New ILITA Guidelines Prescribes Criteria For Obtaining Consent To Provide Direct-Mail Services

Author:Barnea & Co
Profession:Barnea & Co

Recently, ILITA (the Israel Law, Information and Technology Authority) published new guidelines addressing the interpretation and implementation of provisions of the Protection of Privacy Law relating to direct mail and direct-mail services. The guidelines seek to regulate, inter alia, the issue of obtaining consent to use information for the purpose of direct mail and direct-mail services.

First of all, why is it important to differentiate between the two terms?

"Direct mail" is when an entity personally contacts a person, based on a certain characteristic which is shared to segmented group of people included in a database. , such as when a company contacts a particular segment of its customers according to their consumption habits.

"Direct-mail services" are when an entity that collects personal information delivers that information to a third party and enables that third party to use the information for direct mail purposes. At issue is basically the trading of information included in databases as a data broker service.

Consent - fundamental principle in privacy protection laws

The fundamental principle in the Protection of Privacy Law is that the infringement of a person's privacy without his consent is prohibited. The question of when it can be said that a person has consented to infringement of his privacy is, therefore, one of the key questions under privacy protection laws.

The term "consent" is indeed defined in the law, but quite vaguely. The law prescribes that a person's consent needs to be an informed consent, but does not require the consent to be given expressly or concretely, and states that one can deduce consent even if it is tacit or implied.

In the modern age, the issuing of consents for uses of personal information that might constitute "infringement of privacy" is nearly a daily occurrence. Many services that we use, such as communications and social networking services, require us to consent to the service-provider's privacy policy, and this policy includes, in most cases, many provisions that entail some form of infringement of privacy. Coupled with this, very few consumers of such services thoroughly read the privacy policy, if they bother to read it at all.

The burden imposed and the required degree of consent

According to the guidelines, when personal information is being used for direct mail purposes and that use has very little to do with the original transaction during which the customer provided his personal...

To continue reading