Text-bombs of Unsolicited Promotional Messages: Do Consumers have Control Over their Personal Information?
Recently the consumer rights day was celebrated around the world and in Sri Lanka under the theme healthy diets, where consumer rights in terms of dietary information in food was the central focus. An unrelated, yet growing concern in terms of consumer rights is the privacy of consumers. Many of the fast food restaurants and other restaurants in Sri Lanka that accept online and/or phone orders are now in the habit of saving contact details for speedy processing of future orders. This can be considered a benefit to the consumer. However, it is becoming common practice that these restaurants are using such contact information for their promotional activities. For instance, the leading international fast food chains operating in Sri Lanka specializing in pizza and burgers bombard their patrons with promotional material via mobile text messages. The receipt of scores of such unsolicited messages makes one wonder if the restaurants are on a mission to punish patrons for deviating from home cooked meals!
“Receipt of promotional material from third parties raises the question whether personal information provided by consumers are being shared or sold to third parties”
At the time of placing a food order and the related exchange of information, no explicit consent is sought from consumers to use their contact information for future communication of promotional information. Similarly, many of the loyalty cards provided by restaurants and other retail establishments in Sri Lanka often do not explicitly seek the consumer’s consent to contact them with promotional material. Nonetheless, most of them do contact consumers for direct marketing. The absence of explicit consent does not mean implicit consent. Additionally, consumers of such food and retail establishments also receive promotional material from unrelated commercial establishments, such as realtor, housing developers and financial institutions. The receipt of promotional material from third parties raises the question whether the personal information provided by consumers are being shared or sold to third parties.
The compilation and sale of individuals’ personal information is termed “list brokerage”. Information sourced from list brokering is often used to contact individuals for marketing and promotional activities. Common sources where personal information is gathered for list brokerage includes business transactions and information provided in warranty cards and loyalty cards. Often, companies that are involved in list brokerage do not inform individuals of their information sales activities.
In other countries, there are strict laws against such violations in the use of contact information. For instance, in the UK individuals need to be informed that their personal data will be used for marketing and given the option to opt out. In some cases, they must opt in. Similarly, customers should be provided with an easy way to opt out.
As per the US Fair Communications Commission (FCC) text messages sent to a mobile phone using an auto-dialer is banned unless the user has previously consented to receive the message or the message is sent for emergency purposes. Additionally, in the US there is a “Do not call list” in which consumers who do not want such messages can place their numbers, to stop being further disturbed.
Along with direct marketing laws, most developed countries also have data protection laws to prohibit sharing/disclosure of contact information. For example, the state of California (in the US) has the SB 27 – commonly known as the “Shine the Light Law”, which allows any Californian to make a request to almost any business for a disclosure of how individuals’ information is used for secondary marketing purposes. The Sri Lankan institutional framework seems to lack such protection to consumers. The Consumer Affairs Authority (CAA) established under the Consumer Affair Authority Act of 2003 focuses mainly on the promotion of effective competition and the protection of consumers and for the regulation of internal trade. In essence, the CAA mainly protects consumers in terms of price and quality of products, and does not specify about the rights of consumers in protecting their personal information. As such, it is high time that Sri Lanka gears up in this area and develops rules and regulations to protect consumer rights in terms of their privacy and information.