New Marketing Techniques Versus Consumer Privacy: The Italian Approach

Article by Avv. Felix Hofer*

1. In the 90ies the marketing industry in Europe was hit by revolutionary events: the impact of the information society with its striking new technologies offered ways of approaching consumers nobody would have even dreamed of just a few years earlier.

Marketing Gurus were eager to invent new definitions, to coin sexy acronyms and to dispense their wisdom about how to target consumers in more and more aggressive manners as well as about how to reach effectively very specific (sometimes micro-) groups.

2. But soon legal experts started warning about some risky side effects of this marketing frenzy. To all those familiar with legal developments throughout the European Union it was quite clear that the new - and so popular - techniques and practices were evidently on a crushing course with the key principles set by the Directives nos. 46 of 1995 and 58 of 2002 on processing of personal data1. Nevertheless those warnings were not taken seriously, were rather considered as out-of-tune voices and were perceived as the usual wet blankets. There were basically two reasons for this: (a) every marketer felt that he simply couldn't afford not being in the game, (b) most of the national watchdogs in charge of granting domestic implementation of the Directives' provisions in a harmonized way, had initially chosen to follow a relaxed and flexible approach in order to avoid a too dramatic impact of the new rules on an entire industry sector.

3. This idyllic situation came to an end when consumers became more and more annoyed by too aggressive marketing practices and started objecting to what they perceived as an unacceptable interference into their personal intimacy.

The 'everything goes' period turned into a real crisis, when spamming crossed the 50% percent ratio of all electronic communication present on the Internet. So, where are we now2 in the clashing relationship between electronic marketing and consumers' privacy?

Privacy Commissioners throughout the European Union have tightened the reins and are looking closer and closer into marketers' practices. Their understanding for the industry's needs has clearly weakened, their attention has definitely shifted to focusing on effective protection of the targeted public's private sphere. More and more rules and guidelines are issued in order to limit excessively intrusive marketing practices.

During the last five years the Italian Privacy Commissioner has delivered a number of specific guide-lines, directed at ruling various aspects of marketing.

4. Since March 2003 the Authority addressed correct use of MM3 through some specific guide-lines.

In the Commissioner's view:

- taking pictures with a mobile phone for strictly personal purposes (e.g. for individual entertainment, cultural interests) and sending them to a restricted group of friends or family members had to be considered as legitimate use,

- as long as occasional communication of personal data (i.e. images) for pure personal use occurred, the provisions on processing of personal data would not become relevant,

- but also in those cases the author of such kind of communication had to grant safety of the collected data and could be hold liable for damages caused to other subjects by improper data handling,

- data subject's specific consent had always to be sought, when systematic diffusion of pictures or videoclips to a broader public (e.g. through posting on the Internet) or 'pyramid communication' was performed,

- journalists in principle have not to achieve data subject's consent, but have to comply with their ethic code's provisions,

- specific consent eventually obtained, when required, would not exempt from complying with other rules referring to uses different from data processing (e.g. Section 10 of the Civil Code governing abuse of a person's image, the rules of the Copyright Act),

- when temporarily storing such messages and making them available to destinees on the Internet, Telcos have to adopt additional cautions, meant to grant due respect to the 'freedom of communication' principle and to preserve secrecy of the message's content.

5. A couple of months later (in May 2003) the same Authority, facing widespread complaint about misuse and excessive use of such practice, ruled on SMS of public interest (reference is to text messages delivered by communication providers or public entities for so-called 'institutional purposes'4).

The Italian Privacy Commissioner felt that, save cases of public disasters or emergencies, SMS messages of this kind could not benefit from any exemption and were therefore subject to explicit in-advance consent from targeted data subjects.

According to the respective guide-lines:

- two cases are to be held distinct: (a) when a phone service provider acts on behalf of a public entity (but using its own data bases without transferring subscriber data to the public entity), (b) when the messages are directly diffused by a public entity (making use of its own address list),

- in the first case (e.g. when a provider informs about traffic restrictions on behalf of an Administration), explicit in-advance consent of the targeted public has to be sought and data subject's rights have to be granted,

- in the second case (i.e. when a public entity approaches directly subjects who have spontaneously submitted their contact data for receiving a specific information, e.g. on an application filed), the administration may freely address those subject through SMS messages, without asking for in-advance consent (but if the contact is established for a purpose different from that which the subject has submitted its data for, then explicit consent is necessary).

6. At the same time5 the Commissioner addressed the issue of unsolicited commercial communication diffused via e-mail and set general rules for such practice.

According to those rules:

- domestic statute law...