SMS/MMS Direct Marketing

The Court of Rome overthrow Garante’s previous decision on SMS/MMS direct marketing

The Tribunal of Rome has recently issued a controversial decision rejecting Garante’s decision on SMS/MMS direct marketing – regarding the sending of ‘opt-in’ messages to ask for privacy consent to direct marketing communications.

‘Garante’ is the abbreviated name of Garante per la Protezione dei Dati Personali which is the Data Protection Authority in Italy, the counterpart of the ICO in the UK.

As a result, it is now legal, within Italy, for companies to send such ‘opt-in’ text messages as a means to glean permission to send further advertising materials to prospective customers.

At the core of the argument is a marketing campaign carried out by a renowned telecommunications company – Wind Telecomunicazioni S.p.A.- between 2015 and 2016. The drive involved the sending of text messages to clients and prospects to ask for consent to receive future advertising or promotional communications.

In the appealed decision, the Garante determined that Wind had acted in violation of the terms of the Italian Personal Data Protection Code. As a result, the company faced fines and strictly prohibited from any further processing.

However, in an unexpected twist, The Tribunal argued that the stipulation of Article 130 of the Data Protection Code, which requires that users’ permission is mandatory to conduct advertising, market research or direct sales communication did – in this case not apply.

The court ruled that Wind’s activities didn’t fit the criteria of “processing of personal data for marketing purposes”, because there was no promotional or advertising activity. In contrast, Wind’s actions, it was agreed by the courts, comply with the provisions of the Data Protection Code.

Since there was no promotional activity for a commercial product or advertising activity in the stricter sense, on the contrary, by requesting users’ consent, Wind’s actions were deemed complicit with the Data Protection Code. The Tribunal has thus revoked the resolution of the Garante.

The decision has opened a dialogue in regards to the back-shift in legislation and questions have arisen surrounding the possibility of misuse.

One of the key pillars of the GDPR is the ‘consistency mechanism’, meaning that regardless of EU territory the key principles of data protection should apply equally to all citizens and organisations. The decision of the Italian courts flies squarely in the face of decisions made by other data protection Regulators. For example, in 2018 the ICO, the UK regulator fined both FlyBe and Honda for similar practices. As always, the devil is in the detail and some of the emails from FlyBe asking for consent were sent to people who had already opted-out, but nevertheless, much of the processing was, in principle at least, similar to that sent by Wind.

It will be very interesting to see how this influences future decisions as this decision will now need to be taken into account by Regulators when assessing similar cases.

For more detailed legal analysis on this case see the Garante website and OneTrust’s Data Guidance blog.

Please contact the specialists here at The Griffin House Consultancy if you need some specific advice for your business.

Contact us: Call: +44 (0)1673 88 55 33

Email: [email protected]