Disclaimer

The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

Case Study 5

Realm Communications- Unsolicited SMS texting and direct marketing

I received a number of complaints from people who had received unsolicited mobile phone text messages from Realm Communications offering a free stay in one of 30 Irish Hotels. The text messages were sent during the summer of 2003 when S.I.192/2002 was the operative legislation in this area. Regulation 9(1) of that statutory instrument states:

A person shall not use, or cause to be used, any publicly available telecommunications services to make an unsolicited call for the purpose of direct marketing by means of an automated calling machine or a facsimile machine to the line of a subscriber, who is an individual, unless the person has been notified by the subscriber that for the time being he or she consents to the receipt of such a call on his or her line.

The complainants had not given their consent and the sender did not dispute this. From my investigations it was established to my satisfaction that the means of sending these messages was an automatic process. The content of the message, offering the free stay in a hotel, I considered to be direct marketing.

S.I.192/2002 implemented the provisions of Directive 97/66/EC. Article 3(1) of that Directive which is referenced in Regulation 3 of the S.I. states that "This Directive shall apply to the processing of personal data in connection with the provision of publicly available telecommunications services?".

Realm Communications claimed that it was not processing personal data and for that reason the Regulations did not apply. It explained that it had a database of anonymous mobile numbers. Those who responded to the message were required to telephone a premium rate number. When they did so they were given a randomly generated claim number and their mobile number was deleted from its database. It was only at a later stage that personal details were recorded by the hotel on quoting the claim number. It maintained that personal details were never provided to or recorded by the sender of these messages or associated with the mobile numbers on its database.

I could not accept this argument as I considered that it was not central to the overall issue of unsolicited direct marketing calls being made which are governed by regulation 9 of S.I.192/2002. To restrict the interpretation of the regulations in such a way would, in my view, require a reading of Regulation 9 contrary to its literal meaning. It is a well established legal principle in Irish Law that where the literal meaning of a provision is clear, that is the meaning which should be attributed to it.

The sender probably earned a substantial amount of money from this promotion through premium-rate-call charges and framed the operation of the promotion in an attempt to technically circumvent the regulations. I decided that his actions were covered by the regulations and that he contravened those regulations. I wish to acknowledge the assistance of Regtel- who supervises the premium rate regime- in the conduct of this investigation.

Since the decision on this complaint the Regulations have been superseded by S.I.535 of 2003 which implement the provisions of Directive 2002/58. These regulations strengthen the law on unsolicited marketing by SMS text, e-mail, fax or telephone. For the purposes of these new Regulations a person's phone number or e-mail address alone is considered to be personal data. These Regulations also make it an offence to send unsolicited marketing messages without prior consent and I have the power to prosecute these offences. There is a maximum fine of €3,000 for each message sent.