Direct Marketing in Poland, Slovakia and Hungary

I believe direct marketing is one of the most popular topics within data privacy field (of course not counting AI). Often, businesses and professionals focus primarily on the GDPR, particularly Recital 47, which allows direct marketing based on “legitimate interest”. This reliance on a broad interpretation of GDPR overlooks the reality that each EU Member State has its own specific regulations and requirements, particularly for consent and consumer privacy protections in direct marketing practices.

In this overview, I will consider three Central European countries and peculiarities of direct marketing in each of them.


Poland

In Poland direct marketing is governed besides GDPR by Act on Providing Services by Electronic Means (Ustawa z dnia 18 lipca 2002 r. o świadczeniu usług drogą elektroniczną) and Electronic Communication Act (Ustawa z dnia 12 lipca 2024 r. Prawo komunikacji elektronicznej).

Article 18 (4) of Act on Providing Services by Electronic Means states that the service provider can collect and use extra information about the recipient (beyond what’s necessary for basic service) to better understand customer preferences and improve services only with the service’s recipient’ consent, including advertising and market research purposes.

Article 398 (1) of Electronic Communication Act directly prohibits to use:

  • automatic calling system, and
  • telecommunication devices, especially those used for personal communication services, cannot be used to send commercial information— including direct marketing messages — to a subscriber or end user unless that person has given prior consent.

Article 400 of Electronic Communication Act states that for obtaining the consent of the subscriber or end user, the provisions on data protection shall apply accordingly. It means that the consent must meet the requirements of Article 4 and 7 of the GDPR.


Conclusion

To send any types of direct marketing via electronic means, including SMS, email, requires consent of the data subject. In Poland electronic direct marketing cannot be considered a legitimate interest of the controller even in relation to its clients.

Also, here is the link if you want to check the website of the Polish DPA (Urzad Ochrony Danych Osobowych).


Slovakia

In Slovakia there is less strict approach, so-called “soft opt-in” for existing customers.

The main law that governs direct marketing is Act No. 452/2021 Coll. on Electronic Communications (ZÁKON 452/2021 Z.z. z 24. novembra 2021 o elektronických komunikáciách).

Article 116 of Act No. 452/2021 on Electronic Communications prohibits sending unsolicited marketing messages through automatic calling systems, fax, email, SMS, and MMS without prior, clear consent from the recipient. The organization responsible for these communications (the "controller") must keep a record of this consent for at least four years after the recipient withdraws it.

If a person withdraws their consent, the controller is required to confirm the withdrawal or acknowledge any objection to receiving further calls within 30 days of receiving the request. This confirmation should be stored also for at least 4 years.

However, Article 116 (14) (15) of Act No. 452/2021 on Electronic Communications provides the opportunity to rely on legitimate interest in connection with the sale of similar goods or services or with whom the controller has a contractual relationship.

Also, there is a “Do not Call” list in Slovakia. The rules are the same as for emails and SMS, meaning it is prohibited to call people who are in the list unless the controller has an established commercial relationship with a data subject.

You can find the list here and here is the Slovakian DPA (Úrad na Ochranu Osobných Údajov)


Conclusion

There is a “soft opt-in” in Slovakia – direct marketing can be considered as a legitimate interest in relation to the existing clients. If the data subject is not an existing client, then the prior consent in accordance with the Articles 4 and 7 is required.


Hungary

In Hungary there are three different laws regulate direct marketing: Act No CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (2001. évi CVIII. törvény az elektronikus kereskedelmi szolgáltatások, valamint az információs társadalommal összefüggő szolgáltatások egyes kérdéseiről), Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (2008. évi XLVIII. Törvény a gazdasági reklámtevékenység alapvető feltételeiről és egyes korlátairól) and Act CXIX of 1995 on the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing (1995. évi CXIX. Törvény a kutatás és a közvetlen üzletszerzés célját szolgáló név- és lakcímadatok kezeléséről).

Section 13/A (4) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services states that a service provider may process data essential to providing the service for other purposes—such as improving service efficiency, delivering targeted electronic advertisements, or conducting market research—only if the purpose of data processing is clearly defined beforehand and the user’s consent is obtained.

Section 6 (1) of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities specifies that, unless otherwise stipulated by special legislation, direct marketing (defined as advertising by direct contact) to individuals—whether through electronic mail or other personal communication channels—requires the recipient’s prior clear and explicit consent. An exception to this rule is outlined in subsection 6(4).

Subsection 6(4) of the Act allows addressed advertising mail to be sent to individuals without prior consent. However, advertisers and advertising service providers must ensure that recipients have the ability to prohibit further advertisements at any time, free of charge, and without restrictions. Once a recipient opts out, no additional direct marketing materials may be sent to that person by mail. Thus, physical mail advertising permits a "soft opt-out" approach, whereby initial consent is not required, provided the recipient can opt out at any point.

Here is the website of Hungarian DPA.


Conclusion

There is no “soft opt-in” in Hungary for the existing clients. All electronic direct marketing communication must be conducted with the prior consent of the data subject. However, the paper direct marketing communication via mail box allows “soft opt-in” unless the data subject objects to it.


Comparison

Copmarison table

I hope this overview is helpful for your work or studies 🤓

Written By

Anastasiia Klymenko