How do the rules apply to ‘viral marketing’?

So-called ‘viral marketing’ is where:

you ask a person to send the original marketing message to a friend or friends; or
you ask a person to give you their friends’ contact details.

This process may or may not be incentivised in some way.

Some companies mistakenly see these options as ways of avoiding the prior consent rule.

We recognise that your customer might recommend a good deal to a friend, whether you prompt them to or not. We also know that a customer may check with their friends first before passing their details to you. People tend to do so when acting in good faith and in the interests of their friends.

Arguably, in scenario 1 you are encouraging one of your customers to break the law to promote your name (send an unsolicited message to an individual subscriber without prior consent).

Clearly, this would be a bad way to promote your name and your products and services and we strongly advise you to tell your customers only to forward emails to people they know would be happy to receive them. There is also a strong argument that you are the ‘instigator’ of the message. Remember that it is the instigator of the message who is liable for sending that message. Anyone who allows their line to be used to break the law (your customer who is passing your message on) may also be liable in this scenario.

In scenario 2, you will be sending a message to someone who you assume has consented, through a third party (the friend who passed on their details to you), to receiving messages from you. Under the legislation, you are liable for any messages sent to email addresses or mobile numbers obtained using scenario 2.

As with all third-party electronic mailing lists, you may not use this list unless you are satisfied that the recipient has notified you that they consent to receiving such messages from you. So you should ask your customer to confirm they have the consent of the individuals whose details they are passing on. You should also check that the recipient hasn’t already asked you to suppress their details. If those contact details appear on your suppression list, you may have cause to question whether consent has been obtained at all. Finally, you should also tell your customer that you propose to let those individuals know how you got their details. The Data Protection Act would not prevent you doing this. This is particularly important if you propose to offer your customer incentives for passing their friends’ details to you.

Even if you do not offer incentives to achieve scenarios 1 or 2, you should bear in mind that one of your customers could use 1 or 2 maliciously. For example, someone could give the contact details of another person to a whole range of companies as a prank. Although you may feel should not be directly responsible for the malicious activities of one of your customers, you should bear in mind that, at the very least, the recipient may forever associate your organisation’s name with that unpleasant experience. In any event, you should make sure you immediately suppress the recipient’s contact details to avoid further distress.