Active discussions

Meet the Other Phone. Only the apps you allow.

Meet the Other Phone.
Only the apps you allow.

Buy now

Please or to access all these features

Talk
Chat

Join the discussion and chat with other Mumsnetters about everyday life, relationships and parenting.

Original poster

A GDPR question

10 replies

sortinittout · 21/12/2023 08:26

If you use an organisation's services, but optbout of marketing, you normally continue to get transactional comms relating to your account etc. However, if an organisation says you must subscribe to marketing in order to continue to access their services, is it a breach of GDPR?

OP posts:
JustGotToKeepOnKeepingOn · 21/12/2023 08:56

If you've opted out you shouldn't receive any further comms from an organisation. And yes, it's a breach.

Malarandras · 21/12/2023 08:58

If they’re upfront in telling you I’m not sure if it is a breach of GDPR. look it up on the Information Commissioner office it’s extremely helpful.

givemushypeasachance · 21/12/2023 09:03

You aren't supposed to "coerce" consent for marketing by saying you have to sign up to marketing to receive a service from us; hence why opting in should now be the default for most things. The ICO says:

"Data protection law has a high standard for what counts as consent. For consent to be valid, you must make it very clear to people exactly what they’re consenting to, and they need to give their consent freely. This means you can’t require consent in exchange for a service. You also need to make sure consent is given by an ‘affirmative action’ – or, in other words, the person actively takes a step to give you their consent. You can’t use pre-ticked opt-in boxes. People can withdraw their consent at any time and you should make it as easy as possible for them.

If you’re relying on consent, you can’t use people’s personal data for any purpose other than the one they originally consented to. For example, if someone gives you consent for their details to be used for a prize draw, they’re hoping to hear from you if they win. However, the consent they’ve given for their details to be used for the prize draw can’t be carried over for anything else. They don’t expect to hear from you about anything else."

TheCompactPussycat · 21/12/2023 09:06

I don't think it's a breach of GDPR as they have been up front about collecting your data and given you the option not to share it ( by not using their services).

DRS1970 · 21/12/2023 09:14

If their core business is centered on the need to send out marketing, such as a digital catalogue for example, then they are not strictly breaking any rules. But if they are forcing you to receive marketing in order to continue to use their core services, then they are not strictly operating within the spirit of the rules, as you cannot use coercive behaviours to make people opt to continue to receive marketing.

ConflictofInterest · 21/12/2023 09:18

It's not a breach because they've told you how they're going to use your data. If you don't want them to do that then you can make an informed choice not to use their services. It would only be a breach if they hadn't told you they were going to do this or continued after you told them not to.

Blueroses99 · 21/12/2023 09:20

It is a breach based on the information provided by @givemushypeasachance
”This means you can’t require consent in exchange for a service.”

Brandyginger · 21/12/2023 09:22

It’s a contractual term so it’s up to them what they put in their contract and you chose to sign up to so not a breach per se.

if they are relying on consent as an article 6 legal basis to process your data than the previous poster’s point about coercive consent would be a good avenue to persue.

however I suspect they are relying on the article 6 legal basis of legitimate interests (which is what I would advise them to do) so I think the coercive consent points wouldn’t be relevant.

Original poster
sortinittout · 21/12/2023 10:14

givemushypeasachance · 21/12/2023 09:03

You aren't supposed to "coerce" consent for marketing by saying you have to sign up to marketing to receive a service from us; hence why opting in should now be the default for most things. The ICO says:

"Data protection law has a high standard for what counts as consent. For consent to be valid, you must make it very clear to people exactly what they’re consenting to, and they need to give their consent freely. This means you can’t require consent in exchange for a service. You also need to make sure consent is given by an ‘affirmative action’ – or, in other words, the person actively takes a step to give you their consent. You can’t use pre-ticked opt-in boxes. People can withdraw their consent at any time and you should make it as easy as possible for them.

If you’re relying on consent, you can’t use people’s personal data for any purpose other than the one they originally consented to. For example, if someone gives you consent for their details to be used for a prize draw, they’re hoping to hear from you if they win. However, the consent they’ve given for their details to be used for the prize draw can’t be carried over for anything else. They don’t expect to hear from you about anything else."

Thanks. I will quote that in my correspondence with the service provider.

OP posts:
Original poster
sortinittout · 21/12/2023 10:23

DRS1970 · 21/12/2023 09:14

If their core business is centered on the need to send out marketing, such as a digital catalogue for example, then they are not strictly breaking any rules. But if they are forcing you to receive marketing in order to continue to use their core services, then they are not strictly operating within the spirit of the rules, as you cannot use coercive behaviours to make people opt to continue to receive marketing.

Thanks. They're not a marketing company. They run sports centres.

OP posts:
New posts on this thread. Refresh page