Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

A company tried to buy my email list

  • 28-12-2018 12:50pm
    #1
    Registered Users, Registered Users 2 Posts: 236 ✭✭


    I have a beauty website with just over 37,000 registered users. A few weeks ago I was contacted by a company who wanted to purchase the list of email addresses of all 37,000 of my users. I turned them down straight away. I value my members privacy too much and I've worked too hard to build up my audience to risk it all for a small payout.

    But the reason why I'm here is to try and understand why this company would be trying to buy these emails? If I had given them my 37,000 email addresses what would they do next with that? I thought it was illegal for a business to email a person without previous agreement to do so? How would it have benefited them?


Comments

  • Registered Users, Registered Users 2 Posts: 1,194 ✭✭✭Stanford


    Do a % of these people represent business opportunities for this company?


  • Registered Users, Registered Users 2 Posts: 236 ✭✭Lauras Law


    Stanford wrote: »
    Do a % of these people represent business opportunities for this company?

    Yes, my users would be the exact target audience for this company. Also it's a legit UK company which surprised me even more that they were trying to buy emails.


  • Registered Users, Registered Users 2 Posts: 1,194 ✭✭✭Stanford


    Well thats your answer then, if you had sold the list you could have been fined under the GDPR rules, they could offer their products to your customers on the basis that even if a % bought it would represent a good (if not illegal) business opportunity.

    Its not illegal per se to e-mail somebody provided you offer an opt-out clause


  • Registered Users, Registered Users 2 Posts: 18,996 ✭✭✭✭gozunda


    OP - remember you also have legal obligations under GDPR regulations and legislation as to your customers personal data including their email addresses ...

    See:
    http://gdprandyou.ie


  • Registered Users, Registered Users 2 Posts: 3,454 ✭✭✭NSAman


    Lauras Law wrote: »
    I have a beauty website with just over 37,000 registered users. A few weeks ago I was contacted by a company who wanted to purchase the list of email addresses of all 37,000 of my users. I turned them down straight away. I value my members privacy too much and I've worked too hard to build up my audience to risk it all for a small payout.

    But the reason why I'm here is to try and understand why this company would be trying to buy these emails? If I had given them my 37,000 email addresses what would they do next with that? I thought it was illegal for a business to email a person without previous agreement to do so? How would it have benefited them?

    Quick access to similar clients and probably sales oriented.

    I run a few businesses with around 200K active clients on them. I get these offers all the time. Never do I divulge my clients information. Never would I allow anyone to strip the company of that information. It is your business after all and you faught hard to get those clients. If you sell the business with 37K active clients that is money in the bank for a potential purchaser.


  • Advertisement
  • Closed Accounts Posts: 260 ✭✭rd1izb7lvpuksx


    Stanford wrote: »
    Well thats your answer then, if you had sold the list you could have been fined under the GDPR rules, they could offer their products to your customers on the basis that even if a % bought it would represent a good (if not illegal) business opportunity.

    Its not illegal per se to e-mail somebody provided you offer an opt-out clause

    It is unlawful to use personal data (including email address) without consent for direct marketing purposes. You can't send marketing email and cover yourself with an opt-out.


  • Registered Users, Registered Users 2 Posts: 53,055 ✭✭✭✭tayto lover


    How much did they offer?


  • Registered Users, Registered Users 2 Posts: 1,194 ✭✭✭Stanford


    OP you would be well advised to raise a concern with the Data Protection Commissioner to protect your own interests in this matter

    https://www.dataprotection.ie/


  • Registered Users, Registered Users 2 Posts: 1,194 ✭✭✭Stanford


    How much did they offer?

    And the relevance of this is???????????????


  • Registered Users, Registered Users 2 Posts: 33,518 ✭✭✭✭dudara


    Depending on how you collected the email addresses, and the details of your privacy policy, you may not be able to sell the email list either.

    Nothing wrong with buying / selling email addresses, but all sides need to be very transparent that it is taking place.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 236 ✭✭Lauras Law


    Just to clarify, I am not, and will not be selling my users email addresses to any 3rd party.

    I just want to understand how purchased emails could be of any use to a company if its illegal for them to actually email those people.


  • Registered Users, Registered Users 2 Posts: 1,194 ✭✭✭Stanford


    You have no guarantee that they will behave legally


  • Closed Accounts Posts: 260 ✭✭rd1izb7lvpuksx


    Mr.S wrote: »
    If you specifically mention in your ToS / sign-up / checkout page etc giving customers the option to "receive special offers from third parties" (or variants of that messaging) then you would be able to sell the lists of third party opt-in's and be GDPR compliant, no?

    For B2C, under GDPR and PECR, no. If you are relying on consent as the lawful basis for processing, then you will need to collect informed consent from the user for each company that you share their email with, and be able to demonstrate that they understood that they were providing consent for that company to process their details for marketing purposes. A recent ruling in France affirmed that consent cannot to another controller through a contractual relationship, so you would have to be very careful.

    For B2B, PECR means marketing is fine with an opt-out.


  • Registered Users, Registered Users 2 Posts: 1,122 ✭✭✭killanena


    How much did they offer?

    Stanford wrote:
    And the relevance of this is???????????????

    He asked a question out of curiosity. I would like to know also if the op is willing to share that information.


  • Closed Accounts Posts: 152 ✭✭Simple_Simone


    Lauras Law wrote: »

    I just want to understand how purchased emails could be of any use to a company if its illegal for them to actually email those people.

    Perhaps the purchaser could circumvent GDPR by issuing emails to your contact list from a country outside the EU?


  • Closed Accounts Posts: 260 ✭✭rd1izb7lvpuksx


    Lauras Law wrote: »
    Just to clarify, I am not, and will not be selling my users email addresses to any 3rd party.

    I just want to understand how purchased emails could be of any use to a company if its illegal for them to actually email those people.

    It's probably unlawful for them to store those people's PII at all, even without emailing them. Very hard to see a lawful outcome for them.


  • Registered Users, Registered Users 2 Posts: 33,518 ✭✭✭✭dudara


    Perhaps the purchaser could circumvent GDPR by issuing emails to your list from a country outside the EU?
    . Doesn’t matter, GDPR will still apply as the recipients reside within the EU. GDPR has implications for any business in the world dealing with EU residents. Some US websites have simply stopped serving content in the EU rather than deal with GDPR.


  • Closed Accounts Posts: 260 ✭✭rd1izb7lvpuksx


    Perhaps the purchaser could circumvent GDPR by issuing emails to your contact list from a country outside the EU?

    GDPR applies to data about European residents held anywhere in the world - there's no geographic limitation.


  • Registered Users, Registered Users 2 Posts: 1,194 ✭✭✭Stanford


    Perhaps the purchaser could circumvent GDPR by issuing emails to your contact list from a country outside the EU?

    It is the illegal acquisition of these addresses that flouts GDPR in the 1st place


  • Closed Accounts Posts: 26,658 ✭✭✭✭OldMrBrennan83


    Could it be got around with a simple consent popup thing? The vast majority of people don't read those and just click ok, especially since they're on all websites now.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,194 ✭✭✭Stanford


    Patww79 wrote: »
    Could it be got around with a simple consent popup thing? The vast majority of people don't read those and just click ok, especially since they're on all websites now.

    Who would be asked to "consent" and why would PPI be needed for pop-ups?


  • Registered Users, Registered Users 2 Posts: 236 ✭✭Lauras Law


    A large number of my members are based in Canada and the US. Maybe it wouldnt be illegal for a company to email consumers without permission in these countries?


  • Registered Users, Registered Users 2 Posts: 749 ✭✭✭EmptyTree


    Stanford wrote: »
    It is the illegal acquisition of these addresses that flouts GDPR in the 1st place
    Is it A. the acquisition, B. the sale or A and B of the data that is illegal?


  • Closed Accounts Posts: 2,067 ✭✭✭368100


    Stanford wrote: »
    And the relevance of this is???????????????

    *eyerolls*


Advertisement