Direct marketing consists of any marketing that relies on direct communication or distribution to individual consumers, rather than through a third party. Unlike traditional public relations campaigns pushed out through a third party, such as media publications or mass media, direct marketing campaigns operate independently to communicate with target audiences directly.
From a regulatory standpoint, individually directed advertising is subject to specific direct marketing rules, which generally require businesses to obtain consent from a customer before engaging in direct marketing. There are exceptions when companies can engage in direct marketing without obtaining consent from customers. To assess whether an exception would apply, businesses that wish to carry out direct marketing should thoroughly familiarize themselves with the relevant Macedonian regulations.
Under Macedonian law, businesses can engage in direct marketing by relying on the exception for processing personal data for their legitimate interests. Legitimate interest is the most flexible of the lawful grounds for processing personal data, since it is not focused on a particular purpose and therefore allows more scope to potentially rely on it in many different circumstances. Direct marketing may be a legitimate interest depending on the circumstances, but it does not constitute a legitimate interest by default. Businesses that wish to rely on legitimate interest for direct marketing purposes must complete a self-assessment to establish if this exception would apply to them. The self-assessment can be broken down into three parts: (1) the Purpose test – is the business pursuing a legitimate interest? (2) the Necessity test – is the processing necessary for that purpose? and (3) the Balancing test – do the individual’s interests override the legitimate interest?
When it comes to the Purpose test, businesses should be very specific about their purpose and the elements of the processing of personal data, to weigh the benefits of the Balancing test. For example, online behavioral advertising, which processes personal data, amounts to profiling where personal data is used. Online behavioral advertising is the collection (via cookies or similar technologies) of information about an individual’s online browsing habits – such as websites visited, search terms entered, and adverts clicked on – and is used to serve advertising tailored to that individual’s interests. It may be conducted by a website owner solely based on activity on its site, or by a third-party tracking activity across multiple websites and serving adverts for products not necessarily sold on the website. Under Macedonian law, consent by the customer is always required when direct marketing includes profiling. Failure to obtain prior consent from customers can result in fines of up to 2% of the total worldwide annual turnover of a company in the preceding financial year.
Furthermore, businesses should establish if direct marketing would comply with the rules on direct marketing by electronic means. Specific rules apply to marketing by electronic communications, like automated telephone calls, fax, e-mail, voice, picture, and text messages. There are no restrictions for businesses to send solicited marketing messages (marketing communication specifically requested). However, unsolicited marketing messages (marketing communication that has not been specifically requested) are prohibited, unless the customer has previously consented to it. This restriction applies only to unsolicited marketing communication to individuals, and not to B2B marketing.
It is important to note that legitimate interest may not be an appropriate basis for businesses that intend to process personal data for the purposes of direct marketing by electronic means. Since direct marketing by electronic means without consent is unlawful under Macedonian electronic communications regulations, it is also unlawful under Macedonian data protection regulations without consent. Businesses cannot use legitimate interest to legitimize the unlawful processing under electronic communications regulations. If a business has obtained consent in compliance with electronic communications regulations, in practice, consent would also be the appropriate lawful basis under the data protection regulations. Applying a legitimate interest self-assessment would be entirely unnecessary in such a case.
For the Balancing test, the relevant factors to consider are whether individuals would expect their personal data to be used for direct marketing, the potential nuisance factor of unsolicited marketing messages, and the effect of the chosen method and frequency of communication on individuals.
By Gjorgji Georgievski, Partner, and Kristina Tomashevska-Blazhevska, Senior Associate, ODI Law