I am, once again, getting more spam. Someone must have put my email on some mailing list. This is a pain in the arse, takes up my time, and so effectively has a cost to me.
There are two rules covering this, one (as it is my name in the email address) is GDPR, and one is The Privacy and Electronic Communications (EC Directive) Regulations 2003 which covers spam, basically.
GDPR is a problem as it has all sorts of exceptions and is rather subtle in how it works, and can be argued in various ways, notably that handling my "personal information" is in "legitimate interests", and the like.
But The Privacy and Electronic Communications (EC Directive) Regulations 2003 are pretty simple in most ways, they ban unsolicited marketing calls, fax, and emails. Simples.
They have two big issues though.
The PECR allows me to claim damages as a civil case (sue them), but I have no way to show "damages". The regulations would massively benefit from a nominal sum that I can claim without proving tangible damages, e.g. £40 like the late payment of commercial debts regulations. Yes, if I can show more, then great, but a nominal base value would be idea. Cases would not have to go to court, I can claim the amount and nobody sending spam would be daft enough not to cough up, well, not a second time anyway once it has gone to court. Sadly without this the case can be (and was on one occasion) thrown out as no way to show actual tangible costs/damages from receiving spam.
Of course the ICO should act on such things, but they too are inept. A nominal cost allowed in civil cases would be way more effective, and something the government should consider when making the post brexit version of this law.
The other problem is that spamming "commercial" email addresses is allowed!
Why the fuck is that the case? At the end of the day a real person is on the end of these emails, even if they work in an office, and they are a nuisance to all. Arguably a business has more tangible losses as they pay someone for their time handling such spam. But that is the way it is.
The problem is how you define "individual" or "corporate", and that has always been an issue. I am pretty sure the ICO used to be a bit bad at this, but it seems the latest guidance from them is actually in line with the regulations, to my shock.
Specifically they say
"The marketing rules in PECR refer to “subscribers”. For example, this means the customer named on the bill for a telephone line or internet connection. There are two type of subscribers in PECR - corporate and individual."
This is in line with the regulations. The distinction between individual and corporate subscriber is a matter of the contract for the internet connection for the delivery of the email.
Usually, for an employee, in an office, the contract is between the company and their ISP. So a corporate subscriber, and not covered by PECR for spam.
But it gets interesting when people are working from home. Which contract applies. Which internet connection applies? Those home workers may be contracting for their internet connection as individuals, and then receiving that (corporate) email over that connection. Does that make them "individual subscribers".
At what point is the email "delivered" to them, or to "the email address"? and is it over their personal internet access, even if read from their office mail server. What if they read the email at the office, and later read it again at home or on their mobile? Was it delivered to an individual subscriber or a corporate subscriber or both?
For me I have made its easier. I contract with A&A for the A&A domain, email services, and my home internet access, as an individual. Indeed, I am even billed personally (albeit a nominal amount) for "Internet connection used for delivery of email to all @aa.net.uk addresses". I pay personally for all of the A&A email services, and for the domain, and whatever internet connection is used to deliver that email. So in my case all email to any A&A "business" email address is clearly delivered under a contract with an "individual subscriber", and so is subject to PECR.
The argument from some muppet insisting that as an employee I am not an individual subscriber seems to have gone quiet when I explained that. We will see.
At the end of the day any business, no matter how big, could have one of its directors contracted and invoiced personally for all business email at £1/month, making all that email subject to PECR if they want, and allowing them to sue, personally, for every spam the company gets.
The moral of the story is don't send unsolicited marketing emails. At all. Ever. Simple as that!
PECR is retained EU law, so as soon as some minister's mates persuade them it's anti business that law will be gone. The minister won't see the problem, because they're both rich and technologically hopeless so have people to read their email and delete spam for them.ReplyDelete
I've seen no sign the present government care any more about businesses than they do about the freedom of individuals. If they wanted to attract or retain businesses in the UK they wouldn't be increasing corporation tax and burying companies under mountains of mandatory political virtue-signalling like diversity statements and gender pay gap reports.Delete
The only thing this government has ever done is impose more and more restrictions on everything and everyone, and there is no reason to believe that the next Labour government will be any better.
If your company is "buried" by submitting some payroll data through a web form once a year, you have bigger problemsDelete
What they're actually burying them under is export paperwork, of course... preferentially crushing smaller businesses rather than the bigger ones that the ministers' mates mostly make their money from.Delete