On 30 June, the new article 66 of the Telecommunications Law came into force. This article deals with the “right to the protection of personal data and privacy in relation to unsolicited communications, traffic and location data and subscriber directories” and specifically, in its paragraph one letter b) the right not to receive unwanted calls.
What is the scope of Article 66.1(b) regarding spam calls?
This Article applies to business calls made by an individual but not to those made by automatic dialing systems without human intervention (e.g. with a pre-recorded message).
And yes, it applies to all companies making commercial calls, regardless of the sector to which they belong.
The user has the right not to receive unwanted calls (or spam calls), unless:
- You have given your prior consent to receive such commercial communications;
- There is another basis for legitimization, such as the legitimate interest of the company, art. 6.1.f GDPR.
And be careful, because commercial calls are not allowed because they have been established in a contract according to art. 6.1.b GDPR.
When is it possible to make commercial calls?
Two cases in which a legitimate interest of the company is presumed:
The first one established in art. 21.2 LSSI:
- If there is a previous contractual relationship (within the last year), provided that the user’s contact details have been obtained in a lawful manner;
- and provided that they are commercial communications referring to the company’s own products or services that are similar to those initially contracted with the customer.
Furthermore, the recipient must be offered the possibility of objecting to the processing by means of a simple and free procedure, both at the time the data is collected and in each of the commercial communications sent to him/her.
It should be borne in mind that in the case of a group of companies, the communication of personal data to the different companies of the group for commercial purposes is not permitted. This requires the prior specific consent of the user.
The second established in art. 19 LOPGDD:
- When contact is made with natural persons who provide services in a company (contact details and, where appropriate, the function or position held). In this case, only the data necessary for their professional location that may appear in directories or similar instruments may be used. And provided that the purpose is solely to maintain relations of any kind with the company (not with the user as a natural person) in which the data subject provides his or her services.
This also applies in the case of data relating to individual entrepreneurs and liberal professionals (and only in the professional sphere).
When is consent required in any case?
- To make commercial calls to numbers that have been randomly generated. These calls cannot be made on the basis of the legitimate interest of the company as it does NOT override the users’ right not to receive these commercial calls.
- When the user’s telephone number appears in a subscriber directory. Express consent is essential, which must be generally stated in the corresponding directories.
- If the user is registered in an advertising exclusion system (Robinson List), commercial calls can only be made to them if they have given their specific consent to the company calling them. All companies should consult such systems.
Essential Guidelines for Commercial Call Communications
There are three points that must always be complied with:
- Duty to inform and facilitate the exercise of the right of objection which shall be explicitly mentioned to the data subject at the latest in the first communication.
At the beginning of each call, inform about:
- the identity of the employer;
- the identity of the person on whose behalf the call is being made (if applicable);
- the commercial purpose of the call; and
- the possibility to revoke consent or exercise the right to object to receiving unwanted commercial calls.
In addition: Any unequivocal manifestation by the user against receiving such calls shall be understood as a revocation of consent or, where appropriate, exercise of the right to object, and must be dealt with immediately.
2. Prior consultation of the advertising exclusion systems (Robinson List).
3. Recording of the call as a means of demonstrating compliance with personal data protection regulations.
Here you can download the document on the AEPD’s guarantees.
This new regulation significantly restricts the possibilities of making commercial calls and it is important that companies take it into account in order to fully comply with the regulation and not face financial penalties.
Article written by
Adriana Ranchal
Attorney – Privacy & IP
About Metricson
With offices in Barcelona, Madrid, Valencia and Seville and a significant international presence, Metricson is a pioneering firm in legal services for innovative and technology companies. Since its inception in 2009, it has advised more than 1,400 clients from 15 different countries, including startups, investors, large corporations, universities, institutions and governments.
If you would like to contact us, please do not hesitate to write to us at contacto@metricson.com. We look forward to talking to you!