Elizabeth de Stadler (@edestadler), a leading specialist in the field of Consumer Law and author of Consumer Law Unlocked, takes a look at the complexities of direct marketing campaigns.
This post was originally published by Novation Consulting (http://www.novcon.co.za).
Direct marketing: Does POPI or the CPA apply?
Both the Protection of Personal Information Bill (POPI) and the Consumer Protection Act (CPA) apply to ‘direct marketing’. This creates considerable confusion as the rules prescribed in each case are slightly different. This note is an attempt at clearing up this confusion, but direct marketing campaigns can be complex and businesses should obtain legal advice to ensure that they comply with the right legislation.
The definitions of ‘direct marketing’ in POPI and the CPA are almost identical. The version in POPI is the following:
‘“Direct marketing” means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of—
(a) promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject; or
(b) requesting the data subject to make a donation of any kind for any reason.’
The strange thing is that the section in POPI which regulates direct marketing (section 69(1)) only applies to electronic communications. This much is clear from the heading of the section (‘[d]irect marketing by means of unsolicited electronic communications’) and section 69(1) which only refers to direct marketing ‘by means of any form of electronic communication’. This is considerably narrower than the definition of direct marketing. By contrast, the CPA applies to all types of direct marketing.
When POPI does not apply, the CPA applies. When they both apply, the act which gives the most protection to the consumer applies (this is not always easy to determine and will depend on the situation). This means that the definition of electronic communications is key in establishing which set of rules will apply. If it is an electronic communication both acts could potentially apply. If it is not an electronic communication only the CPA will apply.
‘Electronic communication’ is also a defined term. It refers to ‘any text, voice, sound or image message sent over an electronic communications network which is stored in the network or in the recipient’s terminal equipment until it is collected by the recipient’. Section 69 refers to ‘any form of electronic communication, including automatic calling machines, facsimile machines, SMSes or e-mail’. The definition of electronic communications is controversial, because it is not clear whether telephone calls, which still account for a large portion of direct marketing campaigns, are ‘electronic communications’ when they are not made by automatic calling machines or are not stored until collected. Here the definition in POPI differs from the definitions of ‘electronic communication’ in the CPA and the Electronic Communications and Transactions Act. The former expressly includes telephonic direct marketing, while the latter also only refers to ‘voice, where the voice is used in an automated transaction’ which is closer to the formulation in POPI. The thing to emphasise here is that electronic communications must be ‘stored’ – either by the network operator or by the device that it gets sent to – before it qualifies as an electronic communication for purposes of POPI. Thus a telephone call that is not stored by the network or the recipient but simply relayed to the end users is not an ‘electronic communication’. However if you wait for a consumer’s answering message service to kick in then it does become an ‘electronic communication’. Even more problematic is that the users themselves can change the nature of the communication by recording the conversation (which is now stored on the terminal equipment and so is considered to be an electronic communication).
What is the difference between the CPA and POPI? If the CPA applies a business can conduct direct marketing until the consumer opts out. POPI, on the other hand, introduces what is referred to as an opt-in system. This means that a business is not allowed to conduct direct marketing unless prior consent is obtained. The business may contact a new customer once to obtain this consent. You do not have to ask for consent if you want to market to existing customers if:
- the business obtained the customer’s contact details in the context of a transaction; AND
- the contact details are used for the purpose of marketing similar products or services to the customer; AND
the customer was given a reasonable opportunity to object to receiving direct marketing, free of charge and without having to go through too much red tape. The reasonable opportunity to object must be given at the time when the contact details are collected AND every time thereafter that marketing material is sent to that customer. In other words, the customer must be given the opportunity to opt out or unsubscribe every time.
The rules regarding consent and how to obtain it for the processing of personal information also apply to direct marketing. In essence, consent must be
- specific; and
The consent to receive direct marketing will have to be in the form prescribed by the Information Regulator. This has not been issued yet. In the meantime businesses should just ensure that the consent is explicit, voluntary, specific and informed. How you ask for consent is very important, because it determines whether you can ever contact that customer again if they say no the first time. If you ask very specific consent and the customer says no, you may be able to ask them again for a different marketing campaign. Businesses should obtain advice on the formulation of requests for consent.
Here is a summary on the application question: All direct marketing activities are regulated by the CPA. The CPA also has provisions that are aimed at protecting the privacy of consumers. POPI and the CPA will apply concurrently where possible, or, if concurrent application is not possible, the act which provides the best protection to consumers will apply. Section 69 and the definition of ‘electronic transactions’ in POPI make it possible to argue that section 69 does not regulate the processing of personal information for the purpose of direct marketing which is not done electronically. So, the only CPA will protect consumer’s privacy in the case of non-electronic direct marketing which may include telephonic direct marketing depending on the interpretation given to ‘electronic communication’. It is probably the case that the opt-in system prescribed by POPI will be more effective in protecting consumers’ right to privacy in most cases, but it is not possible to say that this will always be the case. This means that when the communication is electronic a business should comply with POPI when deciding whether it can or cannot direct market to a person.
Note that the CPA will always apply to the content of the direct marketing and the subsequent transaction regardless of whether POPI applies or not. That is because POPI does not regulate the content of marketing and agreements while the CPA does. This means that if a consumer has a complaint about the content of electronic direct marketing, the consumer must complain to the National Consumer Commission and not the Information Regulator. In addition, electronic communications and the transactions that result from them are governed by certain sections of the Electronic Communications and Transactions Act.
Consumer Law Unlocked by Elizabeth de Stadler provides a comprehensive overview of consumer law – not just the Act – in a way that follows the typical chain of transactions. No business or professional advisor should be without it.
Consumer Law Unlocked is available to purchase at www.siberink.co.za