HDPA - 10/2020
|HDPA - 10/2020|
Article 13 of ePrivacy Directive
|National Case Number/Name:||10/2020|
|European Case Law Identifier:||n/a|
|Original Source:||Greek DPA (in EL)|
|Initial Contributor:||Elisavet Dravalou|
Greek DPA holds that the use of unsolicited electronic communications for the purposes of direct marketing for the promotion of the defendant's candidacy at the parliament elections of 2019 violated Article 13 of the ePrivacy Directive.
The DPA received two complaints against the defendant. The first complaint was from a data subject who received an email regarding the candidacy of the defendant in the parliamentary elections of 2019 without giving her prior consent and without any prior relationship with the defendant. The second complaint was from another data subject, about receiving 3 SMSs of the same content, without prior consent and without given the opportunity to object to the receiving of direct marketing communications.
The defendant stated that she had the contact information of the complainants in her personal contact list which was populated in the context of professional networking during the years, as all the parties are lawyers. The defendant was using this contact list to send news about her trade union action as well as other developments in the legal area and so far no one has objected to that. She used the same contact list to inform her network regarding her candidacy in the EU Parliamentary elections of 2014 and no one objected to that as well. She held that updating her peers of her candidacy was acceptable in the context of her previous communications. Additionally, these communication did not cause any damage to the complainants. Also, the complainants did not contact her regarding their complaints before they file a complaint with the DPA.
The DPA held that article 13 of the ePrivacy Directive requires prior consent for sending unsolicited direct marketing communications via SMS or email. More specifically regarding political communication, candidates in any type of elections (European, national, regional) are controllers since the determine the means and purposes of the processing activities. The DPA held also that the only way that candidates can send direct marketing communications for political purposes without prior consent is when all of the following apply: (a) the contact details were obtained in the context of a previous similar contact with the data subjects, not necessarily political, the data subjects have been informed that they will be contacted for political purposes and they didn't object. Previous similar relationship is not considered lawful if the contact details were obtained in a professional context. (b) data subjects are given the possibility to object in a clear and easy way in every communication message and in every message the controller must indicate clearly his identity as a controller and provide his address. The DPA also made it clear that data subjects do not have the obligation to exercise their rights before the controller prior to filing a complaint with the DPA.
During the national and European elections of 2019 I have received many unsolicited direct marketing communications from political candidates myself. In most cases there was not possibility to object and although I was contacting the candidates to inform them that if they don't stop I will file a complaint with the DPA, I continued receiving messages. The fact is that I don't live in Greece for the past 4 years so I have no idea how the found my contact information. In this case, it is remarkable that the defendant was a lawyer herself and at her defence she stated that data protection law is so specific that she couldn't be aware of all the specific requirements. But yet she wanted to be voted as a member of the parliament..
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.