I agree, too.
You can assume that my car is, in fact, your car, jump into it and drive
off. That doesn't change the fact that you have stolen my car.
Similarly, spammers may assume that an e-mail address is fair game, but the
Privacy, etc. Regulations (SI 2003 No.2426 s.22) very explicitly ban cold
e-mails to "individual subscribers". An individidual subscriber is defined
in s.2 as a "living individual ... who is a party to a contract with a
provider of public electronic communications ...".
Take me as an example: I have a .com address because I use the address for
business as well as personal contacts, but I am a living individual (trust
me on that one) and I pay for my own e-mail service. That makes me an
individual subscriber regardless of the purpose to which my e-mail
facilities are put. You might very well see my address on a web site in a
business context, but that doesn't change the facts. Send me unsolicited
marketing e-mail without my prior consent and you are breaking the
Regulations.
You therefore have two choices: don't harvest e-mail addresses, in case you
collect some that relate to individual subscribers, or politely e-mail
everyone first to ask them if they are an individual subscriber and only
send marketing e-mails to those who confirm that they are not.
The relation to Data Protection is much fuzzier because of the debate -
often rehearsed on this discussion list - about whether an e-mail address on
its own is personal data. I think it certainly can be: put my name into
Google and you only get me. My e-mail address therefore relates
unequivocally to me and tells you how to contact me by e-mail. Since you
can do a Whois on it and get my real world address I think that the e-mail
address allows me to be "identified ... from [the data itself] and other
information which is ... likely to come into the possession of the data
controller", even if my name turns out not to be unique.
If that's the case then there is a likely breach of Principle 1, and
probably Principle 2 (where was the purpose specified?).
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
I hereby require any recipient of this message not to use my personal data
for direct marketing purposes.
----- Original Message -----
From: "Nigel Roberts" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, March 22, 2007 1:48 PM
Subject: Re: Obtaining email addresses from websites
> You are entirely correct.
>
> There is no way to tell a personal address from a business address.
>
> UK Spammers have a rule that if your email address has appeared in the
> WHOIS for a domain name, then your email address is a business address and
> is fair game.
>
> They also work on the assumption that any address in the form
> [log in to unmask] (or .com) is a business address.
>
> I.e. any email address of a person at a company is a business email.
>
> I disagree. If it identifies a person (i.e. it's not a generic address
> like [log in to unmask] it's personal data, IMO.
>
> And I think the ICO (for all his inaction otherwise) agrees with me.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|