Commercial emails to “public” company emails: are they legal?
In this month’s post, we want to focus on a very common practice in email marketing, which is none other than taking advantage of sending commercial emails to public company emails published on their website. We are referring to the classic “info@” or “admin@” emails, very common in business 3organisations or professionals who offer their services to clients.
Commercial emails to public company emails: Are these emails considered personal data?
The first thing to weigh up is the nature of this type of email and determine whether or not data protection regulations apply. Current law on this matter defines personal data as “any information on an identified or identifiable natural person”. Therefore, in the case of emails of the “[email protected]” type, because it does not identify a natural person, it could be concluded that the data protection regulations do not apply for the processing of this information.
Does the concept of public personal data exist?
On quite a few occasions, during this type of debate with email marketing people, they argue that emails are not personal data (as we have already mentioned) and that, in addition, when they are published in a space such as a website, they can be considered public and that, therefore, their owner authorises their use for commercial purposes.
In relation to this, what needs to be said is that, at present, there are no “sources accessible to the public” and even fewer for the use of data for promotional or commercial purposes. Furthermore, when a company or professional publishes a contact email on its website, it is for customers or potential customers to contact, not to receive commercial offers (unless it expressly states as such).
Commercial emails to public company emails: Which law applies?
At present, the law that remains applicable for the sending of commercial e-communications is the already distant Law 34/2002 of July 11 on information society service and e-commerce. This ruling, unlike data protection law, applies whether the recipient of e-communications is a natural person or any other type of recipient, i.e. a company or professional.
Therefore, to send commercial e-mails to e-mail addresses published on websites or similar and that do not identify individuals, compliance with the requirements set by this law is needed.
What are these requirements?
In essence, therefore, in order to be able to send commercial e-communications to this kind of email, it will be necessary to fulfil one of the following assumptions:
- Have the prior and express consent of the recipient.
- Be able to demonstrate that the recipient is a current customer of the sender.
In relation to the second point, it should be noted that:
- They must be a current customer; this rule does not apply to former customers.
- The customer must have been informed at the time of registration of this use of their data for promotional purposes.
- Commercial communications may only be sent from the company of which you are a customer and for products or services similar to those originally contracted.
Sending commercial e-mails to “public” e-mail addresses outside of this assumption involves breaking the law and, beyond complaints from recipients, exposing yourself to a possible complaint from the Spanish Data Protection Agency with the potential risk of being penalised for this conduct.
Obviously, tools that massively and automatically collect “public” email addresses for this purpose are also subject to the same regulation.
Finally, it must be said that providing the option to unsubscribe from these mailshots, which is very common practice, does not free you from the responsibility of indicating the source of the mailshot and on which of the two requirements indicated it is based.
If you need extra information about this conduct and this type of commercial sendings, don’t hesitate to contact us!
Information on data protection
LEGAL IT GLOBAL 2017, SLP
Providing the service.
Sending the newsletter.
Compliance with the service provision.
Your data will not be shared with any third party, except service providers with which we have signed a valid service agreement.