Home > News > Showing advertisement in an inbox is deemed spam
Print pageprint Stay Informedprint

NEWS

Showing advertisement in an inbox is deemed spam

calendar_new
18/01/2022

On 25 November 2021 the Court of Justice of the European Union (“CJEU”) rendered a judgment in which it ruled that showing advertisements in a person’s inbox (however, without sending an e-mail) is deemed unsolicited electronic communication in the sense of article 13, §1 e-Privacy Directive. Consequently, the addressee’s prior consent is required in this regard.


1)      What was the dispute about?

On the request of eprimo, an electricity and gas provider, the marketing agency Interactive Media CCSP, launched a campaign whereby advertising messages regarding eprimo’s services were distributed through T-Online, which is an example of the nowadays popular free e-mail services funded through advertisement. In most cases such advertisement is shown in (a) banner(s) on the top or sides of the webpage. In this case however, the advertisement was sent to the mailbox of the users, appearing in between the e-mails of the inbox (but the date was replaced by “Anzeige” (annonce), no sender was mentioned, the text of the advertisement appeared in grey and it was not possible to save, forward or reply).

One of eprimo’s competitors, StWL, deemed this was a violation of the rules regarding unsolicited electronic communication and the rules on fair market practices (StWL argued it was an aggressive and misleading market practice) and launched legal proceedings to obtain a cease-and-desist order.

The German law provisions at play in the underlying dispute are the implementation of a.o. article 13, §1 Directive 2002/58[1] (also known as the “e-Privacy Directive”), regarding unsolicited communication. In accordance herewith, the use of a.o. electronic mail for the purposes of direct marketing is only allowed in respect of subscribers who have given their prior consent. In this regard, "electronic mail" is defined as “any text, voice, sound or image message sent over a public communications network which can be stored in the network or in the recipient's terminal equipment until it is collected by the recipient.” (article 2(h) e-Privacy Directive, own emphasis).

The preliminary questions filed with the CJEU primarily related to the qualification of eprimo’s advertisement messages as such “electronic mail” and, if so, whether it was used for direct marketing purposes as set out in article 13, §1 e-Privacy Directive (and thus whether prior consent was indeed necessary).

 

2)      What did the CJEU decide?

The CJEU ruled that the advertisement strategy at hand, qualifies as “electronic mail” used for direct marketing purposes, hence requiring the addressee’s prior consent.

The CJEU’s underlying argumentation can be summarised as follows:

  • the concept of “communication” in article 2(d) e-Privacy Directive must be interpreted widely and the examples for “unsolicited communication” in article 13 and recital 40 of said Directive  (i.e. automated calling machines, telefaxes, e-mails and texts) are non-exhaustive;
  • based on recital 4 e-Privacy Directive, protection should be offered regardless of the technologies used and of the types of communication covered by the e-Privacy Directive;
  • the user is only able to free the space in their inbox in order to obtain a view of all of their exclusively private emails after having checked the content of that advertising message (clicking on the message, redirected the user to a webpage with the ad), and only after having actively deleted it;
  • contrary to advertising banners or pop-up windows, that are displayed at the edges of, or separately from, the list of private messages, the appearance of the advertising messages at issue, impedes access to private emails in a manner similar to the one used for unsolicited emails (also known as ‘spam’);
  • there is a likelihood of confusion between those two categories of messages.

 

Based on the above, the CJEU concludes that if advertising entries of any kind are displayed in the inbox of an internet email account, that email inbox must be regarded as constituting a means by which the advertising messages concerned are communicated to that user, which involves the use of email for the purposes of direct marketing in the meaning of article 13, §1 e-Privacy Directive. Subsequently, the CJEU deems it superfluous to investigate whether such advertisement messages themselves can be qualified as “electronic mails”.

The fact that the addressees are chosen randomly, does not call that conclusion into question. In other words, it is irrelevant whether the advertising at issue is addressed to a predetermined and individually identified recipient or is sent on a mass, random basis to multiple recipients.

This reasoning raises some questions. Article 13,§1 relates to certain means of communication used for direct marketing. In the case at hand, the CJEU seems to interpret this broadly. Indeed, its reasoning gives the impression that it is sufficient that an advertisement – although not constituting a “real” e-mail – impedes the access to the private e-mails for it to be considered as communicated through the mailbox and thus through “electronic mail” (that falls into the scope of article 13, §1). This could open the door for other types of advertising to be qualified as such, triggering the requirement for prior consent, e.g. a screen wide pop-up when opening a mailbox that impedes access to the list of private e-mails in the inbox or a banner advertisement on top of the page requiring the user to scroll down in order to see its inbox. It could give the impression that any type of digital advertising requires consent under the anti-spam rules as soon as such advertisement appears in relation to electronic mail.

 

3)      Conclusion for Belgium?

Also in Belgium, in principle, an addressee’s prior consent is required to send unsolicited electronic messages (such as e-mails, but also text, etc.), pursuant to article XII.13 Belgian Code of Economic Law (“BCEL”), being the transposition of article 13, §1 e-Privacy Directive. The interpretation of the CJEU will thus also apply in the Belgian legal order.

In our view, this judgment is yet another indicator that the direct marketing rules should be revisited. Clarification and alignment with the digital society we are currently living in, is in our view very much needed.

Another example thereof is in our view the exception to the consent requirement under article 13, §2 e-Privacy Directive, transposed in Belgium in article 1 of the Royal Decree of 4 April 2003[2]. No prior consent is required to send electronic communication:

  • for existing customers (natural persons or enterprises), under the conditions that:
    • 1) the customer’s contact details are collected directly from them (and e.g. not via a third party) in the context of a prior sale of a product or a service to such customer;
    • 2) the e-mail exclusively relates to products/services similar to the ones the customer has bought before
    • 3) the customer must have been explicitly informed when collecting their contact details that they would be used for direct marketing and must have been offered the option to ‘opt-out’ at that moment;
  • for impersonal e-mail addresses (e.g. “ order@..... “, “ sales@.... “, “ info@... “, etc.), but not for professional e-mail addresses linked to an identifiable person.

 

In practice, questions arise regarding:

  • the condition of the collection of the personal data “in the context of a prior sale”, which, under Belgian (consumer) law, requires the payment of a price for a good or service (art. I.8, °33 and °34 BCEL). However, in a digital context, one does not always have to pay a monetary price to receive a digital service.  Often, users “pay” with their data (e.g. contact details, but also browser behaviour, etc.), e.g. when creating a free profile for an online market place platform on which sellers and buyers are put into contact with each other to enable (second hand) sales. It is contested whether in such event the personal data is collected “in the context of a prior sale” and the exception to the consent rules can be applied, giving the online market place the opportunity to send its users e-mails regarding analogous services (e.g. publicity regarding an upgrade to a payable account). It is hence time to align the rules regarding direct marketing with the (digital) reality (as been the case for example in Directive 2019/770 where the provisions of the directive also apply to consumer contracts for online content or services where such consumers “pay” with their personal data instead of money[3]);

 

  • the relationship with the provisions of the GDPR, in particular those related to the requirement of a legal ground. Where the exception to consent for existing customers, based on article 1 of the Royal Decree of 4 April 2003, may apply, it may nevertheless still be required for companies to ask for consent based on article 6 GDPR. Although, in some circumstances it could be argued, also supported by recital 47 GDPR, that such direct marketing to existing customers is based on the company’s legitimate interest, it would require a solid balancing of interests without guarantee that national supervisory authorities would accept such reasoning; and
 
  • the discrepancy with the rules regarding non electronic direct marketing messages. Indeed, article 13 e-Privacy Directive only applies to electronic messages (as well as fax and calls from automated calling machines) and there is no requirement to request prior consent for sending publicity by regular mail (post)[4] or for direct marketing by telephone, also known as “cold callings”. In the latter event, companies are nevertheless obliged to check the do-not-call me list[5] and to refrain from calling any person or company on that list for publicity purposes (unless such person or company explicitly consented to be contacted although subscribed on the list) (articles VI.111-VI.113 BCEL).


[1] Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications).

[2] Please note however, that consent may still be required based on the provisions under the General Data Protection Regulation.

[3] Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services, article 3.1. and recitals 24-25 and 67. This directive is not yet transposed in Belgian legal order.

[4] Please note however, that consent may still be required for the processing of personal data in the context of sending such regular mail, based on the provisions of the General Data Protection Regulation.