SMS spam: is there a right to be left alone?
If you have a mobile phone in Georgia, you probably receive several advertising SMS messages per week, maybe even several messages per day. These messages are often sent to promote various products and services by companies you have never heard of or have never done business with – and which you have never explicitly allowed to send you messages. In Georgia, consumers have no option to stop being bombarded with spam advertising messages by opting out for this service.
Advertisers – mostly retailers, banks and healthcare providers – continue to send spam SMS because people see the message, even if we are terribly annoyed by them because the messages are intrusive and disrupt our everyday activities. SMS bulk messages are cheap: Sending one message only costs the advertiser between 2 and 4 Tetri.
Being sent unsolicited messages is an infringement of what former US Supreme Court Justice Louis Brandeis once described as the right to be left alone. While this intrusive form of advertising remains largely unregulated in Georgia, most countries in Europe and overseas have already introduced anti-spam legislation that prohibits or at least regulates spamming and direct marketing via telephone, e-mail, SMS or MMS.
It remains unclear how mobile marketing agencies get the phone numbers of subscribers. Two of the companies specializing on SMS advertising, Paradox Georgia and GeoSMS, told TI Georgia that they are in possession of large databases including several million data sets of Georgian mobile phone numbers and possess data including the owner’s age, sex and address. Some companies even offer an option to target certain audiences according to expenditures on mobile communications. Neither Paradox Georgia nor GeoSMS wanted to disclose how they received this data. Mobile operators told TI Georgia that they are not selling or sharing the numbers of their clients or other data about their customers with other companies.
Anti-spam regulations in Georgia
The launch of a new government office – the personal data inspectorate, which is currently in the process of creation – might have a significant impact on SMS advertising. Once the personal data inspectorate is operational, consumers will be able to file complaints if they believe their personal data is not collected, stored and used in line with the Law on Personal Data Protection. The inspectorate will then be able to investigate if private or public legal entities are fully complying with the law. But only from 2016, when the law is fully enforced, the personal data inspector will be able to impose fines for violations.
After the setup of the personal data inspector’s office is finalized in the coming months, Parliament, following consultations with the GNCC and the Inspector, should consider a possible introduction of anti-spam legislation that would allow customers to opt out from receiving unwanted advertising messages.
What is anti-spam regulation?
Anti-spam regulations usually allow electronic direct marketing in the case of an “opt-in” by the consumer, meaning person subscribes to receive such information or agrees to receive messages. But even in case of “opt-in” a person should be given an easy and immediate way to unsubscribe, to “opt-out”.
The rules are enshrined either in a country's data protection regulation or separate anti-spam acts are adopted. A Data Protection Commissioner, often together with the telecommunications regulator, are usually the agencies responsible for monitoring compliance of people and companies with anti-spam regulation.
Here are examples for anti-spam regulation in Western European countries
(Based on analysis from the subscription-only website gettingthedealthrough.com)
The EU Directive on privacy and electronic communication (2002) applies to spam messages and sets a basic requirement across the 28 EU member states. Users must give their prior consent before such communications are addressed to them. However, exceptions are provided.
The Privacy and Electronic Communications Regulations (2011) prohibits unsolicited communications in line with the EU regulatory framework. Unsolicited communications by telephone (including automated calling machines) or by fax are prohibited unless prior consent has been received from the recipient. Similarly, unsolicited communications by electronic means (e-mail, text message, picture and video) are prohibited unless prior consent from the recipient has been received, except for existing supplier-customer relationships, where the customer must still be given an easy opportunity to opt out with each message.
The enforcement of these provisions is under the responsibility of the Information Commissioner, however considering that several issues relating to spam also concerns consumer protection and trade, the Office of Fair Trading is also active in this field, in particular on the subject of online scams.
The Telecoms Act of 2003 contains a general and explicit prohibition against unsolicited calls. Electronic communication and messages, including SMS, are prohibited unless the recipient has given prior consent (strict ‘opt-in’). In case of the direct marketing the consumer has clearly and distinctly been given the opportunity to object, free of charge and in an easy manner, to the use of the electronic contact details for such purposes.
Unsolicited communications through e-mail, SMS or MMS are regulated by Article 130 of the Code on Personal Data Protection, which provides that electronic communications for commercial and marketing purposes, whether by automated calling systems without human intervention, fax, e-mail, SMS or MMS are permitted only with the prior consent of the addressee (‘opt-in’).
Product or service providers may use (without explicit prior consent) the e-mail addresses of customers (given a past commercial relationship) to promote services or products that are similar to those already purchased by the customers. Customers must be informed of the use of their data and given the opportunity to not receive unsolicited communications.
Section 58 of Legislative Decree No. 206/05 (the Consumer Code) provides that the use of telephone, e-mail and automated calling systems without human intervention for distance communications is allowed if the consumer has given his or her consent (‘opt-in’). The use of all other distance communications means is permitted only if the consumer does not expressly object (‘opt-out’).
Unsolicited communications are heavily regulated. In particular, article L.34-5 of the CPCE prohibits unsolicited communications by text message, e-mail, fax or automated system, unless the customer has provided prior written consent under specific conditions.
Furthermore, the ARCEP has launched a special campaign against unsolicited ‘spam’ SMSs by creating a toll-free number (33700) to which an individual can transfer these SMSs so that they can be blocked.
The Law on E-Commerce requires the consent of the individual subscriber (legal or natural person) as a condition for legally making direct marketing and advertising by e-mail, telephone call or message with or without human intervention. Such consent is subject to withdrawal at any time.
The Bulgarian Commission on Consumer Protection keeps a register of the e-mail addresses of legal entities that have expressly opposed receiving unsolicited commercial communication. Sending unsolicited commercial communication to those e-mail addresses, including for direct marketing purposes, is prohibited.
It is an offence for a company to contact an individual for direct marketing purposes by automated calling machine messages, faxes and electronic mail (which includes SMS and MMS messaging) unless the individual’s express prior consent has been obtained. An exception to this is where the e-mail address reasonably appears to the sender to be an e-mail address used mainly by the subscriber in the context of their commercial or official activity and the unsolicited communication relates solely to that commercial or official activity, the undertaking need not obtain express prior consent.
An opt-in regime applies to unsolicited communications, namely, they are prohibited unless the sender can prove that the receiver has expressly agreed to receive the messages. Several parties have been fined by OPTA for violation of this prohibition. OPTA cooperates with the Dutch Data Protection Authority, where necessary.
The Federal Act against Unfair Competition contains a prohibition of sending mass advertising using telecommunications with no direct connection to requested content if the prior consent of the consumer is not obtained, the sender of the message is not named correctly and an easy, free-of-charge option to refuse the message does not exist.
The G-MEDIA program is made possible by support from the American people through USAID. The content and opinions expressed herein are those of Transparency International Georgia and do not reflect the views of the U.S. Government, USAID or IREX.