This article continues our deep dive into direct marketing regulations across Europe. It is focusing on the frameworks of the Baltic region: Lithuania, Latvia, and Estonia. Each country has its own set of laws governing how businesses can engage with consumers, making it essential to understand these distinctions for compliant and effective marketing strategies.

Lithuania

Lithuania’s direct marketing landscape is shaped by two key pieces of legislation:

• The Law on Legal Protection of Personal Data (Asmens duomenų teisinės apsaugos įstatymas)
• The Law on Electronic Communications (Elektroninių ryšių įstatymas)

This legislation is complemented by resources from the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija), the authority responsible for regulating data privacy and ensuring compliance.

The Law on Legal Protection of Personal Data offers a clear definition of direct marketing. Article 2 describes it as:
“Activities aimed at offering goods or services to individuals by mail, telephone, or other direct means, and/or inquiring about their opinions regarding the offered goods or services.”

However, while this law defines what direct marketing is, it leaves out specific rules on how businesses should carry it out. For that, we turn to the Law on Electronic Communications.

Article 81 of the Law on Electronic Communications lays down the conditions for lawful direct marketing. It strictly prohibits any form of direct marketing unless:

• The personal data was obtained in the course of providing a service or selling a product.
• The individual (data subject) has the option to opt out of direct marketing communications at any time.

This means businesses must tread carefully, ensuring compliance by securing consent or relying on an existing customer relationship while always providing an easy opt-out mechanism.

Latvia

Direct marketing practices in Latvia are primarily governed by the Information Society Services Law (Informācijas sabiedrības pakalpojumu likums).

This legislation is supported by resources provided by the Data State Inspectorate (Datu valsts inspekcija), the regulatory authority overseeing data privacy and compliance.

Section 1 of the law defines commercial communication as:

“Any form of communication in electronic form designed to directly or indirectly advertise goods, services, or the image of a merchant, organization, or person engaged in a commercial or regulated activity.”

Section 8 of the Information Society Services Law sets out the requirements for compliant commercial communication, ensuring transparency and protecting recipients’ rights. Key requirements include:

Clear identification: communications must be explicitly recognizable as commercial messages.

• Identifiable source: the sender of the message must be clearly identifiable.
• Precise offers: the content of the offer and the conditions for accessing services must be clearly stated.
• Transparent promotions: any discounts, bonuses, or prizes must be clearly identifiable, with terms explicitly outlined.
• Clear rules for competitions: advertising competitions, lotteries, or games must have terms of participation that are easily accessible and explicitly defined.
• Opt-out option: recipients must always be provided with a straightforward and free option to refuse further commercial communications.

Section 9 outlines when and how commercial communications can be sent, placing strict limitations to protect consumer rights:

Prohibited Practices

• The use of automated calling systems, email, or fax machines for unsolicited commercial communication is strictly prohibited unless the recipient has provided prior, explicit consent.
• Sending messages from invalid contact details or failing to honor opt-out requests is also prohibited.

Permitted Practices

Despite the prohibitions, some exceptions apply:

• Existing business relationships: direct marketing to existing customers is permitted if their contact details were collected during a prior transaction or service interaction and the messages pertain to similar products or services.
• Opt-out obligations: each communication must clearly provide an option for the recipient to opt out of future messages at no cost.
• Explicit consent for new contacts: for individuals outside the scope of an existing business relationship, prior explicit consent is required.

Estonia

Estonia has established clear and detailed regulations for direct marketing.

The primary legislation governing direct marketing includes:

• The Personal Data Protection Act (Isikuandmete kaitse seadus)
• The Electronic Communications Act (Elektroonilise side seadus)

Under § 12 of the Personal Data Protection Act, individuals have the unequivocal right to prohibit the use of their personal data for direct marketing or consumer habit research at any time. This provision ensures that the power remains firmly in the hands of the data subject. Also, you may visit the page of the Data Protection Inspectorate (Andmekaitse Inspektsioon) to find out more guidelines.

The Electronic Communications Act complements this by providing more specific guidelines under § 103:

• Direct marketing using the electronic contact details of individuals requires their explicit prior consent. This consent must align with the conditions outlined in the Personal Data Protection Act, ensuring clarity and fairness.

• Similar to regulations in other Baltic states, exceptions exist. Businesses may use electronic contact details collected during a prior sale or service interaction for marketing similar products. However, strict conditions apply:

  • The buyer must be offered a clear and free opt-out option at the time of data collection and with every subsequent communication.
  • Opt-outs must be easy to exercise, including via electronic networks.

• Marketing to legal entities is allowed without prior consent, provided they are given a straightforward option to opt out at no cost.

Prohibited Practices

Estonian law includes several explicit restrictions to protect consumers and maintain transparency:

• Unidentifiable senders: marketing messages must clearly identify the sender.
• Insufficient opt-out information: every communication must include clear instructions for recipients to opt out.
• Non-compliant content: messages must adhere to the Information Society Services Act and avoid promoting websites with misleading or non-compliant information.
• Refusal respect: marketing is prohibited if the recipient has previously refused such communications.

Conclusion

Direct marketing regulations in Lithuania, Latvia, and Estonia share a unified approach that balances consumer protection with practical marketing needs. A key similarity across all three countries is the allowance of a "soft opt-in" for existing customers. This means that businesses can use contact details collected during prior transactions for marketing similar products or services, provided customers are always given a clear and easy way to opt out. 

I hope this overview is helpful for your work or studies🤓