The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

Case Study Three

DELL: Persistent direct marketing

If you do not want to receive direct marketing, you have a right to notify the sender that you object to receiving such material. This request must be made in writing and an organisation that fails to respect your stated preference shall be in contravention of the Acts.

During the course of the year, I received a proportionally large number of complaints from individuals who were continuing to receive marketing material from DELL despite having requested the company to cease sending such material. I viewed this matter particularly seriously as my Office had previously received assurances from DELL (in June 2006) that measures had been put in place to prevent this happening. To be fair to the company, I believe that it was its understanding, at the time that the initial assurance was given, that this was the case.

However, individuals continued to receive marketing material despite having followed the procedures outlined on the back of DELL's mailed brochures to request that such mail be suppressed. Indeed, one of the complainants to my Office in November 2006 had previously complained to me about this matter and, in that case, my Office had received assurances from DELL in April 2006 that she would receive no more marketing material by post.

In view of the seriousness of the situation, a meeting was arranged with DELL representatives in November 2006 at which it was explained to them by my Office that their mailing suppression systems were simply not working. My Office outlined to DELL the unacceptable nature of these continuous breaches of the Acts. The company outlined a serious of system failures that were put forward as explanations for each breach of the Acts that had occurred.

Technical difficulties arising from the utilisation of a complex structure for sending direct marketing material is not an excuse for breaching the Acts and my Office explained to DELL that it would have to take immediate steps to ensure that its mailing lists took account of all requests for suppressions. We warned that failure on DELL's part to rectify the unacceptable position would be dealt with by use of my enforcement powers under the Acts.

DELL cooperated fully with my Office on this issue and has demonstrated a keen desire to resolve the issues that have arisen as soon as possible. The details of the failures also demonstrate the complexity of the marketing efforts that are put in place by major companies who communicate with the public directly. The case also demonstrates that the more links in the chain from the data controller, to the actual issuance of direct marketing, and to the recording of preferences for not receiving such mail, the greater the risk of systems failures occurring which remain the responsibility of the data controller under the Acts.