed promptly and are not simply “lost.” The variant of also offering an unsubscribe form on the website in addition to the subscribe form and in which the user enters his or her e-mail address is not to be 21 eco Directive for Permissible e-Mail Marketing recommended (or is at best suitable as a supplement). Reason: Many users have their e-mails redirected from one e-mail account to another and in cases of doubt, no longer know which of their various e-mail addresses they used to subscribe. Some users will therefore be unable to unsubscribe, which harbors potential for frustration. However, it could be even worse. An example: In order to unsubscribe to the xyz newsletter, please log in with your user name and password under www.xyz.com. Then access the area “My profile” and remove the tick next to “Newsletter” in the section “E-mail settings.” Such a procedure is firstly complicated and secondly there is a high probability that a not-to-be-underestimated percentage of the users have already long forgotten their original registration data. Checklist ✔ Was the unsubscribe option pointed out when consent was given? ■ Yes ■ No ✔ Is reference made on all online and offline forms to the unsubscribe option? ■ Yes ■ No ✔ Does each commercial e-mail sent contain an unsubscribe option? ■ Yes ■ No ✔ Is the unsubscribe directly possible (without double opt-out or mandatory login)? ■ Yes ■ No ✔ Is the address deleted promptly from the distribution list after unsubscribing? ■ Yes ■ No 22 ✔ Is it ensured that cancellations received via other channels are also handled promptly? ■ Yes ■ No 3.2.Are inquiries and complaints responded to? E-mail advertising is dialog marketing. It is therefore particularly important that inquiries and complaints are answered quickly. Particularly because e-mail marketing is such a fast medium, companies should not allow themselves any negligence here. Twenty-four hours are usual. People who make complaints or give feedback fundamentally have a great interest in the company: W hen complaints are recorded and processed properly, they can even be turned into their opposite (goal: satisfied customer). F eedback of any kind also always helps an improvement process – what is done well at the company, what is done less well? F eedback can pave the way for specific business: Particularly with e-mails, many people are used to simply pressing “Reply.” A company should not waste this opportunity for dialog. Responses to e-mailings are received by a company via several channels: 1. With every e-mailing, there are returns – holiday announcements and other auto responders (e.g. “I have changed departments, Mr. Miller is now responsible”), Guidelines for Practical Use 5th Edition 2014 notifications of undelivered messages, confirmations of receipt, “genuine” replies, etc. 2. “Genuine” e-mail responses that are received via the published support e-mail address. 3. Responses by other means, such as telephone, fax, letter, or lawyer. Virtually all modern e-mail marketing systems filter holiday announcements, bounces, etc. out automatically and process these e-mails further (e.g. bounces are blocked from further mailings). The challenge in this case is to filter “genuine” responses. This can be done manually or automatically. Under no circumstances may the content of the mailbox be simply deleted for the “reply to” address. The “genuine” responses filtered in this way can now be processed in exactly the same way as the responses that are received via the normal support e-mail addresses. Text components that provide answers to the usual standard questions are recommended. In order to make the processes of answering several 10,000 e-mails in places manageable within a short period of time, there are special response management systems. It is a philosophy matter whether to give preference to fully automatic systems with “artificial intelligence” or more to “rule-based systems” that support the call center agents but do not replace them. As a rule, customers tend to react testily when they receive a response that has (apparently) been generated automatically. The more precisely the subject of the question is addressed, the more likely the customer is to be satisfied. In rarer cases, recipients use communication possibilities other than e-mail. In this case, they primarily use the telephone. It is decisive that the call center agents have access to the e-mail database so as to at least be able to definitively answer the most important questions (“Where did you get my address from?”, “Please do not send me any further e-mails!”). In both cases (the electronic feedback and the feedback by other means), it is decisive that the processes for responses and complaints are defined and documented. The speed of the response is of particular importance – with the fast medium of e-mail the expectation is 24 hours. Checklist ✔ Is a support address given in the e-mail which can be contacted by e-mail or by telephone? ■ Yes ■ No ✔ Is it ensured that the sender/ “reply to” address works and that messages addressed to it do not land in “cyberspace”? ■ Yes ■ No ✔A re e-mail returns to the sender‘s address automatically filtered and adjusted to reflect bounces / holiday notifications? ■ Yes ■ No ✔A re “genuine” e-mail returns reviewed and either answered directly or forwarded to the corresponding departments on a continuous basis by an AI system or an employee? ■ Yes ■ No ✔D oes the call center have access to the e-mail database, e.g. in order to block addresses immediately? ■ Yes ■ No 23 eco Directive for Permissible e-Mail Marketing ✔ Is the call center informed about the outgoing e-mails? ■ Yes ■ No ✔A re there checklists and procedures on how “critical” cases are to be handled? ■ Yes ■ No ✔A re there analyses on response time and quality / satisfaction with response? ■ Yes ■ No ✔ Is a demanding benchmark complied with for the answering of inquiries / complaints (twenty-four hours are usual.)? ■ Yes ■ No 4. Design of the content 4.1. Is the subject not misleading? The subject should be brief and informative and reflect the content of the message. The recipient can thus recognize the context of the e-mail quickly based on the subject line. A concise statement also makes clear that it is not an automatically generated message. In particular, the subject line may not be formulated in such a way that the recipient does not have any or an incorrect idea of the commercial character of the e-mail (Section 6 para. 2 of the Telemedia Act (TMG)). The subject may not make any false promises (“profit notification” / “credit note”) or (false) threats (“criminal proceedings due to breaches of copyright” / “last reminder”). The subject is brief and concise is associated with the text d oes not conceal the commercial nature of the e-mail 24 d oes not have any typical spam words, capital letters or special characters In addition to the sender, the first thing that the reader sees before he or she opens the e-mail is the subject line. The recipient of an e-mail normally decides based on the subject line whether the topic is interesting for him/her or whether the e-mail is deleted unread. The subject line has the task of making the recipient curious. It therefore needs to be kept brief and concise. Where possible, upto-date, practice-oriented or entertaining statements should be used to give the reader maximum incentive to open the e-mail. However, it should be ensured that the text of the e-mail takes up the content of the subject line and that no false promises are made: According to the statutory specifications, the topic announced in the subject line should also be the content of the newsletter. The subject should include a clear and precise statement about what topic awaits the recipient; in other words, the statement should not be concealed. A sender who when sending out its marketing-oriented e-mails conceals their true content in the subject line exposes itself to the risk of a warning by competitors and a fine (Section 6 para. 2 in conjunction with Section 16 para. 1 of the Telemedia Act (TMG). If corresponding data are available, the e-mail recipient can already be addressed by name in the subject line to give the e-mail a personal touch. In addition, the subject can and should be changed with each issue; nothing is more boring than: “Your newsletter dated dd.mm.yyyy, issue 437.” Guidelines for Practical Use 5th Edition 2014 However, sensationalist formulations should be avoided where possible, otherwise the e-mail may be classified as advertising or land in the spam filter. Many systems work in automated form - they try to detect spam based on certain formal features, in other words, e.g. by certain keywords in the text. So as not to be caught up in the grid of a spam filter algorithm, words or word components that are predestined to be automatically filtered out beforehand should be avoided at all cost. Typical spam filters, such as the widely used SpamAssassin, use so-called Bayesian filters, i.e. they analyze word frequencies in e-mails. The filter methods are continuously being developed further and today take into account very much more specific information, such as word combinations (Markow filter) or information in the header of the e-mail. Large ISPs also use the statistical possibilities that arise from the overall overview of large quantities of e-mail accounts, such as for instance the spam marking quota, or different methods for s ender authentication, such as sender ID or DomainKeys Identified Mail (DKIM). Another current trend is the introduction of engagement filtering, i.e. the automated separation of important and unimportant e-mail communication (e.g. sorted incoming e-mail with Google Mail). (“complimentary”), “kostenlos” (“free of charge”), “Geld” (“money”), or “Glücksspiel” (“competition”) could also already be critical. Typical spam words are deemed to be for instance: “porn”, “sex”, “offer”, “viagra”, “free” etc. Although the spam filters have “learned” a lot over the last few years, it cannot be ruled out that there is still filtering according to word components. ✔ Is it guaranteed that the subject does For e-mail marketers, this means: U se where possible of all technical measures to authenticate the sender D ifferentiation from spam with regard to content and design: Avoidance of excessively sensationalist spam keywords; no e-mails that have virtually no text and only consist of a picture E asy option of unsubscribing or configuring the newsletter subscription C ritical review of the activity of an e-mail distribution list; consistent removal of inactive recipients In this context, e-mails should also only be sent via reputable mail servers, i.e. either via the company‘s own mail server or via that of a recognized e-mail service provider - ideally via a CSA-certified sender (more on this in this booklet in the chapter “Certified Senders Alliance”). Checklist ✔ Is the subject brief and concise? ■ Yes ■ No ✔ Is the subject connected with the text? ■ Yes ■ No not conceal or dissimulate the advertising nature of the message? ■ Yes ■ No ✔ Is the use of typical spam words dispensed with in the subject line? ■ Yes ■ No Caution is also advised with German terms. For instance, words such as “umsonst” 25 eco Directive for Permissible e-Mail Marketing ✔ Is the use of capital letters or special characters dispensed with in the subject line? ■ Yes ■ No ✔A re test accounts used to check the delivery? ■ Yes ■ No ✔ Is a reputable e-mail service provider used to send out the e-mail? ■ Yes ■ No 4.2.Is the sender clearly discernible? The most important rule is a clearly dis cernible sender address. The reader should always be able to discern from the sender of an e-mail address who sent him or her this e-mail. The information regarding the sender is freely configurable in virtually all programs. It is impermissible to design the sender information in such a way that the recipient does not have any, or only misleading, information about the actual sender (Section 6 para. 2 of the Telemedia Act (TMG)). The sender is clearly discernible c ontains the name of a product, company or person c an be reached at any time 26 In the choice of the sender name, it should first be ensured that the viewer is not misled with regard to the sender‘s identity. Dis regard for this requirement stipulated by law is an offense and can, in addition to a warning from competitors, result in the imposing of a fine (Section 6 para. 2 in conjunction with Section 16 para. 1 of the Telemedia Act ((TMG)). The following applies also in the selection of the sender name: The more similar the sender is to a typical spam e-mail, the more likely that the e-mail is classified as such. Addresses such as lucie12347@freenet.com are frequently used by spammers; clearly assignable addresses, such as newsletter@ company.com or firstname.surname@company.com, are usually reputable. In addition, 12345@I-send-news.com does not particularly generate trust among potential customers and has a low recognition value as well. However, addresses, such as the frequently used noreply@companyname.com, are also to be avoided. Here, the company is unmistakably named in the global component (companyname.com) of the address; however, it is also made unmistakably clear to the recipient in the local component (noreply) that he or she does not have to reply to this e-mail at all. Consequently, either product names (e.g. Nivea) or company names (e.g. Post-AG), in certain cases also names of individuals if the name (e.g. Bill Gates) is known and familiar to the clients, or names of individuals in combination with the company name are recommended as sender addresses. Another point that should be noted is the recipient list: An e-mail should always only be sent to one person; a recipient list as cc is not advisable and should also not be visible in the so-called header. However, the last thing that should be taken into account is that the choice of sender can result in a breach of third-party label rights (in particular trademark and rights Guidelines for Practical Use 5th Edition 2014 to names). Such cases are also regularly misleading. Checklist ✔ Is the sender clearly discernible? ■ Yes ■ No ✔ Is the name of a product/company/ person used? ■ Yes ■ No ✔ Is there a recognition value? ■ Yes ■ No ✔C an the sender address be reached (noreply)? ■ Yes ■ No ✔ Is a recipient list indicated? ■ Yes ■ No 4.3.Is the legal notice complete? The legal notice is an indication of origin specified in any kind of publication that includes certain information about – in this case – the sender. For telemedia services, service providers must keep this information easily discernible, directly accessible, and constantly available (Section 5 para. 1 Telemedia Act (TMG), Section 55 Interstate Broadcasting Treaty (RStV). In Germany, Section 5 para. 1 of the Tele media Act (TMG) and Section 55 of the Interstate Broadcasting Treaty (RStV) stipulate that each business-related service on the Internet must contain a legal notice. This also applies to advertising e-mails. A user should thus learn by easy means whom he or she is dealing with. The necessary minimum information in the legal notice is: N ame of the sender, if applicable company name A uthorized representatives (in the case of legal entities) P ostal address at which the sender can be summoned (no P.O. box) T elephone and, if applicable, fax number or electronic contact form E -mail address C ommercial, cooperative, association, or partnership register number N aming of the publisher (responsible party pursuant to press law) or person responsible for the content and, with legal entities, that of the authorized representative If available: VAT identification number and/or business identification number The legislator also demands that the corresponding information is e asily discernible, d irectly accessible, and p ermanently available. In detail, the laws only stipulate the necessary information but not their formulation: As a fundamental rule, therefore, you have the choice whether the legal notice is attached to the newsletter in full or whether only a link is sent which leads to a website with stored mandatory information but which also has to be clearly marked, easily visible, and above all functional. With both options, the position can be freely selected within the e-mail, although the mandatory information may not be lost, or even “hidden”, in any case in the midst of other information. A disadvantage of a legal notice that is only reachable via a link can be the lack of trust: for fear of spam, 27 eco Directive for Permissible e-Mail Marketing the link is not clicked. Many spam e-mails also contain a link to a legal notice, without there being one connected to it. It is generally advised not to click on links in spam e-mails. Consequently, a fully written-out legal notice is an important feature of reputable e-mails. In addition to the so-called legal notice, the mandatory information under commercial and company law must also be taken into account for e-mails. Whether and which information is necessary is determined according to commercial and corporate law. For joint stock corporations (AG), for instance, other mandatory information applies as for the sole proprietor or the limited liability company (GmbH). In all cases, the decisive factor is that it is a business letter. This cannot be determined in general terms for advertising e-mails. For depending on the design and personalization, an advertising e-mail could also be classified as a business letter. If there is an obligation to provide this information, a link to the Internet site should not be sufficient. These regulations had been the focus of discussions in January 2007 because the legislator clarified that the provisions under commercial and corporate law also apply to e-mails; this clarification was the subject of hefty discussions under the keyword “EHUG.” 28 Sample legal notice Anycompany Ltd Represented by the managing director John Anyman 1 Any Street Anytown, AB 12345 E-mail: sample@sample.com Phone: 0123-45 67 89 Fax: 0123-65 43 21 VAT ID: DE 123456789 Sample Local Court, HRB 1234 Published by the Sample Communication division Checklist ✔A re the name of the sender, company name if applicable, indicated? ■ Yes ■ No ✔A re the authorized representatives indicated in the case of legal entities? ■ Yes ■ No ✔ Is a clear postal address indicated? ■ Yes ■ No ✔ Is a telephone and a fax number if applicable or contact form indicated? ■ Yes ■ No ✔ Is there an e-mail address? ■ Yes ■ No ✔ Is the publisher named? ■ Yes ■ No ✔ Indication of the commercial, cooperative, association, or partnership register number? ■ Yes ■ No ✔ Is the VAT identification number indicated? ■ Yes ■ No ✔ Is the legal notice directly available even without clicking on a link? ■ Yes ■ No Guidelines for Practical Use 5th Edition 2014 5.Contract data processing – what needs to be noted If an e-mail marketing company provides its customers with technical services (e.g. data hosting and database services) as an application service provider (ASP) for the drafting, implementation, administration, and analysis of personalized marketing measures, the regulations regarding contract data processing pursuant to Section 11 of the Federal Data Protection Act (BDSG) are to be complied with. As of 01.09.2009, new provisions regarding contract data processing entered into force in the course of the amendment to the Federal Data Protection Act (BDSG). Through the redesign of Section 11 para. 2 of the Federal Data Protection Act (BDSG), according to the grounds for the law, “the statutory requirements of the contract design should be easier to discern in order to ensure greater legal certainty for the contractors and clients and supervisory authorities involved.” In addition, the client (customer) must now be convinced for the first time “before the start of the data processing and then regularly” of the compliance of the technical and organizational security measures taken by the contractor (ASP) pursuant to Section 9 of the Federal Data Protection Act (BDSG) and Appendix. The result of this review is to be documented. The following points are to be noted by the contractor and client in contract data processing: (1)The client remains the responsible party. (2)A careful selection of the contractor is necessary. (3)Written award of contract and detailed statements are mandatory. The minimum requirements for the content of a written agreement regarding contract data processing are specified by law in Section 11 para. 2 no. 1 to 10 of the Federal Data Protection Act (BDSG). (4)Control obligation on the part of the client is stipulated. (5)Documentation and implementation of the technical and organizational measures for data protection and data security pursuant to Section 9 sent. 1 of the Federal Data Protection Act (BDSG) and Appendix. There, the eight types of control (e.g. access control, forwarding control, availability control, etc.) to ensure data protection and data security are defined. (6)The client should have appointed a data protection officer pursuant to Section 4f of the Federal Data Protection Act (BDSG). This obligation applies to address trading companies and market and opinion research institutes irrespective of the number of persons employed there (Section 4f para. 1 sent. 6 of the Federal Data Protection Act (BDSG). It should be noted in particular that the commencement of the contract data processing is not sufficient. The legislator makes provision for a special agreement for each order. 29 eco Directive for Permissible e-Mail Marketing If an order is issued incorrectly, incompletely, or not in the specified manner or if the client is not convinced before the start of the data processing of the compliance of the technical and organizational measures taken by the contractor, the client can have a fine of up to EUR 50,000 imposed on it pursuant to Section 43 para. 1 no. 2b in conjunction with Section 43 para. 3 of the Federal Data Protection Act (BDSG). Checklist ✔W as there a careful selection of the ASP, taking into account the technical and organizational measures planned by it? ■ Yes ■ No ✔D oes the ASP have a data protection and data security concept? ■ Yes ■ No ✔D oes the data protection and data security concept meet the requirements of Section 9 of the Federal Data Protection Act (BDSG) in addition to its Appendix and the technical and organizational measures defined therein for the provision of data protection and data security? ■ Yes ■ No ✔D oes the ASP have a data protection officer and are his/her contact details known? ■ Yes ■ No ✔H ave the employees of the ASP been obligated to data security pursuant to Section 5 of the Federal Data Protection Act (BDSG) and have they been informed and trained with regard to compliance with data protection and data security? ■ Yes ■ No ✔H as a written contract been concluded for contract data processing? ■ Yes ■ No 30 ✔D oes this contract correspond to the data protection law requirements and in particular to the content requirements of Section 11 of the Federal Data Protection Act (BDSG)? ■ Yes ■ No ✔A re there regular documented checks of the implementation and the compliance with the agreed technical and organizational measures to provide data protection and data security? ■ Yes ■ No 6.Sample cases for permissible optimization in e-mail marketing 6.1.Statistical analysis and measurement of user behavior: Usage profiles One of the most decisive benefits of digital marketing is the measurability of recipient reactions. For instance, it can be traced relatively easily in e-mail marketing whether (and by whom) e-mails or links are clicked on (and of course also which ones). Intelligent marketing campaigns with manageable cost can thus be automated, e.g. by writing to recipients again who did not reply to a certain e-mail. To begin with: The measurement of performance indicators (such as opening and click rate) does not require any express consent from the user as long as the response data determined are anonymous, i.e. do not permit any inference with regard to the identity of the individual recipient. Pseudonymous measurement (in other words “anonymous with inference option”) is possible until revocation by the individual (Section 15 Guidelines for Practical Use 5th Edition 2014 para. 3 of the Telecommunications Act (TMG)) but the pseudonymous data may then not be merged with data about the identity of the tracked persons, either currently or later. Pseudonymous form does not therefore offer any practical benefit. Obstacles with personal tracking Technically, personal tracking is relatively easy to implement but in Germany it entails data protection law obstacles. As soon as personal data are to be used, the submission of a corresponding consent is required. Examples of personal data of a recipient in tracking are whether and when he or she h as opened a certain e-mail, h as clicked on any or a certain link, h as visited the linked website via a newsletter and what pages he or she visited, h as purchased an advertised product or (and where or when) canceled the purchased product. The list can be extended as required. The fundamental criterion is whether the individual person (at reasonable cost) can be identified (then personally) or not (then as a pseudonym or anonymously). With some details (e.g. the information which e-mails were sent to a certain recipient), the personal link is disputed with the argument that these are not details about the person but rather about the advertising company. In cases of doubt, the advice of an expert should be sought. The valid declaration of consent to personal tracking Usually, the consent to personal tracking will be given in electronic form, e.g. in connection with an online subscription to a newsletter. In principle, the same requirements apply to the validity of this declaration as to the consent to the newsletter. It should be noted that this consent must be given separately from the consent to the newsletter subscription (a check box may not be pre-clicked here either). In addition, the consent text used (as with the consent to the newsletter, too) must be clear and easy to understand. The consenting party must be able to revoke at any time and be informed how he or she can do so (Section 13 para. 2 and 3 of the Telecommunications Act (TMG)). Consent texts hidden in the “General Terms and Conditions of Business” or in “data protection information” are advised against; there, they not only have to be particularly highlighted (Section 28 para. 3a sent. 2 of the Federal Data Protection Act (BDSG)), they can also be invalid nevertheless for various reasons (particularly surprise and inappropriate disadvantage (Sections 305c, 307 of the German Civil Code (BGB)). What a declaration of consent to personal tracking can look like The text that can be used in addition to the consent to the newsletter could be roughly formulated as follows: ■ ” Yes, I am in agreement that X GmbH sends me advertising e-mails. I can revoke this consent at any time by clicking on “unsubscribe” which I will find in every advertising e-mail. 31 eco Directive for Permissible e-Mail Marketing ■ I also permit X GmbH to track my e-mail click behavior in order to provide me with offers and content that match my click behavior. I can revoke the consent to personal click tracking by sending an e-mail with the subject “Revoke” to noclicktracking@xgmbh-domain.com.” Caution: W ith this separation, you need a separate revoking procedure for the click tracking. Otherwise, you run the risk that a revocation of the click tracking also cancels the consent to the sending of e-mail. H ere, you see a check box only for the click tracking. This is correct because this part is offered as an option. In this case, the click tracking makes no sense without the sending of e-mails. Persons who have only given the newsletter opt-in but not the express consent with regard to data protection, can receive e-mails but may not be profiled with behavioral data such as openings or clicks. Here, it is to be guaranteed with technical means that the data processing in the e-mail marketing system can clearly differentiate between persons who have agreed to personal profiling and those who have not agreed to it. Checklist ✔ Do you need and do you have consent for personal tracking? ✔ Does your declaration of consent have 32 transparent answers to “who”, can do “what,” “how,” and “for what? ✔ Do you inform the consenting party that and how he or she can revoke his or her consent? ✔ If you had to, could you prove the consent from each individual subscriber? 6.2.Performance increase in e-mail marketing: Legal opportunities and boundaries Transparency in the registration process for greater customer satisfaction and improved response Many companies still try to tempt and retain their customers and newsletter subscribers with a non-transparent subscribe and unsubscribe process. However, complex processes are not only impermissible under data protection law, they also result in great dissatisfaction among recipients. Ever more often, such senders are being marked as spam, by the e-mail provider itself as well, or deleted by the recipients without being read. This then results in a lower response and difficult-to-refinance costs for the generation of leads. The principles of active consent and voluntary nature, established in legal text, are therefore not only decelerating regulations for advertising companies, they also equally ensure the protection of the consumer and effectiveness in e-mail communication. There are many ways of increasing transparency in e-mail marketing. These include not only the clear communication of the newsletter offering (what is sent how often) but also the option of facilitating subscribing and unsubscribing at any time with few obstacles. In particular for companies with several newsletters, it lends itself to manage the registration process via a single administration page. The reader can conveniently Guidelines for Practical Use 5th Edition 2014 manage his or her subscriptions via this page. Via different tabs, he or she can change to the respective subscription or subscribe or unsubscribe to it. The basic settings, such as name, address, and e-mail address are managed in the header part of the page. There is also the possibility here of activating a holiday function. The entire e-mail delivery can be interrupted for a freely selectable period of time. There are diverse options for individualization and personalization in e-mail marketing. For example, newsletters can be adapted to the precise interests of the subscribers through individualization of the content. Themed articles are prioritized according to the click frequency. The more often a reader therefore clicks on an article in a section, the further up the thematic block appears in the next mailing. This page is accessible via the corresponding Internet page and via the link necessary pursuant to Section 7 para. 2 no. 4 of the Act Against Unfair Competition (UWG) for unsubscribing in each e-mail. Such an administration page ensures with transparency and user friendliness greater satisfaction for the reader, greater involvement, and thus results in higher response rates. In addition, enormous cross-selling effects are realized through the overview of all newsletters offered, meaning that new services are also advertised and new subscribers can be acquired without additional costs. Thanks to this approach, a renowned media group was able to acquire 1400 readers in 4 months for a new newsletter and achieved on average an opening rate of 48% and a click rate of 13%. In addition, the number of average subscriptions per recipient was increased from 1.37 to 2.03 (+48%). Nürburgring Automotive GmbH has already used this possibility of profiling and content individualization. All links of the regular newsletter are endowed with tags that reflect the topic of the article, e.g. [motorsport]. With the help of the tags, anonymous interest profiles were created over a lengthy period of time. Those who click more frequently in the motorsports articles offered, apparently have a measurably higher interest in motorsports. The newsletter is then created once with all its articles; the articles are only assigned the individual themed categories (e.g. motorsports or tourist trip). The template automatically compiles the individual newsletter; each contains the same articles, only their order depends on the individual interest. Those who are most interested in motorsports will receive the motorsports articles with priority. Greater relevance through individualization Relevance is always one of the most important factors in online marketing. The more individual and useful an e-mail is, the most interesting it is for the recipient. The probability of a purchase is correspondingly higher. 33 eco Directive for Permissible e-Mail Marketing Driving experience Depending on themed category, Nürburgring Automotive GmbH thus achieved a click rate that was up to 74% higher. The content thus actually became substantially more relevant and wastage was reduced. Of course, the possibilities of profiling and individualization depend on how much information is available about the recipient. As this information is mostly personal data, the legislation makes provision for some regulations here. The use of click frequencies for the personal prioritization of content pursuant to Section 15 para. 3 of the Telemedia Act (TMG) is only legally permissible if either the recipient has consented to the saving of the click profile, or this was collected in anonymous form or with a pseudonym and was not merged with recipient data (see also previous section). During the collection of his or her data, the person concerned was informed about his or her right of objection pursuant to Section 13 para. 2 no. 4 of the Telemedia Act (TMG) and pursuant to Section 94 no. 4 of the Telecommunications Act (TKG). In the case of anonymous analysis, no consent under data protection law is required as in this case it does not involve personal data. Conclusion The starting point for a high-performance e-mail campaign is first of all a wellmaintained database. Subscribe and unsubscribe processes must be designed in a transparent manner in order to avoid inactive addresses and retain the subscribers in the long term through a high degree of customer satisfaction. However, in order to generate not only high opening rates but also further response, the sender has to be relevant. In addition to useful content, this particularly includes a high degree of individualization for the satisfaction of personal requirements. Maximum efficiency in e-mail communication is 34 Guidelines for Practical Use 5th Edition 2014 also reached through automation of processes. This makes e-mail marketing professional and successful. 7.What needs to be noted in other countries in e-mail marketing 7.1.The legal aspects in Switzerland Whereas the sending of advertising e-mails has long been strictly regulated in the EU and particularly in Germany, the Swiss legislator did not create corresponding specific statutory bases until 2007. These regulations are firstly to be found in the Act Against Unfair Competition (UWG, Art. 3 ), and secondly in the Telecommunications Act (FMG, Art. 45a). The Act Against Unfair Competition (UWG) fundamentally regulates the conditions for the sending of commercial e-mails. The Telecommunications Act (FMG) records which measures the telecommunications provider has to take to combat spam. Since recently, the state itself (State Secretariat for Economic Affairs, SECO, www. seco.admin.ch) can also take measures against spammers at home and abroad if enough people complain. However, the Swiss regulations are by far less detailed as e.g. the German ones and therefore leaves more room for interpretation. What is really permitted now, and what isn‘t? Mailing of advertising e-mails to non-customers The “mass mailing of advertising via the Internet or telecommunication services” is legally permissible if the following requirements are met: B efore receiving the e-mail, the recipient has given his or her express consent (optin principle), whereby the consent may not be obtained via telecommunications media, such as e-mail, SMS, or fax (see also “registration methods”). T he sender is clearly recognizable. Its address is correctly given; its identity is not hidden or falsified. E ach advertising e-mail contains a clearly discernible, free-of-charge, and simple unsubscribe option (opt-out principle, e.g. unsubscribe link with confirmation of unsubscribe, possibly link to online unsubscribe form). Mailing of advertising e-mails to existing customers The mailing of advertising e-mails is also permitted if the recipients are the company‘s own existing customers. Recipients are deemed to be “own existing customers” if the following conditions are met: T here is a commercial relationship to the recipient (the customer has already purchased a service / a product). T here is a link between the service purchased at a particular time and the service advertised (advertising of comparable products or services). N o third-party services are advertised. 35 eco Directive for Permissible e-Mail Marketing With the mailing of advertising e-mails to existing customers, the sender must be clearly discernible, and each e-mail must contain an easy-to-find, free-of-charge unsubscribe option (see above). Methods of registration In order to comply with the opt-in principle, there are the following online registration methods in e-mail marketing: S ingle opt-in: The subscriber registers online expressly by clicking on a corresponding check box and entering his or her e-mail address (and possibly further data). The registration is merely confirmed to him/her on a following page of the registration page. This method of registration is fundamentally advised against. C onfirmed opt-in: The subscriber registers online expressly by clicking on a corresponding check box and entering his or her e-mail address (and possibly further data). The registration is firstly confirmed on the following page and secondly re-confirmed by e-mail. Confirmed opt-in is the usual and most prevalent registration method in Switzerland. D ouble opt-in: The subscriber registers online expressly by clicking on a corresponding check box and entering his or her e-mail address (and possibly further data). The new subscriber immediately receives an e-mail with a reconfirmation link. The registration is not deemed to be completed until the subscriber has clicked on the confirmation link. Due to its clear transparency, double optin is the only recommended method of registration. 36 The Swiss legislator has refrained from regulating the form and provability of the registration; the sender is therefore fundamentally free to choose one of the registration methods described above in order to collect the subscriber data. The only mandatory requirement is that the recipient “expressly” gives its consent. The registration may therefore not be implicitly accompanied by another consent, e.g. consent to the General Terms and Conditions of Business (T&Cs). Most Swiss companies use “confirmed optin” as the method of registration. The disadvantage of this registration method is the lack of provability that the subscriber has really registered himself/herself for the receipt of the e-mails. The same applies for the collection of offline registrations (e.g. at trade fairs, by telephone, or via physical registration forms in the sales store); there is no regulation that stipulates the provability and storage obligation of offline registrations. Purchased addresses do not comply with the opt-in principle Conversely from the previous statements, the answer to a frequently asked question arises: “Is it permitted to send e-mails to purchased / rented addresses?” The answer is “not usually.” Purchased addresses are firstly not existing customers, and secondly the principle of express consent does not apply either in most cases. The recipient can only give his or her express consent if at the time the consent is given, he or she knows who will send him or her which information in the future. Guidelines for Practical Use 5th Edition 2014 E-mail addresses that are offered for rent or purchase are normally collected via unspecific competitions or surveys. When entering his or her e-mail address, the user then agrees that his or her data “may be used by the commissioned service providers for market research, target group and customer profile analyses, and advertising.” However, this description does not in any way correspond to an express consent as the user at the time of his or her subscription is not familiar with the advertisers summarized under “commissioned service providers” or their products. We expressly issue a warning here against the purchase or rental of e-mail addresses. Here, it is also worth considering that readers who receive an e-mail because they gave their consent to the usage of the data a long time ago via an unspecific survey, will tend to react negatively from the outset to e-mails that they are not expecting. Caution: Market place principle As already mentioned, Swiss legislation is less detailed than that of Germany. It is therefore comprehensible that most Swiss companies do not heed the more detailed foreign specifications. However, there is a not entirely harmless drawback that Swiss companies should be aware of: If a Swiss company sends e-mails to recipients abroad, it is fundamentally subject to foreign (and thus mostly more detailed) law pursuant to the principle of “market place principle.” What does the term “market place principle” mean? The market place is the place at which influence is to be exerted on the recipient from a marketing perspective. Indications of the market place are: C ountry code of the e-mail address, L anguage of the e-mail, C ountry reference of the advertised product (e.g. German Internet sites) If the definition above is strictly applied, it must be assumed with subscribers for a German-language newsletter that they can also come from Germany. As a mandatory field during registration, only the e-mail address can thus be collected, and the company is obligated to be able to prove the registration – irrespective of whether it was completed offline or online – in a credible and seamless manner. Of course, factors, such as the size of the advertising company and the question of whether the company operates at a regional, national, or even international level, play a major role in the question regarding the importance of this regulation. With a purely locally active small company, it is therefore probably only to be assumed in the rarest of cases that customers from Germany subscribe to the newsletter, then “forget” it, and subsequently complain about the unsolicited sending of e-mails. However, every company that wants to use the benefits of e-mail as a medium to acquire and retain customers should consider in detail whether it wants to “only” be right at the limit of the statutory specifications with regard to its communication 37 eco Directive for Permissible e-Mail Marketing policy, or whether the fundamentally positive agreement with (potential) customers should set the signal for the communication instead. Those who willfully commit unfair competition pursuant to Article 3 of the Act Against Unfair Competition (UWG) will on request be punished with a custodial sentence of up to three years or with imprisonment or with a fine of up to CHF 100,000. (Art. 23 of the Act Against Unfair Competition (UWG)). However, to date there has been no legally binding ruling in Switzerland in this regard. It is only important what is the law Much more serious than the fact that the implementation of the still relatively young Swiss spam law is more theory than practice is the fact that (potential) customers who feel “spammed” demonstrably and very quickly develop a defensive attitude towards the advertising company. Therefore, it is indeed recommended for Swiss companies that they comply with the substantially more detailed legal bases in Germany and the double opt-in procedure; this firstly ensures that all subscribers, whether they come from Switzerland or neighboring countries, are written to in a legally compliant manner. Secondly, the recipient base may possibly remain slightly smaller due to the use of the double opt-in registration method, but really only includes the readers who are really interested in the sender‘s offer and will also react accordingly to its e-mails. 38 The following checklist shows which conditions a company must meet in the mailing of marketing e-mails in Switzerland, and which it also is advised to meet voluntarily. The checklist is not to be viewed as exhaustive. Particularly for medium-sized and larger companies, it is also recommended to use a specialist in communication law for the formulation of the e-mail marketing guidelines. Checklist ✔C orrect and unmistakable sender address (true identity) Mandatory ✔P rior express consent or existing commercial relationship to the recipient (recipient is customer) Mandatory ✔ E asy and highly visible rejection option for future mailings (the same means of communication, no further costs); e.g. unsubscribe link, unsubscribing by e-mail reply Mandatory ✔O nline consent: Check box that reflects the consent to receive the advertising e-mails of the sender must be expressly clicked (no already pre-marked check box) Mandatory ✔U nsubscribed recipients will no longer receive mailings Mandatory ✔ E -mails to existing customers: No delivery of third-party advertising without their express consent being obtained beforehand. Mandatory ✔ E -mails to existing customers: No advertising of own products/services without the corresponding express consent being obtained beforehand. Recomended Guidelines for Practical Use 5th Edition 2014 ✔C omplete legal notice with offline contact option (address, telephone number) and guarantee of the sender being available Recomended ✔O nline registration solely via double opt-in (traceability!) Recomended ✔o nsent obtained offline is saved/filed (traceability!) Recomended ✔D ispensing with sending e-mails to customers whom you have had no contact with for a lengthy period of time. Recomended Other useful information on the topic: Website of the Federal Data Protection and Information Commissioner (FDPIC): http://www.edoeb.admin.ch/datenschutz/00683/00803/00816/index. html?lang=de http://www.edoeb.admin.ch/dokumentation/00612/00660/00687/index.html www.kommunikationsrecht.ch 7.2. The legal situation in Austria According to Austrian law, the legal framework for e-mail marketing is spread across various statutory regulations which are based in part, like the German regulations, on an EU directive. The practical implementation of these regulations deviates considerably in part from German law. The following overview is limited to the Austrian regulations on the unsolicited sending of electronic mail. Special regulations in sector and industry-specific laws are not examined in this overview. Data protection law is not examined separately either. There are parallels between Austrian and German data protection law, whereby Austrian law does not foresee any special equivalent to the data protection provisions in the German Telemedia Act (TMG). Introduction The obstacles for the permissible sending of electronic mail are set out in Section 107 para. 2, 3, and 5 of the Telecommunications Act 2003 (TKG 2003). E-mails to consumers (B2C) and companies (B2B) are affected by these provisions. Accompanying provisions are contained in the E-Commerce Act (ECG). Permissibility of e-mail marketing – principle of opt-in Like German law, Austrian law makes provision for an “opt-in procedure” in principle. According to Section 107 para. 2 of the Telecommunications Act (TKG) 2003, consent is required from the addressee of the e-mail to the mailing if t he mailing is done for direct advertising purposes or is addressed to more than 50 recipients. The Austrian courts define direct advertising in a similarly generous manner to the German courts so that in particular newsletters are covered. The consent required in accordance with this, like in German law, must be obtained before the e-mails are sent out. The burden of proof for the existence of consent from the recipient lies with the sender of the 39 eco Directive for Permissible e-Mail Marketing e-mail. This results in the obtaining of the consent having to be organized in such a manner that it is provable. Comparable problems of proof arise here in Austrian and German law. The double opt-in lends itself here in which, for instance after the subscription to a newsletter, an advertisingfree e-mail is sent with the question as to whether the recipient really does want to subscribe to the newsletter. The resulting confirmation is relevant. Permissibility of e-mail marketing – “opt-out” as an exception Section 107 para. 3 of the Telecommunications Act (TKG) – comparable to the German Section 7 para. 3 of the Act Against Unfair Competition (UWG) – makes provision for an exception to the opt-in principle with existing customer relationships. The background to this is that both the Austrian and the German regulation are based on a European directive. 40 An exception to the need for consent exists pursuant to Section 107 para. 3 of the Telecommunications Act (TKG) 2003 if t he sender has received the contact data in connection with a sale or a service to its customers, t he message is sent to directly advertise the company‘s own similar products or services, t he recipient has, during collection and also during each transmission, the possibility of rejecting this contact free of charge and easily, and t he recipient has not rejected the mailing from the outset, in particular not as the result of entry in the list named in Section 7 para. 2 of the E-Commerce Act. Said requirements must all be met at the same time. If one of the requirements is not met, the exception does not apply and consent is necessary. Rejection from the outset – the last named requirement – must not necessarily have been declared to the sender. The objection can also be given by entry in the list named in Section 7 para. 2 of the E-Commerce Act (ECG), the so-called “ECG List.” Consequently, at least a comparison with this “blocked” list is necessary before each mailing. This list is kept by Rundfunk und Telekom Regulierungs-GmbH (RTR-GmbH). The list can be requested in electronic form from RTRGmbH. There are three variants for the comparison of this “ECG List” (status 05/06/2011: http://www.rtr.at/de/tk/ NutzenECG). With all methods, it should be ensured that the registered parties are not named to the potential sender with their plain-text names. Requirements with regard to content With direct advertising, according to Section 107 para. 5 of the Telecommunications Act (TKG) 2002, the identity of the sender or the client of the e-mailing may not be concealed or dissimulated. In addition, according to Section 107 para. 5 of the Telecommunications Act (TKG) 2003, each individual e-mail must always include an authentic address to which the recipient can address a request for the suspension of such messages. This is comparable to the German Section 7 para. 2 no. 4 of the Act Against Unfair Competition (UWG). According to the Austrian Section 24 of the Media Act (MedienG) and Section 5 of the ECG, a legal notice is to be inserted. Guidelines for Practical Use 5th Edition 2014 Possible sanctions A special characteristic in Austria is that in Section 109 para. 3 no. 20 of the Telecommunications Act (TKG) 2003, a determination of the administrative offense is provided for, according to which those who send e-mails in contravention of Section 107 para. 2 or 5 of the Telecommunications Act (TKG) 2003 can be punished with a fine of up to EUR 37,000.00. In addition to willful intent, negligence is also sufficient to initiate the sanction. Negligence is automatically assumed when the prohibition norm is exceeded. In practice, this results in the sender itself having to become active to discharge itself. For this purpose, facts must be submitted and evidence furnished. General assertions are not sufficient to nullify the assumption of negligence. The occurrence of a risk or damage is not a requirement. Repeated offense can increase the fine pursuant to Section 109 para. 5 of the Telecommunications Act (TKG) 2003. As in Germany, there is also the threat of claims for injunctive relief or compensation. The reaction to such claims, in particular to warnings, is similar to that in Germany. Nevertheless, however, checking and appraisal should be done in all cases by a specialist as there are deviations from German law. In particular, there is the risk that the costs to be reimbursed to the counterparty are higher than in Germany. Both private individuals and commercial companies who are the recipients of the e-mail can file a claim for injunctive relief arising from Section ABGB (Austrian Civil Code) which is based on the breach of the general privacy right due to breach of privacy. In particular, competing companies - competitors of the sender - can file a claim against the sender pursuant to Section 14 para. 1 in conjunction with Section 1 of the Austrian Federal Law Against Unfair Competition (UWG) for injunctive relief and pursuant to Section 16 para. 1 of the UWG for damage compensation in the event of culpability. 8.Our recommendation: Certified Senders Alliance The central white list “Certified Senders Alliance” (CSA) launched by eco - Association of the German Internet Industry and the German Dialog Marketing Federation 2004 offers commercial mass senders and companies an effective solution for avoiding delivery problems in their e-mail campaigns. The positive list ensures that recipients also receive e-mails that they have requested or require for a transaction. Primarily mass mailings, such as newsletters, and also transaction e-mails, frequently land, possibly filtered out by the spam filters by mistake, in the spam folder (so-called false positives) and thus normally remain hidden to the recipient. For the companies concerned, this can result in slight loss of earnings, and in an annoying experience for the user. This can primarily be combated in the mass senders - each for themselves - contacting the individual Internet service providers and substantiating the lawfulness and trustworthiness of their mailings. In practice, this approach requires substantial resources and costs in places, both among the ISPs and the sending companies. Secondly, the requirements vary between providers; changing contact persons also 41 eco Directive for Permissible e-Mail Marketing make this process difficult. These circumstances demand a joint point of contact in order to centralize the inclusion of mass senders in a positive list and to establish a standardized procedure that guarantees a consistently high level of quality and, very importantly, is endowed with an efficient complaints management. With the CSA white list, ISPs can optimize the delivery of incoming e-mails to their customers in order to continue to protect them effectively against spam. With a CSA certification, senders ensure that they identify themselves as trustworthy and reputable towards the ISPs affiliated with the CSA and thus avoid delivery problems as the result of a poor reputation. The CSA-certified senders are subject to strict approval criteria. Certified service providers also forward the CSA criteria via their general terms and conditions of business to their customers. The approval criteria require the fulfillment of high technical standards and legal specifications that the CSA develops together with the participants in a continuous process. In addition, there are a number of mechanisms that prosecute the breaches by senders against the existing rules. The certification and complaints committee monitors the inclusion of new senders and the compliance with the rules. The operational experience to date shows that the high requirements are paying off. The number of incoming complaints is – when viewed relative to the dispatch volume of the certified senders - gratifyingly low. In individual cases, however, the certification and complaints committee must impose or confirm sanctions in order to preserve the quality of the white list. In turn, these sanctions help the sender concerned to identify 42 and eliminate weak points in its own processes or those of its customers and thus avert greater damage in a timely manner. In order to preserve the high quality of the white list, not only the legally impeccable audit and its control over the complaints management are necessary. In addition, the technical criteria also have to be reviewed on a regular basis. Thus, the most important criteria of the sending mail servers are reviewed automatically on a daily basis and recorded in a report. This report also contains additional tests on whether there was anything negative noticeable in the sending characteristics of the mail servers, both to provide information to the certified senders but also to gain indications of problems during sending. This is therefore also an additional added value that participation in the CSA offers. Technical security constitutes a very important criterion with the CSA white list. Access to the CSA white list is protected and secured by the affiliated ISPs in multiple ways so that the white list is also only used for the purpose for which it was compiled – namely the whitelisting of the mail servers listed therein. The CSA is established on the market and, since the start of its operational service, has enjoyed a constant increase in acceptance, which in turn has a positive effect on the growth of the CSA. Expressed in figures, the CSA now encompasses more than 100 certified mass senders from Germany, the EU, and the U.S. On the other hand, the ISPs affiliated with the CSA cover more than 500 million e-mail accounts. In addition, renowned technology and cooperation Guidelines for Practical Use 5th Edition 2014 partners participate in the CSA who increase the reach of the CSA further and provide the CSA with important instruments for the monitoring of the senders. For years, the CSA has been the most well-known and most widespread reputation standard in Germany and thus a great success for the German Internet economy. At the international level, the CSA also enjoys growing popularity and acceptance and is thus on the best path to further increasing the benefit of all providers and senders already affiliated. An updated list of the participants and partners as well as all other information regarding the CSA can be found at www.certified-senders.eu. 9.Opt-in or opt-out – what applies in the individual countries With the international mailing of advertising e-mails, the following decisive question arises for the sender: In the country where the recipients are located (target country), does the opt-in principle (prior consent required) or an opt-out regulation apply (unsubscribe option sufficient). The decisive factor in the assessment of the lawfulness of the mailing activity is the legal position in the respective target country. Opt-in applies in all Member States of the European Union and in Norway, Liechtenstein, Iceland, and Switzerland. However, this is not the case all over the world. The following list* answers the question of the validity of opt-in or opt-out for around 50 countries, listed according to continents. For most countries, the list also contains important information regarding the respective legal bases: 43 eco Directive for Permissible e-Mail Marketing Europe Country 44 Opt-In Austria (+) Belgium (+) Bulgaria (+) Denmark (+) Germany (+) Estonia (+) Finland (+) France (+) Greece (+) Iceland (+) Opt-Out Legal Bases / Comments O pt-In with B2C and B2B, exception with customer relationships, Section 107 para 2., para 3., of Telecommunication Act 2003 (TKG) L aw on Legal Aspects of the Services of the Information Society (Law of 11 March 2003), in B2B, opt-out is sufficient G erman Civil Code (BGB) A ct Against Unfair Competition (UWG) T elemedia Act (TMG) F ederal Data Protection Act (Bundesdatenschutzgesetz, BDSG) E xpress consent required, exception with customer relationships; Section 7 para. 2 no. 3 para. 3 of the Act Against Unfair Competition (UWG) N o differentiation between B2B or B2C O pt-out applies to B2B L aw on Confidence in the Digital Economy (LECN) T he following applies to consumers: Opt-in necessary unless 1 . A ddress was obtained during a purchase in the last 12 months 2. Product similarity 3. Free-of-charge and clearly understandable opt-out option W ith B2B, opt-out is sufficient Guidelines for Practical Use 5th Edition 2014 Country Ireland Opt-In Opt-Out Legal Bases / Comments (+) Italy (+) Latvia (+) Liechtenstein (+) Luxembourg (+) Lithuania (+) Malta (+) D ata Protection Act of 1998 European Communities (Electronic Communications Networks and Services) ( Data Protection and Privacy) Regulations 2 003 (Statutory Instrument No. 535 of 2003) D ata Protection Act of 2003 (amending Data Protection Act of 1988) T he following applies to consumers: Opt-in necessary unless 1 . A ddress was obtained during a purchase in the last 12 months 2 . Product similarity 3. Free-of-charge and clearly understandable opt-out option W ith B2B, opt-out is sufficient A nti-spam regulation in Section 130 of the Italian Data Protection Act, Codice in materia di protezione dei dati personali T he following applies to consumers: Opt-in necessary unless 1. A ddress was obtained during a purchase in the last 12 months 2. Product similarity 3. Free-of-charge and clearly understandable opt-out option W ith B2B, opt-out is sufficient 45 eco Directive for Permissible e-Mail Marketing Country 46 Opt-In Netherlands (+) Norway (+) Poland (+) Portugal (+) Romania (+) Slovenia (+) Spain (+) Sweden (+) Switzerland (+) Opt-Out Legal Bases / Comments T elecommunications Act, Federal Data Protection Act; in force since 10/01/2009: The New Dutch Opt-In Law T he following applies to B2B and B2C: Opt-in necessary unless 1. A ddress was obtained during a purchase in the last 12 months 2. Product similarity 3. Free-of-charge and clearly understandable opt-out option 2 000/31/EC D ecree-Law 7/2004 (Art. 22) Information Society Services and Electronic Commerce Act (34/2002 of 11 July) R oyal Decree 1720/2007 T he following applies for consumers: Opt-in necessary unless 1. A ddress was obtained during a purchase in the last 12 months 2. Product similarity 3. Free-of-charge and clearly understandable opt-out option A rt. 3 of the Federal Law Against Unfair Competition: Mass advertising by e-mail is only permissible in Switzerland if the following requirements are met: 1. P rior consent from the customers 2. Indication of the correct sender 3. Information about easy and free-of-charge unsubscribe option Guidelines for Practical Use 5th Edition 2014 Country Opt-In United Kingdom (+) Cyprus (+) Opt-Out Legal Bases / Comments P rivacy and Electronic Communications (EC Directive) Regulations 2003: F or consumers: Opt-in necessary unless 1. A ddress was obtained during a purchase in the last 12 months 2. P roduct similarity 3. Free-of-charge and clearly understandable opt-out option USA / S outh America / C anada Country Opt-In Opt-Out USA (+) Argentina (+) Chile Costa Rica Legal Bases / Comments C AN-SPAM-ACT: The following points constitute the most important content of the law (Section 5): 1 . S ender must be clearly identifiable 2. Misleading subject lines are prohibited, i.e. the subject line may only inform the recipient about the true content of the e-mail. 3. Opt-out option or unsubscribe option must be given. 4. The postal address of the sender must be indicated P ersonal-Data-Protection Act. T here is no law solely on e-mail marketing. Section 27 of the Personal-Data-Protection Act, however, contains provisions on the opt-out option with advertising e-mails (+) (+) 47 eco Directive for Permissible e-Mail Marketing Country Opt-In Canada (+) Colombia Mexiko 48 Opt-Out Legal Bases / Comments h ttp://laws-lois.justice.gc.ca/eng/ acts/E-1.6/index.html F rom 07/01/2014: Opt-in regime, approximation to German provisions and revised anti-spam law: Canada’s Anti Spam Law (CASL): 1 . E xpress consent from the recipient to the receipt of the advertising e-mail before it is sent. 2. N o false or misleading message header (sender or subject line). 3. No change in the sending data. 4. A clearly visible or locatable “unsubscribe link”. The advertising e-mail must contain the sender‘s postal address. 5. No use of e-mail addresses that have been collected by unlawful means. (+) (+) Peru (+) Venezuela (+) C onsumer Protection Law Guidelines for Practical Use 5th Edition 2014 Asia / Australia Country Opt-In Australia (+) Bahrain Legal Bases / Comments S pam Act 2003, always prior express consent required (+) China (+) Japan (+) Korea (+) New Zealand (+) Russia (+) Saudi Arabia (+) Singapore C hina’s Regulations on Internet Email Services 2006 “ New Anti-Spam Law” 2008, close adaptation to the European principles U nsolicited Electronic Messages Act 2007; Privacy Act 1993 (+) Turkey United Arab Emirates Opt-Out S ingapore enacted the SPAM Control Act in 2007 (+) (+) * Status December 2013: Amendments to the law that have been made subsequently have not been taken into account 49 eco Directive for Permissible e-Mail Marketing Authors Authors Dr. Torsten Schwarz Owner of Absolit Consulting und Email-Marketing-Forum.de Christian Schmoll Senior Legal Counsel and Data Protection Officer of Teradata (teradata.com), lawyer, law firm TMD Lawyers Martin Bucher Managing Director, Inxmail GmbH Roman Schiffelholz Team Manager, Inxmail GmbH Dr. Jens Eckhardt Specialist lawyer for information technology law, JUCONOMY Lawyers Ivo A. Ivanov Lawyer and General Corporate Counsel, eco e. V. Sebrus Berchtenbreiter Managing Partner, promio.net GmbH Ueli Grüter Lawyer, Grüter Schneider & Partner AG Maya Reinshagen Founder and co-owner, Mayoris AG, Root Principal Consultant, Namics AG, Zurich Sascha Wilms Product and Business Development, eco e. V. 50 Anja Schäffer Verlag für die Deutsche Wirtschafts AG Frank Stiegler Lawyer, „Stiegler Legal“ Rosa Hafezi Lawyer, Professional Services Division, eco e. V. Alexandra Koch-Skiba Lawyer, Head of Complaints Department, eco e. V. Copy-editing Ivo A. Ivanov Lawyer and General Corporate Counsel, eco e. V. Sascha Wilms ISP and Product Development, eco e. V. Rosa Hafezi Lawyer, Professional Services Division, eco e. V. Alexandra Koch-Skiba Lawyer, Head of Complaints Department, eco e. V. www.certified-senders.eu eco Association of the German Internet Industry Lichtstraße 43h 50825 Köln (Cologne) Phone +49 (0)221 / 70 00 48 - 0 Fax +49 (0)221 / 70 00 48 - 111 info@eco.de international.eco.de 52