Note: This advice is given by the CAP Executive about non-broadcast advertising. It does not constitute legal advice. It does not bind CAP, CAP advisory panels or the Advertising Standards Authority.
Referring a friend is essentially a third party data transfer and, according to the Code, carries opt-in and opt-out requirements (dependent on the media). The ASA has not investigated complaints about unsolicited marketing in which the complainant’s data were given to the marketers by a friend but would expect claims that “your friend passed on your details to us” in unsolicited direct mailings to be genuine and verifiable. The ASA would also expect marketers to run the names and contact data they are given against the relevant suppression file. As ever, the burdens for electronic marketing are heavier. The CAP Help Note on Mobile Marketing states “Explicit consent must be given by consumers themselves and not by others on their behalf” (exceptions apply when marketing to children).
For example, if a marketer (‘A’) asks consumers with whom he has legitimate contact (‘B’) for the e-mail address or SMS number of a friend (‘C’), he should satisfy himself that ‘C’ is happy to receive them. ‘A’ should ask ‘B’ to confirm that ‘B’ has the consent of ‘C’. ‘A’ should check ‘C’s’ data have not been suppressed. ‘A’ should be entirely transparent and inform ‘C’ how and when he obtained ‘C’s’ data if requested (from ‘B’). It remains ‘A’s’ responsibility to ensure compliance with the Code.
Under the Code, we understand that it is likely to be acceptable for marketer ‘A’ to ask ‘B’ merely to confirm that he has ‘C’s consent to pass on ‘C’s data to ‘A’, instead of providing evidence of that consent from ‘C’ at the initial stage. ‘A’ cannot incentivise ‘B’ to provide ‘C’s e-mail address or SMS number because that is likely to mean that ‘C’s consent is unlikely to have been freely given.
‘A’ must offer ‘C’ an unsubscribe/opt-out from receiving unsolicited marketing communications via post or telephone and a subscribe or opt-in to receive unsolicited direct marketing via e-mail and or SMS.
Marketers should read the ICO’s Guidance for marketers on the Privacy and Electronic Communications (EC Directive) Regulations 2003 Part 1: Marketing by electronic means which is available from ICO website.
In 2006, a marketer was unable to show that he had complied with the Code’s requirements to obtain explicit consent for e-mail marketing communications. The complainant received an e-mail, from a website reuniting friends, claiming that “a friend” had passed the complainant’s details to the website. But, because the marketer refused to reveal the name of the friend, citing the right to anonymity, the ASA concluded that he had provided no evidence to show that effort had been made to verify the complainant was happy to be contacted (Robert Billington, 1 February 2006).
Last modified : 29 June 2010