We continue the exploration of direct marketing around the EU. This article describes the regulatory framework governing direct marketing in Denmark, Sweden and Norway.
Denmark
Definition of Direct Marketing
The Danish Data Protection Agency defines direct marketing as commercial communication that directly and individually targets a specific person. This definition encompasses various channels, including email, postal mail, phone calls, online advertisements, and social media marketing.
Denmark’s direct marketing regulations are primarily governed by the Danish Data Protection Act Databeskyttelsesloven and the Danish Marketing Practices Act Markedsføringsloven.
Section 13 of the Danish Data Protection Act
Section 13 of the Danish Data Protection Act explicitly regulates the use and disclosure of personal data for direct marketing. It states that businesses cannot share or use consumer data for marketing purposes on behalf of another enterprise unless they have obtained the explicit consent of the consumer. This consent must be obtained in accordance with Section 10 of the Danish Marketing Practices Act, ensuring that individuals have clearly and knowingly agreed to the use of their data for direct marketing purposes.
An exception exists for general customer data used to classify individuals into marketing categories, provided the processing aligns with Article 6(1)(f) of the GDPR, which allows for legitimate interests. However, businesses cannot process sensitive personal data, such as data revealing racial origin, political opinions, religious beliefs, or health information **for direct marketing, even under this exception.
Before a business discloses personal data for direct marketing, it must check the CPR register to determine whether the consumer has opted out of such communications. If the consumer has opted out, the business is legally prohibited from using their data for direct marketing. Additionally, companies selling marketing lists or distributing messages to specific groups may only process a limited set of personal data: name, address, position, occupation, email address, telephone, and fax number. They may also use publicly available data from trade registers, but any other data processing requires explicit consent from the individual.
Section 10 of the Danish Marketing Practices Act
Section 10 of the Danish Marketing Practices Act lays out rules for unsolicited commercial communication. Businesses are prohibited from sending direct marketing via electronic mail, automated calling systems, or fax without obtaining prior consent. This consent must be freely given and easily revocable.
However, there is an exception to this rule known as the soft opt-in. If a business has obtained a customer’s electronic contact details during a sale, it may use these details for marketing similar products without prior consent. This is only allowed if the customer is clearly informed of their right to opt out when their contact details are collected, and each subsequent marketing message includes a free and easy opt-out mechanism.
Transparency is a key requirement for direct marketing communications. Any marketing email must be clearly identifiable as such, must present promotion conditions in an accessible and unambiguous manner, and must not conceal the sender’s identity. Additionally, businesses cannot encourage recipients to visit websites that fail to meet these transparency requirements, and all marketing messages must include a valid contact address where recipients can request to opt out.
The law also imposes restrictions on other means of remote communication, such as phone calls. Businesses cannot contact a consumer if they have explicitly declined such communication, if they are listed in the CPR opt-out register, or if the trader has discovered through the CPR register that the consumer has opted out. However, these restrictions do not apply if the consumer has previously requested communication from the business. Furthermore, the first time a business contacts a consumer, it must clearly inform them of their right to decline future marketing and provide a simple, cost-free way to opt out.
Conclusion
Denmark’s direct marketing regulations establish several key requirements:
- Prior consent is required for unsolicited electronic marketing, with exceptions for existing customer relationships under the soft opt-in rule.
- Businesses must verify the CPR register before engaging in direct marketing to ensure they are not contacting individuals who have opted out.
- Sensitive personal data cannot be processed for marketing purposes under any circumstances.
- Transparency and consumer rights must be upheld, including providing clear opt-out mechanisms in every marketing message.
Sweden
Sweden’s direct marketing regulations are primarily governed by the Marketing Act (2008:486) Marknadsföringslag, EU General Data Protection Regulation (GDPR) and Sweden’s Data Protection Act (2018:218) Lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning. The Marketing Act implements aspects of the EU E-Privacy Directive (2002/58/EC) and regulates the sending of direct marketing communications.
Regulation of Unsolicited Advertising
Under Section 19 of the Marketing Act, businesses are prohibited from sending direct marketing communications via email, fax, or automatic calling machines unless the recipient has provided explicit prior consent. **However, a business may send marketing emails without prior consent if the recipient’s contact details were obtained during the sale of a product, provided that:
- The recipient has not objected to the use of their contact information for marketing purposes.
- The marketing relates to the trader’s own similar products.
- The recipient is clearly informed and given the opportunity to object to further marketing free of charge at the time of data collection and in every subsequent marketing message.
Section 20 of the Marketing Act mandates that all electronic marketing messages must contain a valid contact address where the recipient can send a request to opt out of future marketing. This requirement applies to both natural and legal persons.
Additionally, Section 20a states that marketing for information society services via email must not encourage recipients to visit websites that violate other provisions of the Marketing Act, such as misleading advertising regulations under Sections 9 and 10.
Under Section 21 of the Marketing Act, businesses may use direct marketing methods other than those mentioned in Section 19, such as telephone calls or postal mail, unless the recipient has explicitly objected to receiving such communications.
Conclusion
Sweden imposes strict legal requirements for direct marketing, including:
- Explicit prior consent is required for unsolicited electronic marketing, with exceptions under the soft opt-in rule.
- All marketing messages must include an opt-out mechanism allowing recipients to decline further communications easily and free of charge.
Norway
Norway’s direct marketing regulations are governed by the Norwegian Personal Data Act Personopplysningsloven and the Marketing Control Act Markedsføringsloven).
Definition of Direct Marketing
Norwegian direct marketing regulations primarily focus on controlling unsolicited communications and telemarketing practices. The Marketing Control Act establishes conditions under which businesses may lawfully contact consumers for commercial purposes, setting strict guidelines for consent, opt-out mechanisms, and transparency in marketing communications.
Section 12 of the Marketing Control Act
Under Section 12, **businesses are prohibited from conducting telephone marketing to consumers who have opted out through the Reservation Register. Likewise, individuals who have specifically declined direct marketing from a particular trader cannot be contacted by that trader.
However, an exception exists for consumers who have explicitly requested to receive telephone marketing from a specific trader. Such requests must be honored until withdrawn by the consumer. Additionally, businesses may conduct telephone marketing to existing customers, provided that the contact details were obtained in connection with a previous sale. The marketing may only promote the trader’s own products or services that are similar to those the customer has previously purchased or supported.
Section 13a of the Marketing Control Act
Section 13a ensures that consumers can easily opt out of both telephone marketing and addressed mail marketing. The Reservation Register allows individuals to block marketing communications from all but voluntary organizations. Businesses must check their marketing lists against the Reservation Register before making initial contact and before each subsequent marketing campaign. Additionally, businesses must provide consumers with an easy, cost-free option to opt out of marketing directly with the trader.
Section 15 of the Marketing Control Act
Section 15 prohibits direct marketing via electronic communication methods without prior consent, except in specific circumstances. This applies to electronic mail, fax, and automated dialing systems. However, verbal telephone marketing remains permitted without prior consent.
An exception to the consent requirement exists for existing customer relationships. Businesses may send marketing emails without explicit consent if they have previously collected the customer’s electronic contact details during a sale. This type of marketing is restricted to promoting the trader’s own goods and services that correspond to the original transaction. The law mandates that when the email address is collected—and with every subsequent marketing message—the consumer must be given a clear, free, and easy opt-out option.
For the purposes of this provision, electronic mail includes text, speech, sound, or image-based communications sent via an electronic communications network. This definition extends to text messages and multimedia messages sent to mobile phones.
Section 16 of the Marketing Control Act
Businesses engaged in unsolicited telemarketing or marketing via addressed mail must disclose the source of the personal data used for marketing. If applicable, businesses must also inform recipients about their right to opt out, either via the opt-out register or directly with the trader.
For unsolicited telemarketing, businesses must immediately identify themselves and clarify that the call is for marketing purposes. If the call is made on behalf of another company, this must also be disclosed.
Conclusion
Norwegian direct marketing regulations establish several key requirements:
- Telephone marketing is prohibited for individuals listed in the Reservation Register, unless an explicit request has been made or an existing customer relationship exists.
- Electronic marketing requires prior consent, except when targeting existing customers with offers related to previous purchases.
- Opt-out mechanisms must be easily accessible, and businesses must verify their contact lists against the Reservation Register before conducting marketing campaigns.
- Marketing messages must include clear sender identification and provide recipients with a simple and cost-free way to opt out.
