Sell your friend’s email for £25!

refer a friend edited

It’s quite simple. You’ve just bought a product and the company who just sold it to you asks for a friend’s email so they can market to them. If they buy then you (and them) get a cheque for £25. What a great idea!

Unfortunately they seem to have chosen to breach some regulations. To market electronically by email requires prior consent or consideration of the soft opt in option as defined in Section 22 (3) of the Privacy and Electronic Communications (EC Directive) Regulations 2003.

To market by email three conditions should apply.

a) You must have obtained the email address in the course of a sale or negotiations for a sale

b) You should only market similar products

c) You should offer an opt out with every message.

They clearly miss the first one as they have made no sale nor negotiated with your friend. The second one falls by the wayside for the same reason as your friend won’t have bought anything from them, so there is no “similar” test. Finally, we’ll credit them with offering an opt out (although based on their understanding of email marketing so far that’s being generous).

There is a safety valve. If your friend, after being sold down the river does not buy from the company, then their email will never be used by the company. In fact it will be destroyed securely within 30 days. And of course it will never be passed to any other organisation or sold to a list broker.

Unfortunately the company doesn’t offer any of the guarantees in the previous paragraph. They may well do so but they don’t bother with any concept of a fair processing notice. How do you feel about sending your friend’s email to this organisation? If they’re happy to pay £25 to buy an email address that makes a sale what price do they put on a prospect?

I’m not a hacker. I’ve started an online course to learn how to be one. There is no course literature or reading list. The exam which can be taken at any time has one task. “ Your grade is held in a secure area at Hacker’s University. Change it to Pass and email yourself a PDF of your certificate”.

But if I was a hacker I’m sure I could find a way to flood this business that’s trying to buy email addresses with a few long lists of emails. All those on JISCmail data protection list; All people with; I have many lists that people have sent me by accident.

Paul Simpkins is a Director and trainer at Act Now Training Ltd.

No time to attend our PECR courses? Try our on demand PECR webinars. One hour of  learning for only £39 plus vat.

About actnowtraining

Act Now Training Ltd specialise in information law. We have been providing training and consultancy services globally for over 16 years. We have an extensive GDPR and FOI course programme from live and recorded webinars, accredited foundation through to higher level certificate courses delivered throughout the country or at your premises.
This entry was posted in Data Sharing, PECR, Personal Data, Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s