Aerlingus Spam - Twelve Horses

Butch · 30-10-2003 07:16PM #1

Hi,

Today I received a dodgy spam email - supposedely sent on behalf of Aerlingus.com. The company behind the mass emailing is called Twelve Horses.

I already changed my email address because of spam, and since then I have been careful in not using it for newsgroups and so... Apprarently not careful enough...

I have reasons to believe that Aer Lingus is outsoursing their marketing, as the email is using my full name. What pisses me off is that the bastards are passing my details to third party companies.

Opinions anyone?

Butch

mneylon · 30-10-2003 08:47PM

If you could provide the full headers for the mail it might help.

Butch · 30-10-2003 09:14PM

Originally posted by blacknight
If you could provide the full headers for the mail it might help.

Here you go. I removed my details and part of the URL they requested me to click on.

Return-Path: <specials@eebxdp.bcshdg.th.b.12hs.com>
Delivered-To: XXXXXXXXXXXXXX
Received: (vpopmail 31106 invoked by uid 16); 30 Oct 2003 11:11:00 +0000
Received: (qmail 23295 messnum 2197077 invoked from network[12.165.53.112/mailout01.twelvehorses.com]); 30 Oct 2003 11:09:32 -0000
Received: from mailout01.twelvehorses.com (12.165.53.112)
by mail04.svc.cra.dublin.eircom.net (qp 23295) with SMTP; 30 Oct 2003 11:09:32 -0000
Received: from eebxdp.bcshdg.th.b.12hs.com (192.168.4.51)
by mailout01.twelvehorses.com with SMTP; 30 Oct 2003 03:09:32 -0800
Message-ID: <6845169.1067511865137.JavaMail.dynamo1@app02.prv.twelvehorses.com>
Date: Thu, 30 Oct 2003 03:04:24 -0800 (PST)
From: "aerlingus .com" <specials@aerlingus.com.r.12hs.com>
Reply-To: "aerlingus .com" <specials@eebxdp.bcshdg.r.12hs.com>
To: XXXXXXXXXXXXXXXXX
Subject: Up to 50% off
Mime-Version: 1.0
Status: RO
X-UIDL: 1067512260.31106.mail04.svc.cra.dublin.eircom.net,S=2328
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Up to 50% off our lowest fares on all routes at www.aerlingus.com
[500,000 seats on special offer]=20
=20
Discount applicable on travel between 01 Nov '03 - 08 Feb '04. Discounts
vary depending on day and time of travel. Discount valid on our cheapest
internet fares excluding taxes and charges. Subject to terms, conditions
and availability, see aerlingus.com for full details. =804 per ticket
handling fee applies. Book now at www.aerlingus.com .=20

========================================================================

MESSAGE LINKS

========================================================================
You have just received a HTML mail from Aer Lingus. Click here to view it in your browser:
<http://www.twelvehorses.com/S1/XXX/XXXX/M/>

To unsubscribe from this service, follow this link or alternatively, copy and paste the link into your browser:
<http://www.twelvehorses.com/S1/XXX/XXXX/U/>

========================================================================

mneylon · 30-10-2003 10:26PM

Uses a US IP address....
I'd report them to Spamcop... (http://www.spamcop.net)

zenith · 31-10-2003 09:21AM

FFS, Blacknight, can you PLEASE check first that Butch didn't actually opt-in before acting like the sherrif?

Just because Aer Lingus outsource their mail sending does NOT mean that they've sold Butch's address to the vicodin peddlers.

Butch, you should know better too.

mneylon · 31-10-2003 09:27AM

Zenith - if he feels that it's spam he should submit it to spamcop. Whether Aer Lingus are outsourcing their mailing or not is not important if he never gave his permission.
IF he did give permission then he should unsubscribe or keep quiet.

dmalone · 31-10-2003 10:03AM

All,

Here at Twelve Horses we take the SPAM issue very seriously because it can fundamentally harm our business.

All of our clients are encouraged to abide to 'opt-in' standards. We take every complaint seriously and try to respond to every individual who contacts us with an issue. Needless to say we provide standard unsubscribe tools but we also can override this at the request of an end user recipient who may want a 'global' block from our servers.

All of our clients are reputable companies and they fully understand the legal and customer issues surrounding email marketing. We do our best to educate them and have built in controls to actively monitor their activities. Examples include dynamic bounce threshold alarms, list scanning for spurious email addresses e.g. sales@, admin@, etc ...

We do employ a full time Privacy Officer whose job it is to ensure we remain on the major ISP whitelists. If anyone has a complaint come to us directly, we encourage it. We are honest and straightforward in our dealings. My phone number Dublin 2402502 if you wish to talk or email abuse@twelvehorses.com

Finally today sees new legislation coming into force and whilst it may help with EU originating mail I doubt it will do much to stop the tirade of rubbish we receive from unknown SPAMMERS.

However note that under the new law if you buy a product or service from a company there is implied permission for that company to communicate similar offerings to you via email.

Thanks

David Malone
CEO
Twelve Horses

mneylon · 31-10-2003 10:20AM

David

Glad to hear that you take this issue seriously.

The new EU laws should hopefully improve matters for everybody, although the bulk of SPAM is not about airlines - as we all know

DeVore · 31-10-2003 10:47AM

no its those filthy evil dirty C/R bastards! DONT YOU UNDERSTAND!!!
THE WORLD IS AT RISK AND ONLY I, YES I, CAN WARN THE PLANET
SAVE YOURSELVES! I TOLD YOU THIS WOULD HAPPEN!!!

Ahem. sorry... see what happens when threads cross...

DeV.

mneylon · 31-10-2003 10:49AM

ROFL

ecksor · 31-10-2003 10:51AM

In all fairness, if the first thing you suggest upon hearing that someone got an e-mail from a company they did business with is to report the mail to spamcop then you need your head examined.

mneylon · 31-10-2003 10:54AM

The original poster did not make it clear that s/he had done business with them in the past.
My suggestion to submit it to Spamcop was based on the premise that the email was spam ie. that the person had genuinely not give permission to be contacted etc., etc.

ecksor · 31-10-2003 10:58AM

Well, what is the alternative plausible scenario since he concluded from the use of his full name that Aer Lingus has passed on his details?

mneylon · 31-10-2003 11:04AM

An alternative plausible scenario is that I misread his original post

dmalone · 31-10-2003 11:08AM

All,

When companies engage in eMarketing via email they rely on infrastructure provided by service providers such as Twelve Horses. Our customers run our software via web browsers and purchase a secure 'domain' from us. They upload their lists, creative and send their campaigns. The data is protected and only accessible by our customers. We monitor their activities.

My guess is that the original post refers to a mail from Aer Lingus that was offering savings to him/her based on an existing customer relationship.

Rest assured that the data is protected and we conform to SAS 70 in the U.S. which means that we are a reliable source for email messaging software and infrastructure independently audited by Ernst & Young.

The confusion likely arises in that the headers contain our IP range details. As I said we can ensure that the customer will NOT receive unsolicited email if they unsubscribe or contact us directly in our Dublin office (where we employ 20 software engineers)

Thanks

David.

sceptre · 31-10-2003 11:13AM

Originally posted by dmalone
However note that under the new law if you buy a product or service from a company there is implied permission for that company to communicate similar offerings to you via email.

Hmmm.

You can still opt out later (even if a company throws that at you and won't unsubscribe you) under the Data protection act 1988 section 2.

dmalone · 31-10-2003 11:21AM

Yes you of course can opt-out or unsubscribe. Most companies abide by this and if a client unsubscribes we mark that in our database and if that client even tries to resubscribe our systems will track this and verify with the customer if they wish to receive communications.

As I said we take the issue seriously and our stance is to place the ultimate customer in control.

The legislation is clear. Opt-in is mandatory, there is implied opt-in for existing products/services but you can of course opt-out.

Hopefully that clarifies the position.

mneylon · 31-10-2003 11:23AM

You obviously respect that, however the real spammers, who use 'bullet-proof' hosting providers don't.

Butch · 31-10-2003 09:22PM

Thanks for all your responses, and particularely to David Malone for coming forward and articulating his company's policy. It's refreshing to find some serious marketeers in this industry.

Yet, I want to make some points very clear.

Originally posted by blacknight
Zenith - if he feels that it's spam he should submit it to spamcop. Whether Aer Lingus are outsourcing their mailing or not is not important if he never gave his permission.
IF he did give permission then he should unsubscribe or keep quiet

This is the core issue. I never gave Aer Lingus authorisation to use my details in marketing campaigns. From the Aer Lingus Tab Membership website:

We may also wish to use your personal details to provide you with information which you may find of interest including special offers and services offered by Aer Lingus, other carriers and service providers. We may contact you by any means of communication for which you have given us contact details. If you do not wish to receive such information please tick here.

Needless to say, I ticked this option, clearly opting out of marketing promotions, but Aer Lingus doesn't seem to pay much attention to this.

Second: Even if I gave Aer Lingus authorisation to use my details (which I didn't) I gave it to Aer Lingus solely. This doesn't authorise them to make use of my details and pass them to any tihrd party. No matter how serious they are, I believe this breaches confidentiality.

Originally posted by dmalone
We take every complaint seriously and try to respond to every individual who contacts us with an issue. Needless to say we provide standard unsubscribe tools but we also can override this at the request of an end user recipient who may want a 'global' block from our servers

David, I appreciate this (seriously), but you perfectly know about all the dodgy "opt-outs" reply addresses used only to verify the address is valid and automatically get your spam increased exponentially. I don't know about Twelve Horses. Aer Lingus should have done the decent thing and notifying their customers about their arrangement with Twelve Horses, instead of surprising them with an unknown Marketing company, no mater where the IP address originates from... Under the existing circumstances you can't expect me just to click on an "out-of-the-blue" link to "opt-out"...

And finally: I wouldn't send this to Spamcop before taking some measures. I called this morning to Aer Lingus, and their Marketing department confirmed they are outsourcing their campaigns to Twelve Horses.

I also called Twelve Horses. To my pleasant surprise, the lady on the phone was very professional and polite, listening carefully to my concerns, took my details and told me my name will be taken out of the list, advising that the problem originates with Aer Lingus, as they may send my name again for the next batch.

I still strongly disagree with Aer Lingus having used my details without my consent. I plan to raise a format complaint to them.

Regarding Twelve Horses, I am quite satisfied with their reactiveness, on the phone and by David Malone on this forum.

Regards,
Butch

oscarBravo · 01-11-2003 01:09PM

Originally posted by Butch
Needless to say, I ticked this option, clearly opting out of marketing promotions, but Aer Lingus doesn't seem to pay much attention to this.

[...]

I still strongly disagree with Aer Lingus having used my details without my consent. I plan to raise a format complaint to them.

Take it straight to the Data Protection Commissioner. Sounds like a clear breach of the DPA.

BrianD · 03-11-2003 10:15AM

Butch, Aer Lingus were wrong to send you e-mail if you opted out. If they sent it in error and as long as they take the steps to rectify it then it is really not a major issue.

You are wrong is saying that Aer Lingus were breaching your confidentiality by using a third party to execute their bulk e-mailing. Many companies use third party providers for a whole range of functions accross their field of operations. It is very common for companies with large mailing lists - whether postal or electronic - to use specialist companies to manage and execute their campaigns. Most of the time you are unaware that a third party is doing this for them. It is really irrelevant who does it as long is conducted legally and responsibly. Aer Lingus have absolutely no need to inform their customers of this ... why should they?

Personally, I am very interested in the area of data protection and companies dubiously using data but I think you're going overboard by saying that you are going to complain? What will your complaint be?

Bard · 04-11-2003 11:27AM

I signed up for regular updates from Aer Lingus so I get this all the time.

I don't care who's sending it... I signed up for it.

No big deal.

oscarBravo · 04-11-2003 11:40AM

That's fair enough, Bard, but the point is that Butch explicitly asked not to be contacted, as is everyone's right under the Data Protection Act.

ColinM · 04-11-2003 11:52AM

I opted out of all options presented by Aer Lingus too, but I got junk mail delivered to my house instead.

BrianD · 04-11-2003 03:16PM

Well Butch needs to explicitly tell them to stop contacting him! They take him off the list and case closed! Butch seems to be implying that there is something sinister about the affair with third party providers etc. They just made a cock up and they deserve the opportunity to amend the situation so that Butch no longer receives their mail.

On an aside, I heard a great story about a "junk mail" campaign that started when a well known international news magazine sold their subscription list. The recipients got unsolicited mail (possibly with products)along with a postage paid envelope to the Netherlands. Irate recipients simply taped the envelope to a red brick and put in their local post box. The mailer had to pay for all these bricks to come from around Europe and it soon put an end to this junk mailers activities!!!

oscarBravo · 04-11-2003 07:16PM

Originally posted by BrianD
Well Butch needs to explicitly tell them to stop contacting him!

He already did, that's the point!

They take him off the list and case closed! Butch seems to be implying that there is something sinister about the affair with third party providers etc. They just made a cock up and they deserve the opportunity to amend the situation so that Butch no longer receives their mail.

That's what the complaint is for. We have a Data Protection Act for a reason. What makes it serious is the fact that, despite being explicitly told not to, they gave Butch's contact details to a third party.

BrianD · 04-11-2003 08:00PM

Oscar Bravo, I think you need to read back through the postings as you are missing the point!

Butch states he has opted out of mailings but has received a mailing. He needs to inform aer lingus of this ... they have deliberately or inadvertantly sent him a mail despite his express wishes. There is nothing to indicate that he has received mails after informing aer lingus of this (assuming that he has).

There is no evidence to suggest that Aer Lingus have passed his details to a third party. They are using the services of an outside provider to execute the mailing but this is entirely different to different to selling/renting the list to another commercial entity.

If Aer Lingus have complied with Burch's to remove him from their list then they have complied with the Data Protection Act.

Let's stick with the facts please!

Butch · 04-11-2003 08:24PM

BrianD,

I disagree.

Originally posted by BrianD
He needs to inform aer lingus of this ...

I already did so when I opted out for the first time. Even if they did it "inadvertantly" or not, doesn't change the fact that they didn't comply with the DPA. Full stop.

Originally posted by BrianD
There is no evidence to suggest that Aer Lingus have passed his details to a third party. They are using the services of an outside provider to execute the mailing but this is entirely different to different to selling/renting the list to another commercial entity

And what exactly is "another commercial entity" if not a third party?. I don't have control over the terms and conditions under which Aer Lingus provided 12H with my information. I gave my information to Aer Lingus only. I never authorised them to give it to any third party, no matter how pure their commercial record is.

Originally posted by BrianD
If Aer Lingus have complied with Burch's to remove him from their list then they have complied with the Data Protection Act.

Again, see my point above. I did it when I opted out. This is what they should have complied with on the first place. They didn't.

Regards,
Butch

BrianD · 04-11-2003 08:41PM

Butch, I don't agree with your interpretation of third party. Aer Linguss pasing on your details to another company who does the "envelope stuffing" (electronically of course) just isn't passing on your details to a "third party". There's tonnes of comapnies who outsource parts of their business - look at the banks or anybody else who holds your most sensitive and personal details. I would guess that large parts of Aer Lingus.com and their payment facilities may be outsourced (I may be wrong but it is not an unreasonable assumption to make.

Passing a list on to a third party is where the third party would have full use of the list for their own purposes. I think you have got to accept that! I don't think service providers count (nor do they count under the Data Protection Act). You do have control over the terms and conditions as these are the T&Cs that apply if you had of opted-in (and we know you did not). Your agreement would be with Aer Lingus not with any service providers.

I wholehearted agree with you that they should not have added you to their mailing list if that was your wish. You do have a business relationship with aer lingus as a customer. If they added you in error they should remove you. I really don't see what the song and dance is about as if there's some sort of conspiracy.

oscarBravo · 04-11-2003 09:56PM

Brian, the definition of a third party is not a question of interpretation. When Aer Lingus outsourced a marketing function (as they are perfectly entitled to do), they handed over a list of personal data to another company. In this case, Aer Lingus are Data Controllers, and 12 Horses are Data Processors.

All this is clearly explained on the Data Protection Commissioner's website. A key point:

If you obtain peronal information for a particular purpose, you may not use the data for any other purpose, and you may not divulge the personal data to a third party, except in ways that are "compatible" with the specified purpose. A key test of compatibility is whether you use and disclose the data in a way in which those who supplied the information would expect it to be used and disclosed.

Butch provided personal information for the purposes associated with the online service, and explicitly stated that it was not to be used for marketing purposes. It was disclosed to a third party solely for marketing purposes. It seems clear-cut to me.

I don't see a "song and dance" being made here - this isn't just a mistake; it's a breach of the type of controls Aer Lingus are supposed to have in place as a registered Data Controller.

BrianD · 05-11-2003 01:27AM

Well you have found the paragraph that exactly sums up my point! 12 Horses are a "data processor" and not a "third party" and it is not unreasonable to assume that such a company may be employed to process the data that a company collects from the customers. However, you are a bit selective on quoting from the act! The paragraph immediately after the one you quoted reads:

Note that transfers of personal data to agents of yours, who are carrying out operations upon the data on your behalf and not retaining it for their own purposes, do not constitute "disclosures" of data for the purposes of the Act.

Therefore the airline has NOT handed their list over to a "third party" - by this I mean another company who would actively use this list for their own marketing purposes. We have to be clear cut, as you say, here - the data was not being used by a third party for marketing purposes merely being processed on behalf of the airline, the data controller.

I have repeatedly stated that the airline were wrong to send Butch marketing material when he expressly stated otherwise. It does raise an interesting topic of debate. Butch's personal data is going to be stored somewhere at the airline - he is a customer after all. In most businesses it is not unreasonable for the supplier to contact their customers with new offers, product news etc.. A fair use of the data - I think so. It is quite simply, rude but not illegal for the airline to send Butch data when he doesn't want it!

Sloppy data entry is probably why Butch received a mailing from a company of whom he is a customer. However, as long as Butch points this out to the airline and they rectify the situation then the airline are acting according to best practice (they have to confirm that they have removed you in writing within 40 days).

Much of the DPA legislation is aimed at "direct marketing companies" i.e companies who market on behalf of others. The airline in question is not a direct marketing company. Note that the airline does not need to register as a Data Controller.

oscarBravo · 05-11-2003 10:51AM

I suspect we're going to end up having to agree to differ here, but...

Originally posted by BrianD
Well you have found the paragraph that exactly sums up my point! 12 Horses are a "data processor" and not a "third party" and it is not unreasonable to assume that such a company may be employed to process the data that a company collects from the customers.

Data Processors are third parties. They just happen to be third parties with specific responsibilities under the Act.

Therefore the airline has NOT handed their list over to a "third party" - by this I mean another company who would actively use this list for their own marketing purposes.

With respect, Brian, it doesn't matter what you mean by "third party". Besides:

You should also note that, even though such transfers would not involve "disclosure" of personal data, the data controller might also have to consider whether the data have been "fairly obtained" for these purposes.

I have repeatedly stated that the airline were wrong to send Butch marketing material when he expressly stated otherwise.

This we agree on.

It does raise an interesting topic of debate. Butch's personal data is going to be stored somewhere at the airline - he is a customer after all. In most businesses it is not unreasonable for the supplier to contact their customers with new offers, product news etc.. A fair use of the data - I think so. It is quite simply, rude but not illegal for the airline to send Butch data when he doesn't want it!

For various values of "illegal", maybe.

Sloppy data entry is probably why Butch received a mailing from a company of whom he is a customer. However, as long as Butch points this out to the airline and they rectify the situation then the airline are acting according to best practice (they have to confirm that they have removed you in writing within 40 days).

If through "sloppy data entry" I accidentally disclose details of someone's mental health or sexual orientation to a third party, do I make it OK by correcting my database? (Note that I am a registered Data Controller, and I take the responsibility seriously.)

Much of the DPA legislation is aimed at "direct marketing companies" i.e companies who market on behalf of others. The airline in question is not a direct marketing company. Note that the airline does not need to register as a Data Controller.

The DPA is aimed at anyone who holds personal information about anyone else on a computer. Not being required to register in no way relaxes your obligations under the Act:

All data controllers must comply with certain important rules about how they collect and use personal information on computer.

Some data controllers must register annually with the Data Protection Commissioner, in order to make transparent their data handling practices.

BrianD · 05-11-2003 01:37PM

Personally, I believe that Butch was grossly irresponsible and reckless with the posting that he originally made. The implication of the posting that he made and subsequently made was that aer lingus were passing on his details to other companies for spamming. Just read the first line of the posting:

Today I received a dodgy spam email - supposedely sent on behalf of Aerlingus.com. The company behind the mass emailing is called Twelve Horses.

From other posts it became evident that this other company (12 horses) was in fact a data processor contracted by Aer Lingus. He states that mail was supposedly from Aer Lingus when in fact it was overtly from Aer Lingus, referred to Aer Lingus offers and also contained an unsubscribe method. Very much above board. Only with expert knowledge would you be aware from the message header that 12 horses were employed to pprocess the data. Nothing dodgy about this what so ever. It was very reckess to suggest reporting Aer Lingus to spamcop.

We are splitting hairs over the definition of a "third party". Yes, 12 horses is a "third party" but I was loosely using this term to describe another company that might use his information for their own purposes. Sorry if my use of the term caused confusion. I think there is a massise difference between 12 Horses processing the data on behalf of Ael Lingus and Aer Lingus renting the data to, say, a credit card company. Butch's key concern and bug bear was a disclosure of his data - clearly this is not the case here where 12 horses is a procesor

The "dodgy spam email" that Butch referred to was in fact a customer offer from an airline that he has conducted business with in the past. It does raise issues of how companies can communicate with there customers in this age. We are told to know our customers and assist them. At the same time as a customer, especially a regular customer, we expect our suppliers to know our needs and respond to them. How can we achieve this when the customer says don't contact me? Butch would be rightly annoyed if he found he could buy his Aer Lingus tickets cheaper - "Why the hell didn't you tell me!!".

I would maintain that Butch's personal data was fairly obtained as he is a customer of the aforementioned airline. It is also a fair use of the data.

I accept the point about disclosure of higly personal data (religion. sexual orintation etc.) However, this is not strictly relevant in this case as we are dealing with a business to consumer situation. It is essential that all data controllers - registered or not - secure their data and only allow relevant data to be used in appropriate ways.

I don't believe that Aer Lingus have breached the DPA by sending him an e-mail with a customer offer. I doubt if Butch could bring a complaint to the Data Commissioner. What aer lingus have done is angered a customer who did not want them to communicate with him. A far cry from spamming!

Our man in Havana · 05-11-2003 02:17PM

If Butch asked Aerlingus not to send him email then they should not send him email. They did. Breach of Data Protection Act 1988-2003.

Butch, Have you contacted the Data Protection Commisioner?
website

Butch · 05-11-2003 02:31PM

Originally posted by Bond-James Bond
Butch, Have you contacted the Data Protection Commisioner?
website

Not yet. I decided firstly to raise my concerns to Aer Lingus Marketing Department, and to give them a fair chance to explain themselves, i.e.

- Written acknowledgment that Aer Lingus is outsourcing their Marketing campaigns to a Third Party Company (12H or any other).
- Full disclosure on which information out of my personal record has been produced to this third party and for which purposes.
- Full explanation on how this third party is commited to keep my data private.
- Explanation on measures taken to avoid this "mistake" to happen again (i.e. passing on my data, despite I opted-out)

Then I will evaluate my course of action, which may probably involve the DPC.

Regards,
Butch

BrianD · 05-11-2003 02:36PM

Not as simple as that James Bond. Where's the breach? Detail please. Check the data commissioners web site and words such as "should have their wishes respected" are used. Hardly what you'd call stern legal stuff. Doubt if you'd get much more than that if you wrote to the commissioner especially when Butch there is an explicit opt out method in the mail Butch received.

Just like the instant and ridiculous cry to contact Spamcop ...butch would want to review the situation before he contacts the Commissioner.

However, it appears that Butch is now taking the reasonable approach to dealing with something that has clearly annoyed him. I just don't see the relevance of the first two questions he is asking. Why not ask are you sure that your employees won't flog the list to someone else on the QT? Who operates your web site? What controls have the credit card companies have you in place? What measures have your check in agents go in place .... Will you post the reply that you get from Aer Lingus?

ArphaRima · 05-11-2003 02:47PM

This is hilarious.

One e-mail is erroneously sent to a customer.
Customer explodes.

Come on lads. Who really cares. Its a single Irish company that asked for your e-mail address; they didnt pass on your information to third parties for their own marketing uses, only hired another company to do the e-mailing for them.

Butch is probably one of those people that when someone is smoking in the same building as him he waves his hands in front of his face, grumbles something to himself and makes the most disgusting face, just to make a point. Enjoy your rant.

BrianD · 05-11-2003 03:50PM

well, I might be doing the same as Butch then while arguing the finer points of the DPA!

oscarBravo · 05-11-2003 05:42PM

Originally posted by BrianD
It does raise issues of how companies can communicate with there customers in this age. We are told to know our customers and assist them. At the same time as a customer, especially a regular customer, we expect our suppliers to know our needs and respond to them. How can we achieve this when the customer says don't contact me? Butch would be rightly annoyed if he found he could buy his Aer Lingus tickets cheaper - "Why the hell didn't you tell me!!".

http://www.dataprivacy.ie/97cs9.htm

I would maintain that Butch's personal data was fairly obtained as he is a customer of the aforementioned airline. It is also a fair use of the data.

This is our major area of disagreement: it's not a matter for either you or Aer Linugs to decide what's a fair use of the data. If I tell them I don't want them to do <whatever> with my data, they are explicitly prohibited by the DPA from so doing.

I accept the point about disclosure of higly personal data (religion. sexual orintation etc.) However, this is not strictly relevant in this case as we are dealing with a business to consumer situation. It is essential that all data controllers - registered or not - secure their data and only allow relevant data to be used in appropriate ways.

I don't believe that Aer Lingus have breached the DPA by sending him an e-mail with a customer offer. I doubt if Butch could bring a complaint to the Data Commissioner. What aer lingus have done is angered a customer who did not want them to communicate with him. A far cry from spamming!

To be fair, I wouldn't call it spamming either. It does seem to be a breach of the DPA, however, and that shouldn't be taken lightly.

BrianD · 06-11-2003 12:48PM

I don't see the exact relevance of the Data Privacy case that you have quoted in your posting. This suggests that it is OK to contact people who have indicated that they don't want to be contacted. The case suggested that another set of options be put to each individual that are essentially the same as what would have been on the form they completed in the first place. Furthermore, many people who receive mails are bothered one way or the other and may not actively respond to it. I'm not sure of the logic that was behind the Commissioners decision on this one!

The mail was straightforward special offer from Aer Lingus that does contain an opt-out method. I don't think it falls into the same category as the situation detailed in the case that you linked to as it also concerns a business that was emailing on behalf of other clients.

oscarBravo · 06-11-2003 01:10PM

You suggested that people who (like Butch) asked not to be contacted by the airline might be annoyed at not being contacted, because of missing out on special offers etc.

In the cited case, the Data Controller

had received explicit complaints from people who had opted out about not being contacted;
contacted the DPC to see if it would be OK to contact people with the sole purpose of clarifying their choice to opt out.

In this case, the DPC allowed a once-off communication for that sole purpose, and was prepared to accept complaints about that communication on their merit.

If Aer Lingus are afraid of offending their opted-out customers, that's how they should handle it - not by mailing them against their explicitly stated wishes.

Aerlingus Spam - Twelve Horses

Comments