In 2021, we had already realized a live with Melanie on the subject "Non-opt-in customers: how do you talk to them?". This live had been a great success, so we renewed the experience on Thursday, September 8, 2022 with questions of current events and others more standard ;-).
Mélanie is an IT/Personal Data Lawyer, she is also DPO. She works in the fields of digital and intellectual property in retail (E-commerce, computer contracts, personal data, creation, protection and management of intellectual property rights, advertising and sales promotion).
The issues that were addressed
Below are the questions that were discussed. If you do not find the answers to your concerns, please do not hesitate to contact us. ESPECIALLY NOT to us send an emailWe will be happy to answer them in a future legal live.
Is it legally possible to unsubscribe contacts who have not clearly expressed their wish to be unsubscribed from a newsletter?
So, the law does not cover all cases ;-) The RGPD mainly contains general principles that must be interpreted. So we will not find in the RGPD an answer to this specific case. Nevertheless, the answer to this question will be "Yes, most certainly! It is even a good marketing practice to stop communicating with people who no longer open or click on emails. So you can safely move them to unsubscribed status. And it is very unlikely that a contact will complain because they no longer receive newsletters from a brand ;-).
Can we legally rewrite a syntactically incorrect email address ourselves?
Again, there is no answer in the GDPR to this case. There is a notion of risk that the advertiser dares to take or not. If he is in a zero risk logic, then he does nothing, he does not touch the collected data. But here, we are rather in the legitimate interest of the person, so the risk is minimal. An advertiser doesn't risk much to rectify an email address that is incorrect because they forgot an a in gmil.com
Can the advertiser be held responsible if it has inserted an autologin link in a newsletter that has led to a hacking (security breach)?
Yes, a data controller (i.e. an advertiser) is obliged to ensure the security of customer data.
In the case of a site published by a white label partner, how should the brand approach the question of opt-in in relation to its own site?
Listen to the replay because the answer is too complicated to write ;-)
If I offer other spaces to collect an opt-in (example: contest form), but the person is already known as an opt-in, am I obliged to unsubscribe them if they do not check "subscribe to the newsletter" on the contest form?
Absolutely not. The advertiser has proof of consent for the 1st opt-in. Not checking a box is not equivalent to unsubscribing.
If my customer is a buyer but not a subscriber to my communications, can I send them a marketing email?
Yes! If it has date of last purchase is less than 3 years. I invite you to review or listen again to the "Non opt-in customers: how to communicate?.
If my customer has not opened any email for more than 3 years but has made a purchase this year, am I obliged to apply the right to be forgotten and delete him from my database?
The right to be forgotten is not. Neither does deleting him from your database, since you had a last interaction with him (the purchase) less than 3 years ago. On the other hand, it is important to remember that opening an email is not considered as an interaction. The following are considered as interaction: click in an email and purchase. So the question should have been " If my customer has not clicked on any email for more than 3 years but has made a purchase this year, am I obliged to apply the right to be forgotten and delete him from my database? "The answer is no, legally you can communicate with him. But from a good practice point of view, if there are no clicks observed, it means that he is not interested in the email channel, so there is no point in communicating with him via this channel...
One day soon, will we need a special opt-in to be able to track the opening and clicks of our contacts?
Following the lunch with the CNIL (Commission nationale de l'informatique et des libertés) organized by DMA France (Data & Marketing Association France, ex-SNCD), the opening pixels are considered as tracers in the sense of the cookie directive. Consent is therefore required. In this context, it is essential to prepare for the progressive disappearance of the opening metric.
-> Question: Should we expect to be required to ask for an opening consent? and a click consent?
Certainly, but not immediately. In fact, this question has been on people's minds for several years. It has been put back on the table recently following the consent cookies requested since about 18 months on websites. A working group is going to be created, it can't be decided just like that because it implies other things, but it is to be expected. After that, we don't know yet how it will be set up in concrete terms.
Can we file a complaint against an emailing if the message goes against the objectives that France has set in terms of sustainable development?
We don't talk about it much, but there are rules in the advertising world. The advertising deontology jury has already received a complaint from ADEME (the French environment agency) against an advertisement (here a bus shelter insert) whose message did not respect the objectives set for sustainable development. Indeed, according to ADEME : "An advertisement must avoid conveying a message that is contrary to the commonly accepted principles of sustainable development". "Advertising must not directly or indirectly encourage excessive consumption patterns".
-> Question: can we file a complaint against an emailing if the message is contrary to the objective of reducing CO2 emissions in France?
Yes, and you can see many complaints about advertising emails on the site of the advertising ethics jury. Beyond the channel, it is the message that is judged. It is therefore necessary to be very vigilant about the content of the emails, both on the advertiser's side, who validates the proofreading, and on the agency's side (if the writing is outsourced, for example).
Within the framework of the "climate contract", which good practices and measurement indicators in emailing should be taken into account by the companies involved?
The Citizens' Climate Convention had proposed a ban on advertising for products that emit the most greenhouse gases. The bill to combat climate change aims to ban fossil fuel advertising. However, a large part of the economy of this sector relies on these advertisers (automobile, for example). In this context, the government has opted for the formalization by voluntary companies of a climate contract. This climate contract consists in listing the commitments made by the company towards responsible advertising.
-> What types of commitments are included in these "climate contracts"? In emailing, which measurement indicators would allow to control these climate contracts?
We will mainly find commitments on the number of newsletters with "responsible" content. So in the editorial planning, we used to find a typology of newsletters and promotional emails. We will most certainly have an "Eco-Responsible" typology that will have to be accounted for when these climate contracts are audited.
Melanie Defoort Mélanie is an IT/Personal Data Lawyer, she is also DPO. She works in the fields of digital and intellectual property in retail (E-commerce, computer contracts, personal data, creation, protection and management of intellectual property rights, advertising and sales promotion). In short, she knows a lot about it. If you are curious, you can go and see her LinkedIn profile.
Marion Duchatelet She advises Badsender's clients in their emailing strategy and in the choice of their tools. She organizes master template design workshops for LePatron email builder. She writes articles, hosts live shows, does training with Badsender but not only that, she jumps on all good ideas to make sure they become reality. She never gives up, never! She wants to understand everything, EVERYTHING!