Send-To-A-Friend Messages: A Privacy Issue?

Nowadays it is very common on most of the e-commerce and news websites to see an icon or a tool allowing users to forward the listing, a special offer or an article to a friend. Usually such functionalities allow the sender to provide his email address and the email address of the recipient (i.e. of the "friend") together with an accompanying message. The recipient will receive a message (stating for instance "Giulio thinks you will like this movie") together with the webpage containing the listing, article or offer that is conveyed by the Internet Service Provider but appears to come from his friend.

In most of the cases, Internet Service Providers (ISPs) are not concerned about the privacy implications deriving from this practice. Their view is that the user is the actual sender of the message and they should not be subject to any data protection commitment.

However, on the basis of a deeper review of the matter, the conclusion might be different because:

• the ISPs actually collect and process the email address (and any other information provided by the sender) of the recipient (even if they delete the address immediately after the delivery of the message) as the definition of "data processing" involves any processing of personal data. And ISPs perform such practice without having provided the recipient with any privacy information notice and without having obtained from him any consent to the delivery of marketing communications which consequently would entail an unlawful data processing; and
• the message received by the friend seems to come from the sender (i.e. the friend recommending the article, listing, offer), but in fact it comes from the ISP and such practice would be in contrast with Section 13.4 of the E-Privacy Directive that prohibits any practice aimed at disguising or concealing the identity of the sender on whose behalf the communication is made.

Also, the risks are even higher if the ISP does not delete the address and the personal data of the recipient after the delivery of the message, but it continues storing such data or (in an even worse scenario) keeps on sending marketing emails to the recipient that has never provided any consent to such data processing.

Unlike some other foreign Data Protection Authorities, the Italian DPA unfortunately has never issued any guidelines on the matter, but in my view there are measures aimed at considerably reduce the risks that the unlawful conducts are challenged by users under a data protection point of view. Feel free to contact me, Giulio Coraggio, if you want to discuss the above.

French ISPs ordered to Block Gaming Website

OUT-LAW.COM reports that a French court ordered French ISPs to block the access for two months to a website offering games to French residents without holding a local gambling license.

This decision reminds me that Italian gambling law obliges from 2007 ISPs to implement filters blocking the access to websites run without an Italian remote gaming license that are identified through a black-list updated on a monthly basis by the Italian Gambling Regulator (AAMS). 

Italian players trying to access to a gambling website run under a foreign license will end up to a page with the AAMS logo and, unless they put in place technical measures able to bypass the filters, they will not be able to access to non-licensed websites.

However, while in the past a number of Italian players were attracted by non-licensed websites where they could find better odds and higher wins, their trend during the last years is to prefer Italian licensed websites where they can rely on the higher level of guarantees provided by the Italian gaming framework.

This circumstance is leading more and more operators to the decision of applying for an Italian remote gaming license and the good thing is that very soon they will be in the position to obtain an Italian remote gaming license.

Do you want more information on the above, feel free to contact me, Giulio Coraggio.

Prize Competitions: Important Changes

Most of the companies active in the Italian market are likely to have faced at least once the complex regime governing prize competitions (i.e. marketing initiatives awarding prizes in kind based on the chance or the ability of the participants) and prize operations (i.e. marketing initiatives awarding prizes to all the participants purchasing a product/service).

Unfortunately the scenario has now become even more burdensome as promoters planning the launch of prize competition/prize operation shall send the relative documentation to the Ministry of the Economic Development at least 15 days prior to the beginning of the contest. Also, from the 25th of January 2011, it will be possible to perform the delivery of the abovementioned documentation to the Ministry only through an electronic system provided by the Ministry requiring a digital signature. 

These changes shall have a relevant impact especially for the marketing teams of companies that will have to plan with considerable prior notice the launch of contests, while on the contrary the Ts&Cs usually are finalized the day before the beginning of contests….

In particular foreign online and offline operators shall start reviewing more carefully the obligations prescribed by Italian law on prize competitions even because the applicable sanctions have been recently increased up to € 500,000.

Do you want more details on the regulations governing prize competitions and prize operations in Italy? Feel free to contact me, Giulio Coraggio.