The regulator of PRS said such "soft opt-in" consent is legitimate, subject to conditions, under the terms of UK privacy laws governing direct marketing by electronic communications.
PhonepayPlus said it had revised its guidance on 'privacy and consent to charge' rules after questions were raised about the meaning of 'consent' within its Code of Practice. The Code sets out the rules that PRS providers must abide by when delivering PRS.
Under the PhonepayPlus Code, PRS providers cannot contact consumers without their consent. The Code requires PRS providers to give consumers they do contact "an opportunity to withdraw consent" and prohibits those firms from contacting consumers that have withdrawn their consent to be contacted.
Firms that are in control of or are responsible for the operation, content and promotion of a PRS and/or the use of a facility within a service, are required by the Code to "be able to provide evidence" establishing that consumers' consent to be contacted was given on the basis of information previously collected about those consumers who used a PRS.
In its revised guidance PhonepayPlus said PRS providers have the general right to market to consumers who have previously purchased their similar products or services without having to seek new consent for that marketing activity. However, the regulator said the scope of the marketing messages must be targeted and that consumers must be given a chance to opt-out of purchasing the service.
"Soft opt-in marketing materials must relate to that marketer’s products or services and only concern similar products to the individual’s initial purchase, or area of interest (e.g. it would not be appropriate to promote adult services to someone who had only previously purchased ringtones)," PhonepayPlus said in its compliance update. "Soft opt-in consumers must be given a simple means of opting out at the time of initial purchase, and in each subsequent promotion."
"Where soft opt-in conditions are not met a positive action signifying consent must be obtained from consumers after clear information about the intended activity has been provided. For example, where the individual’s details are to be passed to third parties, they must be clearly informed of this, and positively confirm their acceptance (a practice known as ‘hard’ opt-in). While it is not mandatory to use hard opt-in for consent to marketing which is not from third parties (i.e. where soft opt-in applies), providers can also seek hard opt-in consent."
PhonepayPlus said "the soft opt-in practice" would be legitimate providing PRS providers comply with the UK's Privacy and Electronic Communications Regulations (PECR).
Under PECR it is generally prohibited for an organisation to transmit or instigate the transmission of unsolicited communications for the purposes of direct marketing by means of electronic mail unless the person receiving the mail has notified prior consent for the messages to be sent.
Companies can send direct marketing via electronic mail if they have "obtained the contact details of the recipient of that electronic mail in the course of the sale or negotiations for the sale of a product or service to that recipient", where the marketing is for "similar products and services only" and providing the recipient has a "simple means" to refuse the use of their contact details for that marketing "at the time of each subsequent communication."
Recipients must not be charged when opting-out other than what it costs them for the "transmission" of their refusal, according to the Regulations.