OPTA and CBP issue joint ruling on 'Tell a friend' systems on websites
“Tell-a-friend” systems are allowed on websites subject to conditions. Independent Post and Telecommunications Authority of the Netherlands (OPTA) and the Dutch Data Protection Authority (CBP) announced this today in the form of a ruling. “Tell a friend” is a function on a website which allows an internet user to inform an acquaintance about a specific message or new feature on that website. This method of marketing (viral marketing) is used quite extensively on websites and falls within the jurisdiction of both OPTA and the CBP. The regulatory authorities have drawn up a joint ruling to provide clarity about the conditions subject to which “tell-a-friend” systems can be lawfully used.
Tell a friend
In the case of a “tell-a-friend” system a website sends an e-mail message (on the initiative of a visitor and on his behalf) to the addressee without the latter’s prior consent. This is covered by the prohibition against sending unsolicited electronic messages for commercial, non-commercial and charity purposes (spam act). In addition, a personal e-mail address always constitutes personal data. The Personal Data Protection Act [Wet bescherming persoonsgegevens] stipulates requirements which apply in relation to the use of personal data.
Conditions governing lawful use
In this joint ruling OPTA and the CBP have determined that a “tell-a-friend” system can only be lawful if it satisfies the following conditions:
1. the communication must occur entirely on the initiative of the relevant internet user (or sender) and the website may not offer any consideration (or opportunity to obtain any) to the sender or the recipient;
2. the identity of the person who initiated the e-mail message must be clear to the recipient, so as to ensure that he can hold that person to account if he does not appreciate such e-mail messages;
3. the sender must be able to inspect the entire message that is sent on his behalf, so as to ensure that he can accept responsibility for the personal content of that message;
4. the website in question may not store or use the e-mail addresses and other personal details for purposes other then sending that one message on behalf of the sender. In addition, that website must secure the system against potential abuse, such as the automated transmission of spam.
OPTA and the CBP agreed on a collaboration protocol on 30 June 2005. This protocol sets out arrangements governing the treatment of matters in respect of which the duties assigned to OPTA and the DPA or the exercise of the powers vested in them intersect or overlap. Under the terms of the Telecommunications Act [Telecommunicatiewet] and the Personal Data Protection Act the two regulators enjoy jurisdiction in areas affecting the protection of the privacy of users (of the internet or otherwise) and the use of personal details by providers of electronic communication services. The protocol is largely concerned with the division of labour when tackling spam and other matters pertaining to privacy under the Telecommunications Act.
The joint ruling may be downloaded from the CPB and OPTA websites.
For more information about the DPA you may contact its press officer, Gert Onne van de Klashorst, (+31)(0)70 888 8555 or (+31)(0)6 4813 4908, or at gkl [at] cbpweb [punt] nl. See also www.dutchdpa.nl.