Last Updated March 28, 2019

Law and Practice

Contributed By Vondst Advocaten N V

Authors



Vondst Advocaten N V is an Amsterdam-based boutique law firm that focuses exclusively on contentious intellectual property, pharmaceuticals and life sciences, IT and privacy. The data protection team advises and litigates in both national and international matters relating to data protection. In addition, they frequently lecture and publish on data protection.

Based on recital (47) of the GDPR, the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest. Direct marketing generally refers to any form of advertising by which a natural or legal person sends direct marketing communications directly to one or more identified or identifiable end users using electronic communications services. In addition to the offering of products and services for commercial purposes, this also includes messages sent by political parties and other non-profit organisations to support the purpose of the organisation.

Where personal data are processed for the purposes of direct marketing, the data subject should have the right to object to such processing, including profiling to the extent that it is related to such direct marketing, whether with regard to initial or further processing, at any time and free of charge. That right should be explicitly brought to the attention of the data subject and presented clearly and separately from any other information.

General rules for direct marketing may be found in the GDPR. The data subject has a right to object to the processing of his or her personal data for direct marketing purposes, without any justification being necessary. Furthermore, the data subject must be informed of his or her right to object to any direct marketing communication.

With regard to direct marketing by means of telecommunication and the use of cookies and similar techniques, the Dutch Telecommunications Act provides for detailed regulation via the implementation of the e-Privacy Directive. The Directive will be replaced by the e-Privacy Regulation within the next few years. Moreover, in January 2015, the AP published a manual explaining how to set up Google analytics in a privacy-friendly way. This set-up enables data controllers to use the tool without having to obtain consent on their websites to place the Google analytics cookie.

The Dutch Telecommunications Act provides for an opt-in regime (which basically requires consent) for marketing via email, SMS and similar techniques. It is allowed to send unsolicited communications to customers when the contact details have been obtained in the context of the sale of a product or a service, the message relates to its own similar products or services and the customer has been given an opportunity to object, free of charge and in an easy manner. If the customer does not object to the initial collection of its electronic contact details, the customer should be given the possibility to object in each message sent.

Specific rules apply to promotional telephone calls. These rules provide for an opt-out regime, but require a mandatory check of the do-not-call register.

The Dutch Telecommunications Act also provides for rules regarding the use of cookies and similar techniques. In general, the use of cookies that are strictly necessary to provide the requested services, to carry out the transmission of electronic communication over an electronic communications network, or to gather information on the quality or effectiveness of the services provided (with no or minor consequences to the end user’s privacy) are allowed. However, the use of other cookies such as tracking cookies, cookies for behavioural targeting and device fingerprinting require consent and end users need to be informed properly in advance in order to give consent.

The AP has published its position on direct marketing and the use of cookies on its website. In 2015, the AP investigated wi-fi tracking technology in shops and on public roads provided by Bluetrace. In short, the AP decided that by way of wi-fi tracking, unique MAC addresses of mobile devices were being collected that, combined with information concerning location, date and time of registration, could be considered personal data. It even involved processing of personal data of a sensitive nature, ie, location data of individuals. Hashing of the MAC addresses does not lead to the conclusion that they are no longer personal data.

Vondst Advocaten N V

Jacob Obrechtstraat 56
1071 KN Amsterdam

+31 20 504 20 00

+31 20 504 20 10

info@vondst.com www.vondst.com
Author Business Card

Authors



Vondst Advocaten N V is an Amsterdam-based boutique law firm that focuses exclusively on contentious intellectual property, pharmaceuticals and life sciences, IT and privacy. The data protection team advises and litigates in both national and international matters relating to data protection. In addition, they frequently lecture and publish on data protection.

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.