The Consumer Protection Act sparked quite a bit of interest in direct marketing and consumers’ rights to opt-out of receiving direct marketing communications. It has also highlighted a tension between direct marketers and consumer orientated initiatives to protect and enhance consumer rights. Some of these initiatives have been undertaken by two industry bodies, the Internet Service Providers’ Association and the Wireless Applications Service Provider Association which are self-regulatory bodies focused on ISPs and mobile service providers, respectively. The ISPA and WASPA Codes of Conduct contain provisions which are somewhat more stringent than the Consumer Protection Act, although more in line with the draft Protection of Personal Information Bill when it comes to regulating direct marketing.
I took a closer look at the relevant provisions in the Code as well as related provisions in the Consumer Protection Act and the current Protection of Personal Information Bill which is expected to be enacted in late 2011 in order to how these regulatory frameworks deal with direct marketing and what effect they seem to have on the industry. This post is an overview of these regulatory frameworks.
The ISPA Code
The ISPA Code binds Internet Service Providers directly, and direct marketers that use ISPs to host their services, indirectly. Section E of the ISPA Code states the following:
E. Unsolicited communications
- ISPA members must not send or promote the sending of unsolicited bulk email and must take reasonable measures to ensure that their networks are not used by others for this purpose. ISPA members must also comply with the provisions of section 45(1) of the ECT Act, and must not send or promote the sending of unsolicited commercial communications that do not comply with the provisions of section 45(1) of the ECT Act.
- ISPA members must provide a facility for dealing with complaints regarding unsolicited bulk email and unsolicited commercial communications that do not comply with the provisions of section 45(1) of the ECT Act originating from their networks and must react expeditiously to complaints received.
ISPA’s members generally adopt a fairly firm approach to unsolicited bulk email for a variety of reasons, and for good reason in many instances. We are all familiar with the deluge of spam that clogs our mailboxes on an ongoing basis. Unfortunately well meaning direct marketers are often caught in the cross-fire largely because they are reliant on ISPs to operate their businesses.
The WASPA Code
WASPA is a self-regulating industry association that watches over mobile service providers. Its members include most mobile service providers and marketers in South Africa as well as a number of foreign mobile content providers. If you market to customers by SMS, the odds are you are using a WASPA member to distribute your messages.
The current version of the WASPA Code is 11.0. The section in the Code dealing with spam is section 5 which is titled “Commercial communications”. Section 5.1 deals with “Sending of commercial messages” and specifies certain minimum requirements such as the requirement that WASPs terminate commercial messaging services when a recipient responds to a commercial message with the “STOP” instruction or similar words such as “END”, “CANCEL”, “UNSUBSCRIBE” or “QUIT”.
The definition of “commercial message” is also relevant and it is the following:
A “commercial message” is a message sent by SMS or MMS or similar protocol that is designed to promote the sale or demand of goods or services whether or not it invites or solicits a response from a recipient.
Sections 5.2 and 5.3 deal with spam identification and prevention and are directly relevant. These provisions state the following:
5.2. Identification of spam
5.2.1. Any commercial message is considered unsolicited (and hence spam) unless:
(a) the recipient has requested the message;
(b) the message recipient has a prior commercial relationship with the message originator and has been given a reasonable opportunity to object to direct marketing communications
(i) at the time when the information was collected; and
(ii) on the occasion of each communication with the recipient; or
(c) the organisation supplying the originator with the recipient’s contact information has the recipient’s explicit consent to do so.
5.2.2. Any commercial message is considered unsolicited after a valid opt-out request.
5.2.3. WASPA, in conjunction with the network operators, will provide a mechanism for consumers to determine which message originator or wireless application service provider sent any unsolicited commercial message.
5.3. Prevention of spam
5.3.1. Members will not send or promote the sending of spam and will take reasonable measures to ensure that their facilities are not used by others for this purpose.
5.3.2. Members will provide a mechanism for dealing expeditiously with complaints about spam originating from their networks.
When it comes to classifying a commercial message as not “spam”, the Code sets out a two part test. A commercial message is regarded as spam if it is unsolicited except where –
- The recipient has either requested the message or has a prior commercial relationship with the message originator and “has been given a reasonable opportunity” to opt-out of further marketing communications from the originator (this is implicit opt-in with an opt-out requirement); or
- The recipient has given his or her “explicit consent” to receive the commercial message concerned.
The focus of this test is on unsolicited commercial messages and the default position is that such messages are spam and prohibited unless the originator can prove one of two scenarios (mentioned above), both of which are consent-based. The first scenario is a combination of explicit opt-in and the second scenario involves a more implicit opt-in. This is a departure from the current legislative position, although not necessarily of the anticipated legislative framework detailed in draft legislation.
The Consumer Protection Act
The Consumer Protection Act deals with “unwanted direct marketing” in section 11 of the Act. Consumers’ right to pre-emptively block, refuse to accept or to require a person to discontinue direct marketing communications or approaches is specifically included in consumers’ broader right to privacy which is entrenched in the Bill of Rights. While the Consumer Protection Act does not explicitly state that it operates on the basis of an opt-out paradigm, section 11(2) supports this conclusion:
To facilitate the realisation of each consumer’s right to privacy, and to enable consumers to efficiently protect themselves against the activities contemplated in subsection (1), a person who has been approached for the purpose of direct marketing may demand during or within a reasonable time after that communication that the person responsible for initiating the communication desist from initiating any further communication.
The direct marketing framework contemplated by the Consumer Protection Act is similar to the framework established for electronic direct marketing in the Electronic Communications and Transactions Act. Both frameworks enable marketers to send unsolicited commercial messages (to use the basic term in the Code) directly to consumer provided they facilitate and honour requests from consumers to opt-out of receiving further commercial messages from those marketers. The press release mentioned a Do Not Call Registry which section 11(3) of the Consumer Protection Act provides for. This registry doesn’t exist yet, at least not in the form contemplated by the Consumer Protection Act, but such registries do exist in varying degrees.
The Direct Marketing Association of South Africa (“DMASA”) operates a National Opt Out Register which its members are bound to comply with. This Register presently represents the closest registry of its kind to the registry contemplated in the Consumer Protection Act. Unfortunately this Register is limited in its scope. It binds DMASA members and its distribution is limited to those members. It is also subject to exploitation (such an exploit was publicised in ITWeb on 30 May 2011) for illegitimate purposes in its current form although its distribution method is due to shift from email to an authenticated file transfer protocol.
Protection of Personal Information Bill
The Protection of Personal Information Bill deals with “unsolicited electronic communications” in section 66 of the current draft Bill. This section begins with the premise than unsolicited electronic communications (including SMS and email) for direct marketing purposes are prohibited unless certain conditions are met (the Bill speaks of “processing” which has broader implications than simply sending marketing SMSes or emails but I will confine my discussion to direct marketing messages). These conditions are, essentially, that the person whose personal information is being used (the “data subject”) has consented to receiving these commercial messages or where the data subject is a customer of the party sending the commercial messages.
This latter condition is a complex one. In order for a business to market its products and services to a consumer under the Protection of Personal Information Bill, it must have obtained the consumer’s contact details in the context of a sale of a product or service for the purpose of directly marketing the business’s “own similar products or services” and the consumer must have been afforded opportunities to opt-out of receiving those marketing messages both at the time the contact details were collected and “on the occasion of each communication with the data subject for the purpose of marketing if the data subject has not initially refused such use”.
Going further, the Protection of Personal Information Bill requires that “any communication for the purpose of direct marketing” must contain the following information:
- details of the identity of the sender or the person on whose behalf the communication has been sent; and
- an address or other contact details to which the recipient may send a request that such communications cease.
This section of the Protection of Personal Information Bill appears to shift the current opt-out paradigm to something closer to an opt-in paradigm in that a consumer’s consent is required before a business may market products and services to the consumer or the consumer must be the business’s customer and the consumer’s personal information was collected for that purpose. The first scenario entails an express opt-in and the second an implicit opt-in with the comfort of a subsequent opt-out option. These provisions are similar to the provisions of the Code dealt with above and represent a departure from the current paradigm the Consumer Protection Act operates under. While the Protection of Personal Information Bill is not a final Bill yet and there is still scope for these provisions to change before its finalization and adoption by Parliament, it is worth bearing its current provisions in mind.
Where does this leave direct marketers
Direct marketers are largely dependent on either ISPs or WASPs to conduct their businesses and this presents a number of challenges. The current business model relies on an opt-out paradigm to exist and the ISPA and WASPA Codes are precursors to the Protection of Personal Information Act which shift the paradigm to an opt-in paradigm which most direct marketers probably can’t easily transition to. If the ultimate Protection of Personal Information Act will have the current opt-in provisions for direct marketers then the industry will have to change the fundamental basis on which it operates starting with its database development strategy.
Some marketers have already begun exploring more innovative models based on social media. One of my recent clients, Virtuosa, sent out an email in April informing its newsletter subscribers that it was discontinuing its newsletter and invited its subscribers to follow it on Twitter, Facebook and LinkedIn:
Newsletters are old-fashioned. Research and feedback from you has shown that overall the preferred means to receive updates and engage with us is via our social profiles. We will no longer be sending regular newsletters but rather communicate with you on Social Media. Please connect and engage with us via our social media profiles.
One of the advantages of social media as a broad marketing platform is that services like Twitter, Facebook and LinkedIn are built to be opt-in and have easy opt-out mechanisms built into the platforms. In a way, this model is an ideal direct marketing model because of its higher engagement levels and opt-in basis but shifting to this model basically means discarding existing email and SMS databases in favour of a relatively young channel. Even if marketers ignore social media, they need to seriously start thinking about how they will transition to an opt-in paradigm if the current Protection of Personal Information Bill is passed in more or less the same form it is currently in. As it is, they operate in an environment that is, at least partly, fundamentally opposed to their existing business model.