Lecture 7: Data Protection and Marketing

Question 1

In the context of marketing, a data subject can also be thought of as a …

Answer 1

Consumer

Question 2

According to Article 5, you must process lawfully. What four bodies of law are used as an example, so that if you break them, you are processing unlawfully?

Answer 2

1) Consumer protection law
2) Data protection law
3) The Unfair Commercial Practices Directive
4) The Directive on Privacy and Electronic Communications

Question 3

Processing personal data for marketing purposes will usually rely on which legitimate bases?

Answer 3

Consent or the balancing test (legitimate interests)

Question 4

According to Recital 47, can processing personal data for direct marketing purposes be covered under Legitimate Interest?

Answer 4

According to recital 47, processing personal data for direct marketing purposes is covered under legitimate interest.
Recital 47: “the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”.

Question 5

According to Article 21, the Data Subject has the right to object. When must this right be brought to the attention of the data subject?

Answer 5

This right must be brought to the attention of the data subject at the latest at the time of the first communication with the data subject.

Question 6

Is marketing by email considered legitimate interest?

Answer 6

No. While direct marketing is considered legitimate interest, email marketing always requires consent.

Extended:
If you intend to process personal data for the purposes of direct marketing by electronic means (by email, text, automated calls etc) legitimate interests may not always be an appropriate basis for processing. This is because the e-privacy laws on electronic marketing – currently the Privacy and Electronic Communications Regulations (PECR) – require that individuals give their consent to some forms of electronic marketing. It is the GDPR standard of consent that applies, because of the effect of Article 94 of the GDPR.

Question 7

What are cookies, and what are their uses?

Answer 7

Cookies are small pieces of data that are sent from a website and stored on the user’s computer by their browser while browsing the internet

Can be used, among others, for more intensive tracking across several platforms, allowing aggregators to develop fine-grained profiles that may be used more or less aggressively for marketing purposes. Cookies may contain info about the user, e.g. name, address typed into a form field.

Question 8

Do cookies require consent?

Answer 8

In general, cookies require consent. However, some cookies may be exempt from requiring consent. These cookies include: user-input cookies (session-id), authentication cookies, multimedia content player cookies, etc

Question 9

Article 5 of the E-commerce Directive, requires any information society service to have what information present on their web page?

Answer 9

1) Name of the provider
2) Geo address
3) Details of the service
4) Where the service provider is registered
5) Where the activity is subject to an authorisation scheme
6) info concerning the regulated professions If the service provider undertakes an activity that is subject to VAT, and the VAT number
7) Need to provide an email address, if the communication is effective through that.

Question 10

In addition to the information requirements laid out by Article 5 of the E-commerce directive, what additional information requirements does the Service Directive require a business to present?

Answer 10

the general conditions and clauses, if any, used by the provider; the existence of contractual clauses, if any, used by the provider; the existence of an after-sale guarantee; price of the service, main features of the service, possible insurances and guarantees.

Question 11

According to E-commerce directive Article 5(1), commercial practices that are unfair are prohibited. Article 5(2) sets out two cumulative requirements, that, if fulfilled, deems a commercial practice to be unfair. What are these two requirements?

Answer 11

1) when it is contrary to the requirements of professional diligence
2) it materially distorts or it is likely to materially distort the economic behaviour with the regard to the product of the average consumer

Question 12

According to the E-commerce directive, what constitutes commercial practices?

Answer 12

Any act, omission, course of conduct or representation, commercial communication including advertising and marketing, by a trader, directly connected with the promotion, sale or supply of a product to consumers

Question 13

According to the E-commerce directive, what is professional diligence?

Answer 13

The standard of special skills and care which a trader may reasonably be expected to exercise towards consumers, commensurate with honest market practice and/or the general principle of good faith in the trader’s field of activity

Question 14

In to the E-commerce directive, what are some examples of what’s on the blacklist?

Answer 14

1) Displaying a trust mark, quality mark or equivalent without having obtained the necessary authorisation,
2) Claiming that a trader or a product has been approved, endorsed or authorised by a public or private body when it was not
3) Falsely stating that a product will be available for a limited time in order to elicit an immediate purchase

Many more (See pp. 127 in the book)

Question 15

According to articles 21-22 on Automated Individual Decision-Making and Profiling, making certain decisions solely on automated processing is not allowed without…

Answer 15

Explicit consent