Note: This advice is given by the CAP Executive about non-broadcast advertising. It does not constitute legal advice. It does not bind CAP, CAP advisory panels or the Advertising Standards Authority.
Marketers must ensure they have adequate consent before sending marketing communications to individuals, although consent is not always required. Consent requirements generally fall into one of these three categories:
“Opt-out”: a marketer gives consumers the option, often by offering a tick a box, to stop their data from being used for direct marketing purposes or passed to third party marketers. Providing an opt-out route when collecting consumers’ data generally meets the legal requirements for conventional direct marketing media such as direct mail but does not usually meet the legal requirements for electronic marketing (e-mail and SMS) (Home Entertainment Corporation plc, 13 October 2004).
“Opt-in” (or explicit consent): a marketer is required to obtain permission from consumers before sending them direct marketing or passing their data to third parties for marketing purposes. Consumers must usually opt-in to having their data used for direct marketing purposes via electronic marketing, such as e-mail or mobile marketing (although see “soft opt-in” below). Marketers should be aware that electronic marketing is not the only database practice that is subject to an explicit consent requirement: Rule 10.13 lists others subject to that requirement; they include the processing of sensitive personal data, the sending of some commercial faxes and the sending of non-live-sound marketing communications by automated calling systems (see ‘Database Practice: Explicit Consent’). Similarly, deciding to pass e-mail addresses or SMS contact details on to third parties after collection is subject to explicit consent requirements (See ‘Consent (Explicit)’ and ‘Passing Data on to Third Parties’).
“Soft opt-in”: a limited exception to the general rule that marketers must obtain explicit consent before sending unsolicited marketing messages via e-mail or SMS; it allows marketers to use the opt-out mechanism. It applies only in limited circumstances. See the ’Database Practice: Soft opt-in’.
Marketers should be aware that they might nevertheless need to include unsubscribe or opt-out mechanisms in their marcoms even if they have complied with the Code when they collected the data. Such circumstances are: when intending to pass consumers’ postal data to third parties or to use them for a significantly different purpose or when sending any electronic marketing communications. If they have obtained explicit consent for SMS or e-mail marketing, marketers must include in each message, as a bare minimum, the identity of the marketer and a valid address, which could be a web address or text-back channel that allows consumers to send opt-out requests and access the full address. Marketers are encouraged to adopt best practice and explicitly state that consumers can opt-out of receiving marketing communications via that route. (O2 (UK) Ltd, 28 July 2004).
Consumers exercising unsubscribe or opt-out mechanisms should be able to do so with minimum effort and at the minimum, unavoidable cost. For example, the ASA has upheld complaints against mobile marketers who have charged opt-out routes at premium rates (Mobile Media Ltd, 27 August 2003).
We understand that the Information Commissioner’s Office (ICO) considers it unacceptable to ask subscribers to call a separate number to request suppression.
In early 2007, the ASA confirmed the requirement to offer a clear and simple opt-out route in unsolicited electronic marketing communications (World Networks, 14 February 2007). The advertiser had sent an unsolicited SMS to consumers stating “opt-out available”. The ASA considered that that was not a clear and simple means of opting-out of receiving future messages and concluded that the marketing communication breached the Code. The ASA noted that, in its Guidance on the Privacy and Electronic Communications Regulations, the ICO had stated that marketers should provide a postal address or e-mail or a short code number to which recipients could send an unsubscribe or opt-out request.
Last modified : 29 June 2010