You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
So, now GDPR has kicked in, I've been looking at my junk mail folder.
Sure, a lot of spam comes from illegitimate sources that don't care about the law. Most spam I get like that is random content and untraceable senders on botnets.
But then I get a fair chunk from the same sources and big companies. For example a whole load on a daily basis trying to sell me Nike gear, Sunglasses, etc. All with a footer from RetailMeNot, Inc., 301 Congress Avenue Suite 700, Austin, TX, 78701 USA.
Yes, they're outside the EU, but the law still applies to them. They're a big coupon related company ( https://en.wikipedia.org/wiki/RetailMeNot ) and chances are I'd used one of the coupon companies they own, but as I use a personal domain with individual addresses to sign up to stuff, the address that's coming in on is definitely not one I'd have signed up for a coupon with.
Therefore they're sending emails I haven't opted-in for and unsolicited. They're a big company with $250m revenue. GDPR applies to them for having personal data on EU individuals without permission.
I notice in their annual report they actually talk about GDPR being a risk to them in costs and fines. https://seekingalpha.com/filing/3418180
So what's the process?
Have these emails genuinely come from the address they give in the email or have they been spoofed?
First of all contact them and request your right to erasure. They have 1 month to respond to this request..
If you still receive this email or they do not comply report them to the ICO.
Out of interest. Can GDPR stop all the LinkedIn requests I get on a daily basis? (I’m not, and never have been, a user)
Clicking unsubscribe normally works a treat for me these days.
But then I get a fair chunk from the same sources and big companies. For example a whole load on a daily basis trying to sell me Nike gear, Sunglasses, etc. All with a footer from RetailMeNot, Inc., 301 Congress Avenue Suite 700, Austin, TX, 78701 USA.
Yep, I get loads of SPAM form them. Unsubscribing doesn't appear to work, they just send more email.
I’ve been looking at my junk mail folder
Why? Sounds like it's doing it's job and not worth worrying about to me... Unsubscribe, what's the worst that could happen?
Out of interest. Can GDPR stop all the LinkedIn requests I get on a daily basis? (I’m not, and never have been, a user)
Nope that is spam teasing you to click the link from somebody dodgy
request your right to erasure.
They just need to give us a little respect.
Taboom Tish
Sounds awful, dealing with junk mail can take a whole day up can’t it.
I’d definitely complain to The ICO, save all the mails, print them all out and post them with a covering letter.
Or, hey, don’t look in your junk mail folder.
Why? Sounds like it’s doing it’s job and not worth worrying about to me
...
Or, hey, don’t look in your junk mail folder.
Because under GDPR big corps sending this stuff can now be hit with massive fines 😁
Junk mail folder sure is doing the job and normally I'd ignore it, but it's the principle of it and that we can hit some of them at least. Dodgy spammers are going to continue, but supposedly legitimate big companies with bad practices can get a nice slap as far as I'm concerned.
Junk mail folder sure is doing the job and normally I’d ignore it, but it’s the principle of it and that we can hit some of them at least.
I heard all the spam kings of no fixed abode with a revolving door of tech and companies are quaking in whichever non eu country they are in.
Yeah, the likes of Retailmenot have already sold your details on the the revolving door spammers, so it'll be a waste of time anyway.
It can be worth it if you can track down the source of the spam. a few years ago I started getting targeted financial services offers from a reputable company. I got from them that the nursing council who I have to register with had sold all nurses details to them. Obvious breach of data protection. The NMC tried to claim it was OK as they asked via their magazine folk to opt out and refused to either apologise or get my name removed from the mailing lists. the ICO censured them, made them and the financial services company delete all details and made them make a public apology.
i'm so bored at work i'm reading this thread.
They're of a definite fixed abode and I know the source of the spam.
Not bothered about the spam and that they've sold it on (possibly), or even about being removed if I request it (I shouldn't have to, I didn't ask to be on the list in the first place). It's that this is a big company that should know better (they are aware of GDPR) and that can potentially be hit. 2% of $250m revenue is a fair chunk to get slapped with.
Though there's a big question over how the EU can fine US companies with EU residents data, but they think they can. They are worldwide operating and have presence (at least web sites) in UK.
It's a potential test of GDPR basically.
This is all just theoretical and part boredom 😉
Because under GDPR big corps sending this stuff can now be hit with massive fines
1. They haven’t necessarily done anything wrong; half the world misunderstood the rules (having paid for duff advice from a consultant who only listened to half the workshop he did to put on his CV) - there is no actual requirement to seek your consent / opt in to communications. .
2. The ICO has already said it isn’t planning to use draconian fines as it’s first tool to solve problems.
3. The ICO effort would be better used to focus on breaches of privacy that have some real adverse impact, rather than marketing junk which gets filtered.
4. If you want to find their wrongdoing rather than simply asking for erasure (which they may not comply with but if they put a do not email flag of your account you will think they did) you would be better to make a subject access request asking for details of all data they hold on you and how it is processed.
5. GDPR doesn’t just apply to big corps sending this stuff, but to all organisations holding data. Beware the fear those fines cause in the small pegs you might actually like getting stuff from.
1. They haven’t necessarily done anything wrong; half the world misunderstood the rules (having paid for duff advice from a consultant who only listened to half the workshop he did to put on his CV) – there is no actual requirement to seek your consent / opt in to communications.
The rules around sending unsolicited emails didn't change with GDPR, they were set back in 2003 with the PECR regs. What has changed with GDPR is how consent is recorded and how robust that is when tested.
My understanding is a company needs consent to send you unsolicited marketing emails and texts. That consent can come in several forms, but really unless you have soft-opted in by making an enquiry or purchase from the company for a similar product in the recent(ish) past, they still need your consent for sending unsolicited electronic comms.
You can use legitimate interest to contact people as the consent, but not for unsolicited marketing.
None of this is meant to be arsey at all. If you think I'm wrong with this, I'd genuinely love to know what I've misunderstood so I can do a bit more.
Ta
I am the resurrection. Your synopsis is about right (I assume you mean “legal basis” not “consent” in your penultimate paragraph?). But the OP indicates he probably has dealt with the company, albeit via a different email address; so may have soft opted in - it is for them to justify their usage of his data not the data subject to declare all use is wrong. Now there is an interesting question there if you use an address like disposable@stw.com to sign up to stuff but then cash in the voucher with real@stw.com if they can use the second address, even more so if they use some clever cookie matching to work out your address.
they have a uk subsidiary with a fairly standard privacy notice: https://www.vouchercodes.co.uk/legal/privacy-notice
that states they delete data once someone ignores them for 30 months... it also provides contact details for the DPO so it seems like a good way to start for a polite request to piss off!
Ref the LinkedIn 'thing' it isn't actually LinkedIn sending you them off their own bat it is people you know giving LinkedIn their address book and saying go invite all I know as I think it is a collection / list / measuring contest or missing the wording on the app install (most likely!) and hence you get hit if you've been a user or not.
But fear not if it winds you up then follow this link to stop it forever https://linkedin.com/psettings/guest-email-unsubscribe and that will put a block on anyone sending you an invite in future problem solved for you 🙂
Best wishes,
James
they have a uk subsidiary with a fairly standard privacy notice: https://www.vouchercodes.co.uk/legal/privacy-notice
that states they delete data once someone ignores them for 30 months… it also provides contact details for the DPO so it seems like a good way to start for a polite request to piss off!
Cool, cheers for that. I'm in two minds over the just piss off bit or wanting big evil corp companies like this to get hit hard, so go direct to ICO 😀
and yeah, some things I don't want to get cut off from genuine stuff, and yeah applies to small companies as well. It's just big companies like this who've been abusing this kind of stuff for years and clearly still are (have certainly not interacted with them for many years, and as said, via a different email address anyway). I think GDPR needs testing a bit now. If it then scares off a lot of the spammers hiding under legitimate businesses, we'll have a lot less email traffic (and less load on my mail server 😀 ).
Ref the LinkedIn ‘thing’ it isn’t actually LinkedIn sending you them off their own bat it is people you know giving LinkedIn their address book
my experience is that if you're John Smith working for company Blah, they'll start firing out emails to john.smith@blah.com. There's not much you can do about that.
You unsubscribe. If after a month they contact you again raise a SAR and go to ICO.
LI is simple, if you think it isnt applicable in your case, see above.
ICO will work with companies to get this right, as mentioned before, they wont smash organisations willy-nilly. GDPR is to guide businesses and offer more control to consumers; hammering persistent and unashamed violators with big fines is secondary.
Cool, cheers for that. I’m in two minds over the just piss off bit or wanting big evil corp companies like this to get hit hard, so go direct to ICO 😀
Reporting them to the ICO will probably achieve nothing. The ICO will build a case file, once the amount of complaints about a company reach a certain level that may trigger an investigation. One guy spitting his dummy over some spam emails will not be enough to send that company to the top of ICO target list.