The good news: You can stop plowing through every GDPR-related email asking if you want to keep in touch. The bad news: You shouldnt have received (most of) them in the first place.
As the EUs new privacy rules kick in, experts are saying European consumers didnt need to be on the receiving end of the avalanche of emails that landed in their inboxes this week.
A large number of companies — uncertain about the implications of the new rules — asked entire client and contact databases to reconfirm their (already given) consent, as part of their review over the past months of the personal data they hold on customers, employees or general internet users.
“If in the past you have given your consent to receive marketing emails of a company, then that consent is still valid,” said Frederik Borgesius, a privacy researcher at the Free University Brussels.
European data protection authorities, who met in Brussels Friday for a plenary meeting and will be in charge of enforcing the EUs General Data Protection Regulation, supported the analysis.
Companies dont need consent to send marketing emails to existing customers.
“There is a lot of fuss about this … In a lot of cases they dont need this consent,” said Willem Debeuckelaere, Belgian data protection chief and deputy chair of the newly created European Data Protection Board that will coordinate privacy enforcement across Europe.
Companies dont need consent to send marketing emails to existing customers. Nor do they need consent to send non-marketing material, according to Debeuckelaere. The only situation in which a company needs to ask for additional consent is when it sends marketing emails to contacts that are not existing customers.
The exceptions to this rule are organizations holding large troves of email addresses but never asked recipients if they wanted to be included on email lists. Such “spammers” could face fines and enforcement action — but would have already been in breach of EU law (and specifically the e-Privacy Directive) before the new data protection rules kicked in.
Companies that did send out emails asking for renewed consent might find themselves in a tricky situation now, said Aaron Tantleff, privacy lawyer at Foley & Lardner.
“In most cases, the email request was unnecessary at best and a poor business decision at worst as they are finding that their marketing database is rapidly shrinking,” he said.
“Many of the companies that sent out the emails asking for consent are going to find that they are going to lose a sizable portion of their mailing list. While some respondents will affirmatively respond and provide consent, there are plenty of individuals who are saying no, with another sizable percentage of individuals not responding at all,” according to Tantleff.
Like many others, Tantleff said “even I got fed up when I receive 152 such consent emails in one day.”