Recently, ILITA (the Israel Law, Information and Technology Authority) published new guidelines addressing the interpretation and implementation of provisions of the Protection of Privacy Law relating to direct mail and direct-mail services. The guidelines seek to regulate, inter alia, the issue of obtaining consent to use information for the purpose of direct mail and direct-mail services.
First of all, why is it important to differentiate between the two terms?
"Direct mail" is when an entity personally contacts a person, based on a certain characteristic which is shared to segmented group of people included in a database. , such as when a company contacts a particular segment of its customers according to their consumption habits.
"Direct-mail services" are when an entity that collects personal information delivers that information to a third party and enables that third party to use the information for direct mail purposes. At issue is basically the trading of information included in databases as a data broker service.
Consent - fundamental principle in privacy protection laws
The fundamental principle in the Protection of Privacy Law is that the infringement of a person's privacy without his consent is prohibited. The question of when it can be said that a person has consented to infringement of his privacy is, therefore, one of the key questions under privacy protection laws.
The term "consent" is indeed defined in the law, but quite vaguely. The law prescribes that a person's consent needs to be an informed consent, but does not require the consent to be given expressly or concretely, and states that one can deduce consent even if it is tacit or implied.
The burden imposed and the required degree of consent
According to the guidelines, when personal information is being used for direct mail purposes and that use has very little to do with the original transaction during which the customer provided his personal...