Direct Marketing Flashcards Preview

CIPP/E > Direct Marketing > Flashcards

Flashcards in Direct Marketing Deck (18):

Do you have to obtain individuals’ consent to send direct postal marketing?

No unless mandated in member states e.g., Belgium, Greece and Spain.


What lawful basis is required to send direct postal marketing?

Legitimate interests. Examples:
Existing customer- they may expect to receive marketing from the data controller.


What must some data controllers do before sending direct postal marketing?

Some member states (e.g. Austria, Denmark and the Netherlands), data controllers must cleanse their contact list against applicable national opt-out registers.

In the U.K. clearance against national opt-out registers is necessary to comply with self-regulatory marketing standards - direct marketing association’s code of practice


Is there a requirement to obtain individuals’ consent for person-to-person telephone marketing?

Although consent is necessary for automated calling systems. However, article 13(3) of ePrivacy Directive allows member states to decide on opt-out/opt-in basis.
Individuals must have a means of opting out free of charge. Most member states have implemented national opt-out register for telephone-marketing. Member states that allow opt-out marketing require data controllers first to cleanse call list against the register.


Can data controllers use an automatic dialing technology to call numbers in prefer to start a person-to-person call?

Yes but some member states require the identity and contact details of the caller e.g. U.K.


What must data controllers do to send marketing by electronic mail?

They have to obtain prior consent from individuals. They do this by presenting a ‘fair processing notice’ at the time of collecting their data.


What is the ‘soft opt-in rule’?

This is where data controllers can send electronic mail marketing on an opt-out basis only if:
- details obtained in the context of the sale of a product or service.
- to those individuals if they are their own similar products or services.
- the data controller gave individuals the opportunity to opt out free of charge.


What are some of the opt-out exceptions in direct email marketing?

- individuals’ details must be collected in the context of the sale of the product or service
- the controller must market its own similar products and services
- individuals must have the ability to opt out at the time their contact details are collected
- individuals must be reminded of their ability to opt out in each subsequent marketing communication


What mechanism should an opt-out request take?

The opt-out request should be appropriate to the medium by which the marketing message was sent.
Email - provide an email address or opt-out hyperlink.
SMS - provide a mobile short code to send a stop request


Define location data

Any data processed in an electronic communications network or by an electronic communications service indicating the geographic position of the terminal equipment of a user of a publicly available electronic communications service


What does the ePrivacy Directive require individuals to do to use location based marketing?

Individuals have to opt-in only


What must data controllers do to obtain valid consent from individuals to process their location data?

Must inform individuals:
- the types of location data that will be collected and processed
- the purpose and duration
- whether data will be transmitted to a third party


What is an issue with getting consent to use location data?

How to tell the individual that their data is going to be used for marketing as the smartphone screen estate is restricted. A way to fix this issue is to include this information in a privacy notice.


What must data controllers offer individuals when withdrawing their consent to use location data?

- a right to opt out of having their location data processed for marketing purposes entirely
- a temporary right to opt out for marketing purposes on each connection to the network or for each transmission of a communication


What is OBA?

Online behavioural advertising - website advertising that is targeted at individuals based on observation of their behavior over time


How is OBA delivered?

Can be delivered by:
- by the website publisher itself
- by a third-party advertising network


What is an issue with delivering OBA by a third party?

The concept of profiling as the advertising network may track individuals’ behaviour across multiple websites to target their advertising.

Profiling - any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.


What are ad networks considered as - a controller or processor?

Data controller as they have complete control over the purpose and means for which website visitors’ information is processed.