Direct marketing through unsolicited communications remains the Information Regulator’s most complained about grievance since the establishment of the Information Regulator. The People’s right to privacy, as now supplemented and extended in terms of the POPI Act, continues to be neglected by pestering business communications to market an unwanted good or service. To combat this sales tactic, Section 69 of the POPI Act attempts to regulate direct marketing through unsolicited electronic communications, allowing for direct marketing under certain conditions. Considering the POPI Act and the Information Regulator’s recent Media brief, how does a business market directly?
Information Regulator’s 29 June 2022 Media Briefing
The Information Regulator released a Media Breakfast Briefing Address dated 29 June 2022. What we gathered from this brief, relevant for this article, are the following;
- The Regulator has, since July 2021, received and pre-investigated over 700 complaints;
- Most complaints received relate to direct marketing, which is a grave concern and an indication that responsible parties are not complying with POPIA’s sections 69;
- The Regulator is concerned that South Africans continue to be bombarded with unsolicited direct marketing messages that do not comply with section 69 of POPIA;
Direct Marketing
There is no surprise why direct marketing has become a common business tool many businesses practice to advance sales. Because of the rapid rate of technology, direct marketing through electronic communications has become a custom of businesses based on the ease of communicating with consumers and its feasibility. However, this common practice has come under threat by the enactment of the POPI Act, which has imposed restrictions on direct marketing, particularly that by means of unsolicited electronic communications. Although the effect of the POPI Act on direct marketing can be seen as negatively impacting the direct market industry and, ultimately, sales, this does not permit companies to neglect a data subject’s right to privacy.
Marketing the POPI way
To lawfully do direct marketing through unsolicited communications, Advocate Pansy Tlakula (Chairperson of the Information Regulator) stated processing would be allowed if:
- The data subject has given their consent to such processing or is a customer of the responsible party. Consent is defined in POPIA as voluntary, specific and an expression of which permission is given for processing personal information. This means that requesting a data subject to simply opt-out does not constitute consent within the meaning of POPIA;
- The data subject must be contacted only once to obtain their consent. The responsible party must obtain the contact details of the data subject lawfully to contact them to obtain their consent. This means that the responsible party must have derived the contact details of a data subject from a public record, or a data subject must have made their contact details deliberately public. Purchasing contact details of data subjects from data brokers is unlawful;
- A data subject who was previously contacted and withheld their consent cannot be contacted again;
- Any communication for direct marketing must contain the identity of the sender or the person on whose behalf the communication has been sent and an address or contact details to which a data subject can send a request that the communication must stop.
Businesses that have been or wish to market directly to data subjects by way of unsolicited electronic communications, for your own good, heed to the warnings expressed by Adv Tlakula and adhere to the POPI Act, in particular, Section 69 of the Act, to avoid incurring an administrative fine for an offence not exceeding R 10 million.
In conclusion, Direct Marketing remains a thorn amongst consumers who have voiced their grievance by lodging a complaint with the Information Regulator, which the Information Regulator has now acknowledged as a ‘grave concern’.
Suppose you have been and wish to continue to employ this direct marketing practice through unsolicited electronic communications. In that case, we advise you do so with caution and that it be done within the confines of the POPI Act.
Contact your SEESA Consumer Protection & POPI Legal Advisor to assist with a POPI-compliant direct marketing strategy. Alternatively, leave your contact details on our website, and a SEESA representative will contact you.
About The Author:
Asheer Dollie started his career at SEESA in September of 2021 as Legal Advisor in the Consumer Protection & POPI Department. He obtained his LLB, enrolled for LLM, attended Law School and completed his Articles before being admitted as a Legal Practitioner of the High Court of the Western Cape in February of 2020.
Resources:
- Media Breakfast Briefing Address – Adv Pansy Tlakula: Chairperson of the Information Regulator, dated 29 June 2022;
- Protection of Personal Information Act, 4 of 2013;
- Y Jordaan ‘Information Privacy Issues: implications for direct marketing’ International retail and Marketing Review;
- A Moyo ‘Information Regulator calls direct marketers to order (30 July 2018).