Data Protection in Denmark

Electronic marketing in Denmark

EU regulation

The GDPR applies to most electronic marketing activities, as these involve some use of personal data (e.g. an email address which includes the recipient's name). The most plausible legal bases for electronic marketing will be consent, or the legitimate interests of the controller (which is expressly referenced as an appropriate basis by Recital 47). Where consent is relied upon, the strict standards for consent under the GDPR are to be noted, and marketing consent forms will invariably need to incorporate clearly worded opt-in mechanisms (such as the ticking of an unticked consent box, or the signing of a statement, and not merely the acceptance of terms and conditions, or consent implied from conduct, such as visiting a website).

Data subjects have an unconditional right to object to (and therefore prevent) any form of direct marketing (including electronic marketing) at any time (Article 21(3)).

Specific rules on electronic marketing (including circumstances in which consent must be obtained) are to be found in Directive 2002/58/EC (ePrivacy Directive), as transposed into the local laws of each Member State. The ePrivacy Directive is to be replaced by a Regulation. However, it is currently uncertain when this is going to happen, as the European Commission has discarded its draft of the ePrivacy Regulation after disagreements by the Member States in the Council of the European Union. In the meantime, GDPR Article 94 makes it clear that references to the repealed Directive 95/46/EC will be replaced with references to the GDPR. As such, references to the Directive 95/46/EC standard for consent in the ePrivacy Directive will be replaced with the GDPR standard for consent.

In general, unsolicited electronic marketing requires prior opt-in consent. The opt-in requirement is waived under the ‘same service / product’ exemption. The exemption concerns marketing emails related to the same products / services as previously purchased from the sender by the user provided that:

  • the user has been informed of the right to opt out prior to the first marketing email;
  • the user did not opt out; and
  • the user is informed of the right to opt out of any marketing email received. The exemption applies to electronic communication such as electronic text messages and email but does not apply with respect to communications sent by fax.

Direct marketing emails must not disguise or conceal the identity of the sender.


Denmark regulation

The GDPR applies to electronic marketing activities involving usage of personal data (e.g. an email address which includes the recipient's name).

A company disclosing the personal data or processing the personal data on behalf of another company for marketing purposes, must prior hereto ensure that the data subject has not declined receiving marketing material by registering as such in the Danish Central Office of Personal Registration.

Further, specific rules on electronic marketing (including circumstances in which consent must be obtained) are regulated in Directive 2009/136/EC (the ePrivacy Directive), as transposed into the local laws of each Member State. In Denmark, the ePrivacy Directive has among other things been implemented in the Danish Marketing Practices Act.

Under the Danish Marketing Practices Act, a trader must not approach anyone by means of electronic mail, an automated calling system or a facsimile machine (fax) for the purposes of direct marketing unless the natural person concerned has given his prior consent. The trader must allow free and easy revocation of the consent.

Notwithstanding the above, a trader that has received a customer's electronic contact details in connection with the sale of products may market similar products to that customer by electronic mail, provided that the trader has clearly and distinctly given the customer the opportunity, free of charge and in an easy manner, of declining this both when giving his contact details to the trader and in all subsequent communications.

The ePrivacy Directive is to be replaced by the ePrivacy Regulation, a change which was forecast for spring 2018, however, now postponed indefinitely. From the wording of the latest draft, we can expect a significant toughening of the online and direct marketing landscape and, predictably, a convergence with the provisions in the GDPR.

Continue reading

  • no results

Previous topic
Back to top