We first wrote about email marketing, spam email and the law in August 2003 in an article titled The Law vs the Scourge of Spam. The law relating to spam has changed a lot over the last 10 years. So has people’s concept of what spam is. If you want to complain about receiving unwanted electronic marketing, for example via telephone, email or SMS click here.
Traditionally, the word “spam” as applied to email (and other forms of electronic communication) means “unsolicited commercial communications” and usually takes the form of unsolicited commercial email (UCE) and unsolicited bulk email (UBE). Precisely how to define spam is a contentious issue. Some define spam as UBE. Others believe that “bulk” is irrelevant. They argue that the issue is merely whether the communication was commercial in nature. For others, the issue is whether the communication sent was solicited.
For Seth Godin, the person who popularised the concept of permission marketing, if you even have to ask “Is this spam?” it probably is. In a May 2013 blog post he says that “the essential truth is that spam is always in the eye of the recipient. If you think it’s spam, it’s spam.” For him, the best definition of permission marketing used to be messages that were anticipated, personal and relevant. For him the definition now should be “would people miss it if it didn’t arrive?” Makes you think!
An issue which is common to all the various definitions is that due to the low cost of sending spam, each spam communication costs the consumer more in terms of both money and resources than it costs the sender to send.
From a legal perspective, the absence of a definition of spam in South Africa brings the efficacy of the anti-spam provisions in our law firmly under the spotlight.
Until fairly recently, spam was governed by the Electronic Communications Act, 25 of 2002 (“the ECT Act“). The ECT Act became law in 2002. Since then, several pieces of new legislation try to tackle the scourge of spam , albeit indirectly. Because they deal with it indirectly, it is not easy to state in few lines what the legal position relating to spam is in South Africa. It would be easier if we had a single piece of ‘spam legislation’, as is the case in several other countries.
The word “spam” as applied to e-mail and SMS’s means “unsolicited commercial communications” and usually takes the form of unsolicited commercial email (UCE) and unsolicited bulk email (UBE).
Under the ECT Act
The ECT Act simply refers to any “unsolicited commercial communication” and arguably only deals with UCE and not UBE. The ECT Act applies to electronic communications and not paper based one’s. The ECT Act follows an “opt-out” regime and to stop spam under the ECT Act, all you have to do is ask the sender to stop. If they don’t you can report them to the police. Their failure to stop is criminal.
The ECT Act cover “electronic” spam. It follows an “opt-out” regime
Under the CPA
The Consumer Protection Act (CPA) deals indirectly with spam through its direct marketing provisions in section 16 (which overlap with spam). It would therefore cover ‘physical’ spam (such as flyers left in postboxes) and telephone marketing. The CPA also follows an “opt-out” regime and provides every consumer with the right to ask direct marketers to desist from engaging in any direct marketing (whether electronic or otherwise). It also allows a consumer to pre-emptively block any such communications by registering a pre-emptive block on with the National Register against that type of marketing. However, the National register is unfortunately not yet in existence.
The CPA also follows an opt-out regime. However, it only covers “physical” (and not electronic) spam.
The failure of the direct marketer to stop is not criminal.
Direct marketing is also dealt with in section 74 of the Protection of Personal Information Bill (POPI). POPI is not yet law. POPI makes it illegal for a direct marketer to market directly to you unless you have given your prior consent or you are an existing customer. POPI therefore changes the position from opting out under the ECT Act and CPA to opting in (when POPI becomes law it will make the National Register irrelevant as you cannot pre-emptively opt-out of something if you first need to opt in).
POPI changes the position from opting out under the ECT Act and CPA to opting in
POPI speaks about “the processing of personal information… for purposes of direct marketing”. So POPI links spam to personal information. POPI defines “personal information” (or PI) as follows:
“Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number or other particular assignment to the person;
- the blood type or any other biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person;
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person
The definition is very wide, but in essence covers any “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person”. The piece of PI must therefore be capable of identifying a person or company. Note importantly that it applies to companies as well: “company or corporate personal information” (our words). As POPI is not yet law, there is no one correct interpretation of POPI or opinion on what it means. Over time, courts or the Information Regulator will interpret the provisions of POPI. There is currently much uncertainty on how POPI will be interpreted. There is also no precedent – no rulings, no court decisions and no regulations. There is also no guidance from the regulator. So our thoughts above are simply one interpretation.
The Bottom Line
Until such time as POPI comes into effect it is legal to spam someone, unless you have specifically asked them not to. Depending on the nature of the spam (i.e. if it is digital or not) a failure to comply could be criminal. Once POPI comes into effect, you will need permission from someone before you can send them unsolicited messages, unless they are an existing customer.