As a marketeer, you know the stress about unsubscribes to your newsletter. With every new newsletter, you see the list of recipients that would rather not receive any more emails slowly growing. Too bad for the marketeer, but from a privacy point of view, the right to unsubscribe is indisputably a good thing. Just recently, to our surprise, the Danish Data Protection Authority (Datatilsynet) ruled that keeping an unsubscribe list is disproportionate and thus prohibited. This made us raise our eyebrows, because such a list is required by law in Belgium and it is also the only way to correctly manage the unsubscribes to your newsletter.
What about newsletters?
In this article we talk about newsletters, but the scope is much broader. It refers to any form of ‘direct marketing’ communication. A term with a very broad connotation according to the Belgian Data Protection Authority (GBA).
In its recommendations on direct marketing, the GBA states that there are only two proper ways to send digital newsletters:
- The recipient gave explicit consent (opt-in).
- The company sends the e-mail based on its legitimate interest to promote similar products to its existing customers.
In a previous blog, we already went into all the nuances on this in detail. In both cases, the recipient must be able to unsubscribe easily. This option to unsubscribe is usually located at the bottom of the newsletter. There you will find a link that takes you to the next page. In the best case, this is where you get an immediate notification that you have been correctly unsubscribed. When a company sends out different types of newsletters, you may still be asked to make a choice. As a guideline, the company should make sure that unsubscribing is at least as easy as subscribing.
Most CRM tools keep a list of unsubscribes to prevent them from re-entering former recipients in the database in the future. In Belgium, this list is even a legal requirement.
Danish affiliate marketing: no more unsubscribe lists
In Denmark, Datatilsynet recently made a highly relevant ruling on the use of such unsubscribe lists. The case was about the affiliate marketing company SmartResponse and did not only concern these lists. In the remainder of this article, we will deal only with this aspect of the judgment.
SmartResponse kept a ‘nej-tak’-list when recipients unsubscribed from its newsletter. This was a list of unsubscribers in which both the recipients’ phone number and email address were kept for 5 years. The purpose of this list was to document unsubscribers on the one hand and, on the other hand, to prevent someone from being re-subscribed. The documentation served to prove compliance with the GDPR and to conform to the Danish Marketing and Consumer Acts and the statute of limitation for criminal liability in Denmark. The data subject’s details were obviously no longer passed on to SmartResponse’s affiliates. Finally, SmartResponse also indicated that if a data subject indicated they wanted to be removed from this list, they would do so without grumbling.
Nevertheless, the Datatilsynet ruled that this list constitutes unnecessary processing of personal data that does not comply with the principles of purpose limitation, data minimisation and the rule of balancing of interests. SmartResponse would be pursuing a hypothetical interest with this list instead of a clear, existing and current interest… The Datatilsynet does leave the door ajar for these lists, should SmartResponse be able to demonstrate that its interest is also current.
Unsubscribe lists legally required in Belgium
This Datatilsynet decision seems to us to go too far. At least under Belgian law, as there is a legal obligation there to keep a list of people who have unsubscribed from a newsletter.
Even if this legal obligation did not exist, we still think that unsubscribe lists are necessary and in accordance with the GDPR. The purpose of this list is primarily to respect the recipient’s wishes. He no longer wants to receive a certain newsletter and it is in his interest that the sender of the newsletter can register this.
Without this registration, the company does not know who has unsubscribed. As a result, a customer will potentially be re-registered to the newsletter list when making a new purchase. After all, remember, this company has a legitimate interest in sending direct marketing messages for similar products to its existing customers. This will no doubt cause great frustration for the customer in question… Similar situations also arise when email lists are purchased from third parties or when different databases of a company are linked together.
In addition, the company must also be able to prove that they actually unsubscribed the recipient. This proof can only be undeniably provided by such list.
Best practices
Some tips & tricks for newsletters and unsubscribes registration:
- Make sure you rely on an appropriate legal basis
- Register the moment of subscription
- Inform the recipient in advance and in your newsletter itself by means of a clear privacy policy
- Document everything neatly in your data register
- Provide a link in every newsletter with which the recipient can easily unsubscribe
- Keep only the email address in the unsubscribe list
- Delete the list as soon as you no longer need it (e.g. you stop the newsletter)
Questions about newsletters or GDPR in general?
We’re happy to make time for you. Feel free to call or email Bart Van den Brande at bart@siriuslegal.be or Matthias Vandamme at matthias@siriuslegal.be or +32 492 249 516 .
Schedule a free appointment
This article was written by Matthias Vandamme who has left our firm a while ago.
Bart
Van den Brande
I am the founder and Managing Partner of Sirius Legal. In 2010, I decided to leave the Brussels big city law scene behind me to start practi...