This article continues our deep dive into direct marketing regulations across Europe. It is focusing on the frameworks of the Baltic region: Lithuania, Latvia, and Estonia. Each country has its own set of laws governing how businesses can engage with consumers, making it essential to understand these distinctions for compliant and effective marketing strategies.

This case provides crucial insights into GDPR enforcement. It examines the conditions for compensating non-material damage, the adequacy of apologies as remedies, and the irrelevance of a controller’s intent in determining compensation, clarifying key aspects of data protection rights.

I believe direct marketing is one of the most popular topics within data privacy field (of course not counting AI). Often, businesses and professionals focus primarily on the GDPR, particularly Recital 47, which allows direct marketing based on “legitimate interest”. This reliance on a broad interpretation of GDPR overlooks the reality that each EU Member State has its own specific regulations and requirements, particularly for consent and consumer privacy protections in direct marketing practices.

This case is a valuable step forward in data privacy. It looks at how GDPR can be enforced not only by data subjects and authorities but also by competitors. It also expands what’s considered “health data” under GDPR, which could impact many businesses.

The European Data Protection Board (EDPB) recently published the "Guidelines 1/2024 on Processing of Personal Data based on Article 6(1)(f) GDPR" to clarify how organizations can legally process data under the legitimate interest basis of the GDPR.