Can you ask your customers to send on your marketing to their friends?
The answer, according to the ICO’s draft Direct Marketing Code, is NO!
The regulator says for email/SMS this breaches the rules, as you won’t have the consent required for such electronic promotional messages. (I suspect email is the prime channel for this type of marketing).
But is the ICO taking a too literal approach? I’ll admit, I’m left wondering whether the GDPR and ePrivacy (i.e. UK PECR) rules were really designed for this. Is the Law of Unintended Consequences at work here?
I recently received a ‘refer a friend’ from a cosmetics company I’d used. This prompted me to go back to the draft code and read carefully what it said.
I seldom receive emails like this, and don’t think I’ve ever forward details to a friend. But what’s the problem? I can delete it. I can unsubscribe. I am in complete control in a personal capacity if I choose to act upon it. If I do, the recipient (who will be known to me) can ignore it. The company will only collect my friend’s details if they actively choose to engage.
Asking for contact details of friends/family
In the Direct Marketing Guidance (which the code will replace) the ICO previously referenced these types of viral marketing campaigns. The scenario of asking existing contacts to provide contact details for their friends and family was highlighted. And the clear advice was not to do it. This is because it would be difficult to ensure you had the permission of the friends/family members. But it went no further.
On this point, I completely agree – I wouldn’t be happy if a friend provided my details to a third party without my knowledge. Even if I’d agreed, the company would clearly have no lawful basis under GDPR for processing such information. They’d certainly have no evidence I’d agreed to this.
In this respect, the ICO guidance seems totally correct (and is repeated in the draft code).
‘Instigating’ marketing messages
However, the ICO is now taking this a step further. It says direct marketing rules cover companies who ‘encourage’ their customers to send on a marketing message to friends or family.
The Regulator takes the stance that as the ‘instigator’ of a direct marketing message, you’ll need to comply with direct marketing rules. It states;
“You still need to comply even if you do not send the messages yourself, but instead instigate individuals to send or forward these. Instigate does not necessarily mean that you have incentivised the individual to send your messages.”
It goes one to say:
“Actively encouraging the individual to forward your direct marketing messages to their friends without actually providing a reward or benefit still means that you are instigating the sending of the message and you therefore need to comply with PECR.”
As direct marketing emails and SMS messages require consent (in a business-to-consumer context), the ICO concludes it’s impossible to collect valid consent for a marketing message that arrives in a friend’s inbox. The following example is given:
“An online retailer operates a ‘refer a friend’ scheme where individuals are given 10% off their orders if they participate. The individual provides their own name and email address and the retailer automatically generates an email containing its marketing for the individual to send to their friends and family. The retailer is instigating the direct marketing therefore they have responsibility for complying with the PECR rules. Because the retailer does not have the consent of the friends and family these emails breach PECR.”
It’s clarified you are not responsible if individuals choose to send their friends a link to a product on your website or details of a promotional campaign. This is as long as you haven’t ‘encouraged’ them to do so.
Refer a friend links
In the above example the ICO specifically mentions an automatically generated email containing the organisation’s marketing content. From a purely personal perspective I don’t see this as being too much of a problem. It would be interesting to see the metrics from businesses who use this type of marketing and find it effective.
Of course, I accept the ICO may have specifically highlighted this because it has received complaints from people who are inundated with promotional emails from their friends.
However, this is not the only way refer a friend schemes operate. The email I recently received invited me to click to get a link which I could then share with my friends should I wish to. Both my friend and I would be rewarded should they go on to buy some cosmetics from the company.
I’ll reiterate – I wasn’t being encouraged to forward a marketing message. I was encouraged to copy a link. If I’d done this, I would have been completely in control of what I wrote in my email to a friend and I would be sending this in a personal capacity.
You’d also think this would rely on a good customer experience – people being likely to want to tell their friends about a good brand.
Refer a Friend Benefits
These type of campaigns are clearly attractive to companies who want to reach out to new customers. They would appear to put the customer completely in control. Friends can simply ignore it if they wish.
Gavin Walles from Mention Me, a company which specialises in referral marketing, says these refer-a-friend programmes are beneficial to both companies and their customers;
“The fact that the referrer is making an introduction means that the brand is not required to spend money on other less efficient marketing channels and so they are willing to share that saving with their customers. Therefore, brands are willing to offer incentives to both the referring customer and the referred friend for participation in their refer-a-friend programmes. These incentives offer real value to both the referrer and their friend, making it a mutually beneficial process for the consumers and giving them the opportunity to benefit from discounts and other rewards they would not otherwise have access to”.
In some ways, it could be alleged the ICO is trying to police the behaviour of private individuals around the information they choose to share… refer a friend is an invitation, not an instruction.
Robert Bond, partner at Bristows LLP comments, “There is also the issue as to how GDPR and PECR can apply to the action of the referrer as the individual is acting in a domestic or household capacity”.
I suspect, many companies would appreciate further clarification from the Regulator on these types of viral marketing campaigns.
Philippa Donn, February 2020
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.