Direct Marketing – the Ins and Outs

November 1, 2002

Organisations are facing an ever stricter legislative regime governing how they can market to individuals and the media they can use to market. As technology develops, the means by which organisations can market their goods/services have become more sophisticated, expanding from marketing material sent through the post to marketing via phone, fax, e-mail and text messages. However, just as the technology has developed, so too has the legislation governing how these means of communication can be used.

Spamming enables an organisation to send hundreds of thousands of e-mails per hour at very little cost to themselves, which makes this a very attractive alternative to hard-copy mailings for businesses/marketers. The costs of replication, transmission and download are borne by the recipients – either directly, by virtue of the fact they are paying for their Internet connection, or indirectly, because of the cost to the ISPs who then pass on the costs to their subscribers. Spam is becoming a significant issue for ISPs whose servers are being clogged by the volume of spams they are receiving – consuming valuable bandwidth and leading to access, speed and reliability problems. It also impacts on their subscribers, who are faced with copious amounts of often unwanted mail that takes up valuable space on their systems, and which takes time to download and filter. A similar practice and issue is growing around the sending of bulk mobile text messages.

The big debate, however, has centred around whether businesses/marketers should be required to obtain the explicit prior consent (opt-in) of individuals or companies before they can market to them, or whether they should only be required to offer a right to object to receiving such communications (opt-out).

A plethora of legislation has emerged which addresses the use of various media for direct marketing. This article examines the EU and UK legislation that governs how individuals and businesses can market their goods and services, including whether they require opt-in or opt-out consent.

1. Directive 95/46/EC concerning the processing of personal data and the protection of privacy

Directive 95/46/EC governs the activities of ‘data controllers’, who are those persons or entities which control the purposes for which information about people (‘personal data’) is collected and used (‘processed’). Directive 95/46/EC, and the implementing legislation in the UK (the Data Protection Act 1998), require that personal data must be processed fairly and lawfully (Art 6(a); DPA 1998, s4(4)). In order for information to be processed fairly and lawfully (i) there must be a legitimate condition for processing and (ii) the individual to whom the information relates (the ‘data subject’) must be provided with certain information. The only legitimate conditions that are likely to apply in relation to use of someone’s personal data (eg their name, contact details, details of their spending habits, etc) for direct marketing purposes are either: (i) that the consent of the individual to their use of their data for that purpose has been obtained, or (ii) it is in the data controller’s legitimate interests, and does not unfairly prejudice the rights and freedoms of the individual, to use their data in this way. The legislation does not specify whether such consent must be provided on an opt-in or opt-out basis. Many controllers wish to avoid the consent option altogether and instead rely on the legitimate interests condition. However, there is a school of thought which suggests that an individual’s right to avoid being bombarded with unsolicited marketing material is greater than a company’s right to advertise its goods/services. This issue is only likely to be resolved by the courts.

The second aspect of fair and lawful processing is that the following ‘fair processing information’ must be provided to the individual whose data is being processed:

  • the identity of the data controller
  • the purposes for which the individual’s information will be used (eg to market the company’s goods/services)
  • any other relevant information (eg if the information will be disclosed to a third party).

Directive 95/46/EC and the Act also deal specifically with the use of personal data for direct marketing purposes, whereas the above obligations apply to all processing of personal data. Directive 95/46/EC states that individuals have the right to object (free of charge) to the use of their personal data (ie their names, contact details, details of their spending habits, etc) for direct marketing purposes, and to be informed before personal data is disclosed for the first time to third parties or used on their behalf for the purposes of direct marketing (Article 14(b)).

The DPA1998, s11(1) states that an individual is entitled, at any time upon written notice, to require a data controller to cease, or not begin, using their personal data for direct marketing purposes (ie a right to opt-out of receiving direct marketing materials). The Act defines direct marketing as the communication, by any means, of any advertising or marketing material which is directed to particular individuals (s11(3)). This would therefore include sending personally addressed mail, sendinge-mails or text messages to individuals and calling individuals. It is worth noting that the implementing legislation in some other Member States, such as Italy, Germany and Austria, elected to have an opt-in right in relation to direct marketing.

Sanctions

Directive 95/46/EC provides that the Member States must implement enforcement mechanisms and establish sanctions for data controllers who fail to comply with their obligations under the legislation.

In the UK, the Information Commissioner, who enforces the DPA1998, can issue an enforcement notice requiring an infringing data controller to comply with the Act and, if they fail to do so, can impose unlimited fines. The Act also provides that an individual who suffers damage or distress as a result of a breach by a data controller is entitled to compensation from the data controller. In relation to direct marketing, the DPA 1998 also states that an individual can apply to the court for an order requiring the infringing data controller to comply with the individual’s request to cease or not begin using their data for direct marketing. Last year the maximum fine imposed by the Information Commissioner was £5,000. This relatively small amount was far exceeded when ICSTIS (Independent Committee for the Supervisions of Standards of Telephone Information Services), the self-regulatory body for premium rate phone services, levied a £50,000 fine on one of its members, Moby Monkey, in August 2002. Moby Monkey had sent a proliferation of text messages to UK mobile phone subscribers telling them that they had won a £500 prize. ‘Winners’ were invited to call a premium rate phone line only to be informed that the prize was a discount holiday voucher with a number of terms and conditions attached. ICSTIS found several breaches of their code.1

2. Directive 97/66/EC concerning the processing of personal data and the protection of privacy in the telecommunications sector

Directive 97/66/EC contains provisions dealing with the issue of protection of information in the telecommunications sector. It contains specific provisions on the use of telecommunications media to market to individuals (but also requires Member States to protect legal persons under separate legislation). It states that direct marketing by automated calling systems (ie those without human intervention) or fax requires the prior consent of the subscriber (Art 12(1)). That means such subscribers must have opted in to receiving marketing material via these media. It goes on to say (Art 12(2)) that Member States can elect whether opt-in consent or a right to opt-out is required in relation to unsolicited calls for direct marketing purposes using other means (eg calls made by individuals). However, the legislation does not define ‘calls’, and so it is unclear whethere-mails and text messages would be caught. It was due to this uncertainty, and the differences in the way Member States interpreted this provision, that the EU Commission recently drafted a new Directive (2002/58/EC) intended to replace this one, broadening the scope from telecommunications to ‘electronic communications’ (see below).

Directive 97/66/EC was implemented in the UK by the Telecommunications (Data Protection and Privacy) Regulations 1999 (SI 1999/2093). The UK Government chose an opt-out regime in relation to unsolicited calls by means other than fax or automated calling systems (reg 25(2)). In accordance with the Directive, prior consent is required to use automated calling systems to make unsolicited calls to individual or corporate subscribers (reg 22(2)) or to send unsolicited faxes to individuals (reg 24(2)). However, unsolicited faxes can be sent to corporate subscribers provided they have not previously opted-out of receiving such communications via that fax line and provided that the fax number has not been registered on the Fax Preference Service for more than 28 days.

DTI has issued guidance stating that the Information Commissioner considers mobile text messages to be ‘calls’ for the purpose of these Regulations.2 However, it is unclear whethere-mails also constitute ‘calls’. It is likely that they are not covered and are only governed by the DPA 1998. Either way, it seems that at present such media can be used for direct marketing purposes provided that a right to opt-out is provided (although it is not clear whether there is an obligation to consult the E-mail Preference Service register).

The Fax, Telephone, E-mail and Mail Preference Services are run by the Direct Marketing Association. Consumers can register their fax and telephone numbers, e-mail and geographic addresses respectively, the system then cross-checks lists of numbers/addresses sent by businesses and suppresses the numbers/addresses of those who are listed on the register. Companies can voluntarily check their lists against the register, and others are required by law to consult and respect these registers. Individuals register with these services free of charge.3

The Regulations also state that billing data may only be used by telecommunications services providers for the purpose of marketing their services if the subscriber concerned has given consent (reg 8).

Although corporate subscribers are unable to register with the Telephone Preference Service, they are offered protection under the Telecommunications Act 1984, which provides that anyone running a telecommunications system in the UK under a class licence is required to cease using the telecommunications system to make calls to sell their products on receipt of a written request from a subscriber to do so. If further calls from the same person are received subscribers can take the matter up with Oftel.

Sanctions

Directive 97/66/EC requires Member States to provide for judicial remedies and impose appropriate sanctions. Any person who suffers damage as a result of any contravention of the Regulations is entitled to compensation (SI 1999/2093, reg 35(1)). The Regulations also allow the Information Commissioner to use her enforcement functions in respect of contraventions or alleged contraventions (including issuing enforcement notices and imposing unlimited fines in accordance with the DPA 1998).4

The penalties for contravention of the respective implementing legislation in other Member States can be far greater. In Italy, for example, businesses making unsolicited communications via phone, fax or e-mail without prior consent are liable to a fine of over e5,000. In Portugal the fines can amount to e30,000 and in Spain the punishment for unsolicitede-mail communication can result in fines of up to e150,000.

3. Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector

Directive 2002/58/EC will repeal and replace the Telecommunications Data Protection Directive. It was adopted on 12 July 2002 but does not have to be implemented by Member States until October 2003. The DTI has said that it will launch a public consultation on how to implement the Directive in the UK in January 2003. The Directive aims to use technology neutral language to cover both existing means of communication and other methods that may be developed in the future. It deals specifically with unsolicited communications.

The Directive provides that the use of automated calling systems, faxes and electronic mail for the purpose of direct marketing is only allowed in respect of subscribers who have given their prior consent (Art 13(1)). Electronic mail is defined in the Directive to mean any text, voice, sound or image message sent over a public communications network which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient (Art 2(h)), and therefore includes text messages.

There is an exception in respect of the use of electronic mail to market to customers whose details have been obtained by an organisation in the context of the sale of a product or service (provided this information has been obtained fairly and lawfully in accordance with Directive 95/46/EC) to market its own similar products/services, and provided that the customers were clearly and distinctly given the opportunity to object free of charge and in an easy manner to the use of such contact details when they were collected and with each marketing message (Art 13(2)). This means giving customers a right to opt-out of the use of their electronic details for marketing purposes (eg a box they can tick to opt-out on an online order form). This carve out is obviously quite narrow because: (i) it applies only to electronic contact details obtained in the context of a genuine prior ‘sale of a product or service’, and so would not apply to people who have given their details to register for a free gift; (ii) only the person/entity which collected the details initially can use the details for marketing purposes, and so they cannot be used by group companies; and (iii) the details can be only used to market ‘similar’ products or services – as yet there has been no guidance as to what ‘similar’ means in this context.

It is interesting that the Directive mainly refers to ‘subscribers’ in the context of the type of consent that is required to send unsolicited communications. However, in relation to the carve out for electronic contact details acquired during a prior sale, the Directive refers to ‘customers’. This has led many commentators to argue that this was a deliberate choice of terminology by the EU Commission. They argue that, in many employer/employee situations, the employer, rather than the employee, will be the ‘subscriber’ as they will be the party that has contracted with the communications service provider. This would mean that employers would be able to send unsolicited communications to their employees, and other entities would be able to market to them similarly, without being in contravention of the Directive, as the employees would not be subscribers in that context and would not benefit from the provisions of the Directive. The validity of this argument is unclear as the Directive does not define ‘subscriber’. However it does define a ‘user’ as ‘any natural person using a publicly available electronic communications service, for private or business purposes, without necessarily having subscribed to this service’ (Art 2(a)). The fact that the term ‘user’ was not used in the article dealing with unsolicited communications is therefore, arguably, deliberate.

The Directive provides that Member States can elect whether unsolicited marketing communications to subscribers via other electronic communications media require opt-in consent or whether a right to opt-out is sufficient. The UK Government has not indicated which option it will choose.

The Directive prohibits e-mails for marketing purposes which disguise or conceal the identity of the sender on whose behalf the communication is made, or which do not contain a valid address to which the recipient can notify its opt-out preference (Art 13(4)). This provision was included due to the increasing practice of spammers masking their identity in e-mails or deliberately making it appear to the recipient as though the e-mail has been sent by a third party (‘spoofing’). However, a vast amount of spam originates from outside the EU, so this Directive may not be effective in combating the current problems caused by spam.

4. Directive 2000/31/EC on certain legal aspects of information society services, in particular, electronic commerce, in the Internal Market (the ‘E-commerce Directive’)

This Directive applies to information society services, defined as services provided for remuneration at a distance by means of electronic equipment and at the individual’s request. The Directive specifically states that information society services (ISS) include commercial communications, which are in turn defined as any form of communication designed to promote, directly or indirectly, the goods, services or image of a company, organisation or person pursuing a commercial activity or exercising a regulated profession (Art 2(d)).

ISS providers are required to provide (easily, directly and in a permanently accessible form) to the recipients of the service the following information:

  • their name, geographic address, e-mail address and VAT number; and
  • any trade register in which the service provider is registered and his registration number.

Additional information must be provided where the service provider is a member of a regulated profession or where the activity is subject to an authorisation scheme.

Where direct marketing is being aimed at individuals using their personal data (eg their name and contact details) then much of this information is required as part of the fair processing information under the data protection legislation (see Directive 95/46/EC and the Act, Directive 97/66/EC and the Regulations and Directive 2002/58/EC).

Commercial communications which form part of an information society service must also:

  • be clearly identifiable as commercial communications;
  • clearly identify on whose behalf the communication is made; and
  • clearly identify any promotional offers, competitions and games, and the conditions for participation (Art 6).

The Directive does not address the issue of whether consent is needed to send commercial communications, as this is dealt with in the data protection legislation. However, it does state that if the national laws of Member States permit the sending of unsolicited electronic mails for commercial purposes then the implementing legislation should ensure that such unsolicited mails shall be clearly and unambiguously identified as such (ie as unsolicited marketing material) as soon as they are received by the recipient (Art 7(1)). There has been no guidance as to what ‘clearly and unambiguously identified as such’ means.5 It is also unclear whether ‘electronic mail’ includes text messages, although it is likely to.

The Directive also requires service providers sending unsolicited commercial communications by electronic mail to consult regularly and to respect the opt-out registers (Art 7(2)). The Recitals state that unsolicited commercial communications by electronic mail should not result in additional communications costs for the recipient (Recital 30), but this has not been stated specifically in the Articles.

The Directive was implemented in the UK by the Electronic Commerce (EC Directive) Regulations 2000 (SI 2002/2013), which came into force on 21 August 2002. TheE-Commerce Regulations do not deviate in any substantial way from the Directive in relation to commercial communications. However, the guidance issued by the DTI in relation to these Regulations makes it clear that text messages do not fall within the definition of electronic mails.6 The guidance further states that existing industry self-regulation already provides recipients of unsolicited commercial communications by electronice-mail with effective protection (and further protection will be added when Directive 2002/58/EC is implemented), and as such the Regulations do not require service providers who send commercial communications via e-mail to consult relevant preference services.7

Sanctions

The Directive requires Member States to ensure that court actions under their implementing legislation allow for the rapid adoption of measures, including interim measures, designed to terminate any alleged infringement (Art 18). Member States are also required to provide effective, proportionate and dissuasive sanctions which are enforced (Art 20).

In the UK, contravention of the E-Commerce Regulations can lead to an action for breach of statutory duty (reg 13).

5. Directive 97/7/EC on the protection of consumers in respect of distance selling

This Directive regulates the use of distance communications, which are communications without the simultaneous presence of the supplier and the consumer used to conclude a contract between those parties, and include addressed/unaddressed printed matter, standard letters, telephone calls with human intervention, telephone calls made by automated calling systems, videotext, e-mail, and fax. The Directive applies only to distance communications from suppliers to consumers. A supplier is any natural or legal person who is contracting in his commercial or professional capacity, and a consumer is a natural person who is contracting for purposes outside his business, trade or profession.

The Directive does not apply to contracts relating to financial services. However, the EU Commission is working on a proposed Directive dealing specifically with distance selling in the financial services market (see below).

The Distance Selling Directive prohibits the use of automated calling systems and faxes as a means of distance communication without the prior consent of the consumer (Art 12(1)). Other means of distance communication which allow individual communication can be used only where there is no clear objection from the consumer (Art 10(2)).

The Directive was implemented in the UK by the Consumer Distance Protection (Distance Selling) Regulations 2000 (SI 2000/2334). However, these implementing Regulations do not contain any equivalent references to rights to opt-in/out.

Sanctions

Under the Directive Member States are required to ensure that adequate and effective means exist to ensure compliance with the Directive (Art 12(1)). There are no applicable sanctions in the Regulations because they do not deal with unsolicited communications.

6. Proposed EC Directive concerning the distance marketing of consumer financial services and amending Directives 97/7/EC and 98/27/EC

This proposed Directive contains provisions relating to unsolicited communications relating to financial services. It mirrors the prohibition contained in Directive 97/7/EC relating to the use by suppliers of distance communications via automated calling systems and faxes without the prior consent of the consumer (Art 10(1)). Suppliers and consumers have the same meaning as under Directive 97/7/EC. In relation to distance communications via other means, the proposed Directive permits such communications provided that the consent of the consumers has been contained or the consumer has not expressed his manifest objection (ie opt-in consent or an opt-out right) (Art 10(2)). The Directive further states that neither measure should entail costs for consumers.

Where the distance communication is via telephone, the identity of the supplier and the commercial purpose of the call must be made explicitly clear at the beginning of any conversation with the consumer (Art 10(4)).

The UK has not given any indication of how it will implement this Directive as the Directive is still in draft form.

Sanctions

The Directive provides that Member States must provide for appropriate penalties in the event of a supplier’s failure to comply with its provisions relating to unsolicited communications, and suggests one such penalty would be the right for consumers to cancel the contract at any time, free of charge and without penalties (Art 10(5)).

7. Opt-in or Opt-out?

If companies choose the opt-in approach, the fundamental difficulty that they face is how to contact individuals in the first instance without breaching the principle of permission-based marketing. One suggested solution to this problem is to send out a non-marketing communication which introduces the company and requests consent to send marketing materials. However, such a communication would certainly constitute an unsolicited commercial communication for the purposes of the E-Commerce Regulations and would, therefore, have to be identifiable as such as soon as received by the recipient. It is also uncertain as to whether such a communication would also be regarded as constituting a form of direct marketing by the regulators.

UK companies have traditionally tended towards using opt-out wording in relation to direct marketing. However, companies have recently been looking increasingly favourably at the opt-in approach for a number of reasons. When the UK implements Directive 2002/58/EC next year, opt-in consent will be necessary for all direct marketing by e-mail to new customers. With increasing control and regulation in this sphere, adopting the opt-in approach sooner rather than later is the easiest way to ensure compliance with legal obligations. In addition, targeted marketing directed at customers who have expressed an interest in receiving marketing materials is likely to achieve a higher investment return and is more likely to develop into an ongoing service relationship rather than a short-term marketing relationship. Companies may also wish to be disassociated from the recent bad press in relation to ‘spamming’.

Summary

A table summarising the various provisions described above is set out below.

Marly Didizian and Suzanne Rodway are solicitors in the IT and Communication Department at Linklaters.

Endnotes

1. ICSTIS received over 200 complaints from mobile users about Moby Monkey. Some individuals received more than 40 versions of the message – many of which were delivered through the night. The messages were sent indiscriminately to both children and adults, as well as to corporate mobile phone users who, in calling the premium rate number, typically breached the terms of use of their corporate mobile phones.

ICSTIS found five breaches of their code, in particular:

(i) the text messages were seriously misleading;

(ii) the premium rate phone line was advertised in an inappropriate manner;

(iii) the text messages took unfair advantage of the consumer;

(iv) the text messages encouraged unauthorised use by corporate users of their mobile phone; and

(v) the premium rate phone line used unreasonable delay in providing important information in order to increase the average spend of those calling the phone line. Moby Monkey are obliged to pay ICSTIS the £50,000 fine. Failure to pay this amount may result in ICSTIS writing to the relevant network operator to request that it withhold and pass over to ICSTIS the sum(s) due in terms of the fine from the payments outstanding under the contract between the network operator and the service provider (in this case, Moby Monkey). This power is given to ICSTIS by their Code of Practice March 2002 (section 6.7.2(d)). Other powers that are available under the Code include the ability to bar Moby Monkey access to some or all of the numbers allocated to them. This bar can be final or for a defined period.

2. A guide for Business to the Electronic Commerce (EC Directive) Regulations 2002 (SI 2002/2013), DTI 31 July 2002, p.20.

3. More information about preference services is available on the DMA Web site at http://www.dmaconsumers.org/consumerassistance.html.

4. The Information Commissioner recently issued enforcement notices against Planet Telecom PLC, 192enquiries.com and their directors for sending unsolicited faxes in contravention of the Regulations. She received hundreds of complaints, from individuals complaining about the cost to them of receiving unsolicited faxes (eg costs of replacing wasted paper, toner, etc). The companies have not appealed the enforcement notice to the Information Tribunal. The Information Commission has said ‘I am now looking at enforcement reports relating to a number of other companies who market by fax’.

5. The DTI Guidance on the Ecommerce Directive simply states that there is no guidance as to what this means – A guide for Business to the Electronic Commerce (EC Directive) Regulations 2002 (SI 2002/2013), DTI 31 July 2002, p.20.

6. A guide for Business to the Electronic Commerce (EC Directive) Regulations 2002 (SI 2002/2013), DTI 31 July 2002, p.20.

7. Ibid, para 5.13.

Overview of Direct Marketing in EU and UK Legislation prepared by Marly Didizian and Suzanne Rodway of Linklaters

Automated Person Fax Mail E-mail Text Sanctions for

Calling Calling (Addressed) Messages non-compliance

Data Protection Directive (95/46/EC)

Right for individuals to opt-out.

Right for individuals to opt-out.

Right for individuals to opt-out.

Right for individuals to opt-out.

Right for individuals to opt-out.

Right for individuals to opt-out.

Member States to provide for judicial remedies and impose appropriate sanctions.

Data Protection Act 1998

Right for individuals to opt-out.

Right for individuals to opt-out.

Right for individuals to opt-out.

Right for individuals to opt-out.

Right for individuals to opt-out.

Right for individuals to opt-out.

Potentially unlimited fines for non-compliance with enforcement notices. Compensation for data subjects.

Telecommunications (Data Protection) Regulations
(SI 1999 No. 2093)

Requires individuals to opt-in.

Opt-in consent of individuals or right of individuals to opt-out to be determined by Member States.

Requires individuals to opt-in.

n/a

Unclear whether the Directive covers
e-mails.

Unclear whether the Directive covers text messages.

Member States to provide for judicial remedies and impose appropriate sanctions.

Telecommunications (Data Protection)
(SI 1999 No. 2093)

Requires opt-in consent of individual or corporate subscriber.

Subscribers have the right to opt-out and the Telephone Preference Service register must be consulted and respected.

Requires opt-in consent of individual subscriber. Corporate subscribers have the right to opt-out and the Fax Preference Service register must be consulted and respected.

n/a

Unclear as to whether e-mails are ‘calls’ for the purposes of the Regulations.

Subscribers have the right to opt-out and the Telephone Preference Service register must be consulted and respected.

Potentially unlimited fines for non-compliance with enforcement notices. Compensation for data subjects.

E-Commerce Sector Data Protection Direction (2002/58/EC)

Requires subscriber’s prior opt-in consent.

Opt-in or opt-out consent of subscribers to be determined by Member States.

Requires subscriber’s prior opt-in consent.

n/a

Requires individual’s prior opt-in consent – except in relation to marketing similar goods/services to prior customers where a right to opt-out is sufficient.

Requires individual’s prior opt-in consent – except in relation to marketing similar goods/services to prior customers where a right to opt-out is sufficient.

Member States to provide for judicial remedies and impose appropriate sanctions.

E-Commerce Directive (2000/31/EC)

n/a

n/a

n/a

n/a

Service Providers to ensure that unsolicited commercial communications are clearly identifiable as such and to consult and respect opt-out registers.

Not clear whether text messages count as electronic mail – but likely to be the same as for e-mail.

Member States to adopt effective, proportionate and dissuasive sanctions.

E-Commerce Regulations
(SI 2002 No. 2013)

n/a

n/a

n/a

n/a

Service Providers to ensure that unsolicited commercial communications are clearly identifiable as such (Regulation 8).

n/a

Contravention of the regulations can lead to an action for breach of statutory duty.

Distance Selling Directive (97/7/EC)

Requires consumer’s opt-in consent.

Consumers have a right to opt-out.

Requires consumer’s opt-in consent.

Consumers have a right to opt-out.

Consumers have a right to opt-out.

Unclear whether
e-mail would include text messages, but it is likely it would – therefore same as for e-mail.

Member States are to ensure that adequate and effective means exist to ensure compliance.

Consumer Protection (Distance Selling) Regulations
(SI 2000 No. 2334)

n/a

n/a

n/a

n/a

n/a

n/a

n/a

Proposed Distance Selling in Financial Services Directive

Requires consumer’s opt-in consent.

Opt-in consent or a right to opt-out identity of the supplier and the commercial purpose of the call should be made explicitly clear at the beginning of the conversation with the consumer.

Requires consumer’s opt-in consent.

Opt-in consent or a right to opt-out.

Opt-in consent or a right to opt-out.

Opt-in consent or a right to opt-out.

Member States to provide for appropriate penalties (eg the right for consumers to cancel the contract at any time, free of charge and without penalties).