|
|
|
|
|
|
by Nextgrid
1930 days ago
|
|
|
In the UK, there's another law called the PECR in place that may supersede the GDPR in this case. I've had multiple merchants get back to me after such a complaint claiming that under the PECR they're allowed to send further marketing solicitations following a purchase. I haven't pushed it further so no idea if this is actually legal or if the GDPR supersedes it. |
|
|
Section 22 is the relevant section they are hoping to rely on, specifically section 22(3) which allows them to:
----------
(3) A person may send or instigate the sending of electronic mail for the purposes of direct marketing where—
(a) that person has obtained the contact details of the recipient of that electronic mail in the course of the sale or negotiations for the sale of a product or service to that recipient;
(b) the direct marketing is in respect of that person’s similar products and services only; and
(c) the recipient has been given a simple means of refusing (free of charge except for the costs of the transmission of the refusal) the use of his contact details for the purposes of such direct marketing, at the time that the details were initially collected, and, where he did not initially refuse the use of the details, at the time of each subsequent communication.
----------
So in this case, they are obliged to let you withdraw your consent every time they email you. It is not a blank cheque for them to keep emailing you simply because you've purchased something; it is consent-based and therefore uses the same consent processes as the GDPR.
--
[1] https://www.legislation.gov.uk/uksi/2003/2426