We're planning to start an e-mail marketing campaign basing on a list of addresses gathered via public directories (like Yell). We understand it's a good practice to ask for consent before sending the actual offer regardless of whether these e-mails contain personal details or not. Is there any specific, safe wording we should use when sending our original requests for consent? What should such a request contain apart from the actual question?
I will assume for the purposes of this email that you are considering sending the requests for consent via email.
If the sending of the requests for consent involves the processing of any personal data (e.g. joe.bloggs[at]example.com) then you would need consent to send the consent requests. Similarly, if the requests for consent are sent to "individual subscribers" within the meaning of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (which includes sole traders and partnerships), then they would be subject to the prohibition in Regulation 22(2) (although they are not marketing emails, they are emails sent "for the purpose of direct marketing"). In other words, you could be in a mild sort of Catch 22.
If you are not sending to individual subscribers and are not processing personal data, no legal prohibitions arise.
As to best practice, I'm not really an expert, but I think that best practice would forbid the sending of the consent requests by email. Certainly, if you send them in large numbers, you would risk getting your email addresses, domains, email servers etc blacklisted.
If you go ahead anyway, I think such requests should:
- be accessible;
- be entirely clear as to what is being signed up to;
- require a double-opt in; and
- possibly, include details of how to subsequently opt-out.
ps You should also check the T&Cs of websites from which you collect data. They may prohibit data harvesting, and such prohibitions can have legal consequences: