Invasive and unfair teleselling business practices have raised concerns about protecting consumers and personal data. Adhering to the new Code, which provides operational guidelines to ensure compliance with privacy regulations, offers benefits in terms of transparency and compliance but also requires careful compliance with the provisions under the GDPR.
In recent years, the increase in invasive and unfair business practices perpetrated through operator-assisted telephone calls ( telemarketing ) has raised concerns regarding consumer protection and personal data protection. The sanctions that the Privacy Guarantor imposed on large telecommunications or energy companies are just one indicator that describes a complex situation where the companies’ lack of transparency and the loss of data control is now a rule.
To stop these telephone marketing pathologies, starting in 2022, tools have been implemented to support interested parties and operators.
It is therefore necessary to mention the new Public Register of Oppositions, operational since July 2022 and extended to mobile numbers, and the Code of Conduct for telemarketing and teleselling activities, recently approved by the Privacy Guarantor in March 2023. The Code of Conduct, in particular, is a peculiar instrument that deserves further study, especially about some aspects that should be highlighted more.
The Code of Conduct represents a vital accountability tool that can support its adherents in processing activities related to telemarketing and teleselling. The use of the verb form in the future tense is mandatory, considering that to date (May 2023), the Code of Conduct has only been approved by the Privacy Guarantor and has yet to be effective. The Monitoring Body, which will guarantee compliance by members with the provisions of the Code itself, has yet to be identified.
In any case, the objective is in the introductory part of the text of the Code the provide operational indications to members to carry out telephone contact activities with operators for promotional purposes (telemarketing) or direct sales in compliance with privacy legislation. (teleselling), towards natural persons, freelancers, or even individual businesses. The Code contains indications for carrying out the processing activities in question in a compliant manner. However, it is essential to focus on some details after countless and complete articles on the topic.
Also Read: How To Improve Your Agency Marketing With Data-Driven
One of the main problems detected by the Privacy Guarantor in the preliminary investigations culminating in administrative fines (for example, the end of TIM SpA in January 2020 or the end of Sky Italia Srl in September 2021) was the lack of correct management of the blocklists or “exclusion lists from commercial campaigns.” An updated blocklist allows operators to identify and avoid contacting the telephone numbers of those who have expressed their desire not to receive commercial calls.
The Code of Conduct highlights the importance of blocklists, especially the updating of these lists, the need for which must also be formalized in a procedure for managing requests to exercise the rights of interested parties, which the owner must adopt and also have adopted if the same make use of services made available by suppliers who act as data controllers (e.g., call center). The owner must also worry about blocklists when acquiring a contact list from a list provider (independent data controller). In fact, in the accepted list, there must be no subjects who have already expressed a specific opposition or who have revoked the owner’s consent.
Finally, suppliers who offer call center or teleselling services as data controllers must register all requests for opposition or revocation of consent in specific blocklists and then forward them to the owner within 24 hours from receipt of proposals. If necessary, the supplier can send the logs of the results of the contacts using automated methods. In any case, these activities must be included in the procedure for managing requests to exercise the rights of interested parties that suppliers must adopt.
The GDPR requires data controllers to implement security measures, review and update where necessary, adequate, and be able to demonstrate that the processing carried out complies with the regulation. The codes of conduct allow the Data Controller to guarantee, from a practical point of view, compliance with the identification of the risk associated with the processing in terms of nature, probability, and severity and the title of best practices to mitigate the risk.
Adherence to a code of conduct constitutes a tool to improve transparency towards interested parties. Without a doubt, as indicated by the European Data Protection Board in the “Guidelines 1/2019 on codes of conduct and monitoring bodies”, it is a factor taken into consideration by the supervisory authority if it is necessary to impose an administrative sanction.
As anticipated, the issue of sanctions about treatments linked to telemarketing is vital in light of the administrative fines imposed on many companies. The highest sanctions concern the so-called ” aggressive telemarketing ” carried out through the illicit use of the personal data of interested parties who had not given any consent for this purpose or which had not been collected in compliance with the provisions of the articles. 6 and 7 of the GDPR and Guidelines 5/2020 on support under Regulation (EU) 2016/679 issued by the EDPB.
Therefore, adherence to a code of conduct is undoubtedly a factor that is considered. Still, it does not exclude the application of a sanctioning measure, i.e., liability towards the data controller/processor who implements violations of the provisions of the GDPR. Think of a company that decides to adhere to the Code but cannot guarantee complete control of the “supply chain” of its managers or sub-managers or if its suppliers do not comply with the owner’s provisions.
While on the one hand, adhering to a code of conduct has many advantages, on the other, it is also important to underline that for an Owner to be able to undertake this commitment, they must slavishly respect what is indicated in the Code and make use of educated and trained personnel who assist the company in compliance with the provisions.
Furthermore, it is essential to underline that the codes of conduct are subject to control by the independent monitoring body, which has the task of verifying compliance with the provisions of the Code. Data controllers who decide to adhere to the Code of Conduct are subject to controls defined by the body itself, even without notice. Failure to comply with the provisions may result in sanctions against the member, which vary based on the seriousness of the violation up to exclusion.
The Code of Conduct, therefore, represents a great guarantee to the interested parties and is of great help to companies as it provides the necessary tools for greater compliance with the legislation. This is an important step, which also, thanks to the timeliness of the Guarantor Authority, aims to counter all those illicit activities. Activities that, despite the adoption of ad hoc regulations, remain uncontrolled and widespread despite being of primary importance for the authorities, as also demonstrated by the inspection plan adopted by the Privacy Guarantor.
Also Read: A Compact Guide To Ringless Voicemail Marketing For Small Business
Social media marketing and search engine optimization (SEO) are two pillars of digital marketing that… Read More
Many people consider True Wireless Stereo (TWS) headsets essential since they provide wireless communication without… Read More
“Transformation,” the new martingale for decision-makers, has been on everyone’s lips for several years. Digital… Read More
Finding the most sensible expressions for your website is one of the essential pieces of… Read More
Working in the field requires very good communication and access to always up-to-date information. Constantly… Read More
For businesses that regularly engage in competitive bidding, Request for Proposal (RFP) processes can be… Read More