Home | Databases | WorldLII | Search | Feedback Privacy Laws and Business International Report

Sweden adopts direct marketing guidelines [1999] PLBIRp 43; (1999) 50 Privacy Laws and Business International Report 13

Sweden adopts direct marketing guidelines

THE SWEDISH Direct Marketing Association has published guidelines for direct marketers on how to comply with the new Data Protection Act. The guidelines, endorsed by the Swedish Data Protection Authority, go beyond the 1998 data law.

The Swedish Direct Marketing Association (SWEDMA) took the initiative provided by the Data Protection Act 1998 (PL&B Dec '98 p.7) to develop guidelines for the direct marketing industry. The guidelines were drafted together with business representatives and in consultation with Datainspektionen, the Swedish Data Protection Authority. Useful background material was provided by FEDMA, Federation of European Direct Marketing, which made a proposal for a European-wide code of conduct in 1998. FEDMA is still actively promoting the adoption of a sectoral code, which could streamline the different European approaches (see p. 10-12).

TIGHTER RULES PROVIDE EXEMPTION FROM NOTIFICATION

The Swedish guidelines, adopted in July, apply to all kinds of direct marketing, and to both automated and manual data. The guidelines are more detailed than the Data Protection Act's (SDS 1998:204) provisions on direct marketing. For example, they ban direct marketing to children under 16 years; a rule that is not to be found in other EU member states. It is also forbidden to send direct marketing to parents of a new-born child until the marketers can satisfy themselves that the baby has not died shortly after birth.

Generally speaking, the guidelines make a distinction between marketing to people with whom there is some kind of relationship, and those with whom there has been no contact. Provided that organisations comply with the guidelines, they are exempt from the general duty of notification to the Data Protection Authority.

COLLECTING PERSONAL DATA

The collection of personal data for direct marketing purposes is permitted from the data subjects themselves, and from registers of individuals who are aware that their personal data may be used for this purpose. Where there is a customer relationship, direct marketers are also allowed to acquire the individuals' exact address details from sources other than the individuals themselves. Organisations planning direct marketing activities must, however, take into account the optouts registered with themselves and preference services.

PRIVACY PROTECTED ON THE INTERNET AND E-MAIL

When collecting personal data from data subjects, organisations must inform the individuals about the organisation, the type of direct marketing proposed, how to opt-out from direct marketing and how to get access to their own records. The information must be presented in easy-to-understand language.

If the collection of personal data is done by telephone, these details must be made clear at the beginning of the conversation.

In the case of collecting information via Internet websites and e-mail, websites must tell individuals if their details are being registered. There must be an opportunity to opt-out, and websites must post policies about their information handling practices.

SUBJECT ACCESS FREE OF CHARGE

Organisations must provide individuals with the opportunity to check the details that are held about them. Subject access requests, which must be made in writing, are free of charge provided that there is only one request per year. Individuals also have the right to correct inaccurate data.

The sanctions for not complying with the guidelines are not severe. Those in breach of the rules will be reported to the direct marketers' ethical board, the decisions of which are made public. However, direct marketers still need to comply with the Swedish Data Protection Act, which is enforced by an independent authority. These provisions require direct marketers to comply with the general rules about processing personal data, and to respect any written opt-outs or subject access requests received from data subjects.

The guidelines are available (in Swedish) from SWEDMA, Box 14038, 10440 Stockholm, Tel: + 46 (0) 8 661 3910, e-mail: direkt@swedma.se