In my Outlook Express there is an option on the 'security' tab to "Block
images and other external content in HTML e-mail". If an e-mail arrives
with images I get the option to view them or not. I don't know whether this
is the default setting or not, but it obviously should be.
On the wider points, I think organisations could justifiably claim to have
difficulty in distinguishing between B2B addresses and B2C - and indeed
between sole traders and companies. Although it is a technical breach of
the Privacy & Electronic Communications Regulations (because I am a sole
trader and use my own personal e-mail account) I feel fairly relaxed about
getting e-mails from companies exhibiting at conferences where I have
registered, even if I haven't given consent.
The use of hidden techniques to find out about people who have opened an
e-mail is clearly a breach of Data Protection if the individual is
identifiable. But often the sender could claim not to know (or be likely to
find out) who the individual is.
On balance, therefore, I wonder whether there is actually a breach here,
however bad the practice.
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
I hereby require any recipient of this message not to use my personal data
for direct marketing purposes.
----- Original Message -----
From: "Nigel Roberts" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, February 08, 2007 9:20 AM
Subject: Spam and email bugs (Long, but interesting . . )
I was spammed again yesterday. It almost certainly happened to you.
It happens to me a lot, since I have been the registrant of a number of
domain names and my email addresses have been harvested from the .COM
etc WHOIS database, and are now sold.
Keen followers of such things will remember the case of Roberts v Media
Logistics where I obtained modest damages from a company which spammed
me. That was a default judgment so it was still unclear whether or not a
court would give judgment to a recipient of spam. That uncertainty has
been cleared up by at least two cases (on in England where nominal
damages of £50 were awarded) and one in Scotland where substantial
damages were awarded within the last fortnight (The defendant was
ordered to pay £1300 including the pursuers costs).
The spam email I got yesterday did not have any details of the senders
company, just an 0845 telephone number. Ironically,the advertisement was
again for car leasing facilities (pretty useless on an Island where I
can walk everywhere!!)
I telephoned this number and was told that they had employed an 'email
marketing company' to send out their material to 'opt-in' recipients,
and gave me their company name and that of the marketing company.
I telephoned the marketing company. I told them the date, time, and
content of the email I had received. They said it was not opt-in, but
B2B only. I asked for details of what data they had, and how they got
it. They initially said that they would insist on a £10 fee, but I
persuaded them to give me a verbal indication.
I was somewhat surprised at the alleged source (to say the least!), but
since I am awaiting confirmation from them in writing, and am taking
advice, I will not mention the company concerned.
The company insisted that an email address of
[log in to unmask] was fair game. (In fact the email address
used is no longer used as a business address since it became polluted by
spam -- I simply check it in case anyone has written to me personally
from an old address book).
The marketing company told me "But we have no record of you having
opened and read the email". I said: "Why should you". I was told that
they use a package called 'graphicmail' which is standard in the
industty and can provide the date and time a person reads an email as
well as aggregated open rates.
I investigated the HTML code, and found references to invisible gif
files on servers in the USA. Anyone who reads their email using (e.g.)
the HTML formatting of Outlook or Outlook Express will, without their
knowledge or permission, be caused to access these gif files, providing
a considerable amount of data, such as whether the email was opened, the
IP address is was opened at, the type of browser/email client and in
fact all the information that the HTTP protocol provides.
All without informed consent, and to a destination where Data Protection
Law does not apply.
I think that
(a) They are wrong in their definition of B2B
(b) That such'email bugs' are unlawful (whether under the DPA or the CMA
or both)
(c) That where the location of the bug is outside the EEA, a further
problem arises.
Any observatins will be most welcome. . .
Nigel
--
Nigel Roberts FBCS DipEngLaw(Open)
Tel. 01481 822800
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|