Digital and social media marketing laws are the subjects of a three-part series beginning with this one. For those of you in other parts of the world, this will guide future considerations. The emphasis will be on the UK (with elements that are similar to other European countries).
This series will cover eight different topics, not all of which are directly related to specific statutory powers
- Designs, Copyright and Patents Act 1988
- In the year 1998, the Data Protection Act came into effect.
- The Privacy and Electronic Communications (EC Directive) Regulations 2003 govern privacy and electronic communications.
- There are regulations in place that require companies to make trading disclosures to investors.
- In the year 2000, Congress passed the Electronic Communications Act (ECA).
- The law and social media.
- Advertising Standards Committees (CAP).
Part one of this series will discuss the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
Copyright, Patents and Designs Act 1988.
Intellectual property and copyrights are two topics I have already written an in-depth article on (you can find it here). As a digital and social media marketer, you must be aware of specific points before creating or commissioning a piece of work. So I’ll go over some of the basics again. Keep in mind that all work created by an artist or designer is protected by copyright. Ensure that all employment and business contracts contain an explicit statement regarding copyright ownership to minimize your risk in the event of a dispute.
A section of the copyright act called ‘fair use’ limits and exceptions to an owner’s copyright in the form of commentary and news reporting, and teaching and archiving. According to the 1988 Copyright, Designs, and Patents Act, copyright has the following duration:
- Seventy years for works of literature, drama, music, and the arts.
- Fifty years of sound recordings.
- It covers 70 years.
- Twenty-five years of typographic arrangement in published editions.
- Fifty years of television and cable programs.
- It has been 125 years since Crown Copyright was founded.
- Copyright in Parliament has existed for fifty years.
Data Protection Act 1998.
The EU enacted directive 95/46/EC to ensure the privacy and security of all personal data collected from or about EU citizens. The Data Protection Act 1998 is how the UK interprets this directive. It has something to do with how much data is processed, used, or exchanged. The following eight principles must be followed as digital or social media marketing if you manage any personal information at all (even through a third party).
- The processing of information must be fair and legal.
- You have to process information for specific purposes.
- Adequate, relevant, and not excessive information are all requirements.
- The data must be correct and current.
- In no case should the information be kept for longer than is necessary?
- Individuals’ rights must be respected when processing information.
- The security of information is critical.
- Without adequate protection, information should not be transferred outside of the European Economic Area (EEA)
Personal information management through a third party is vague because social media platforms like Facebook and Twitter are managed by US organizations whose privacy laws differ from Canadian ones. I have yet to come across any case law involving violations of the act, which is critical because you are still processing, using, and exchanging data via these mediums, strictly speaking. Specific contracted services like web hosting or email marketing necessitate adhering to the above mentioned principles, or you run the risk of violating the law.
According to the Data Protection Act, individuals have several necessary rights, including learning what organizations store personal information about them. To be more detailed, individuals have a right to know what information companies have about them on a computer or in a particular filing system. Subject Access Requests can be made by anyone who wants to view or obtain a copy of the data. Individuals also have the option to refuse the use of their data for marketing purposes. Data Protection Act and Privacy and Electronic Communications Regulations should not be viewed in isolation; the following section provides an overview of these regulations.
Regulations on Privacy and Electronic Communications (EC Directive) 2003 (PECR).
The PECR is a piece of legislation that exists side by side with the Data Protection Act. There are four main areas covered in this report.
- For the Usage of digital/electronic marketing methods, use tracking technologies such as cookies or web beacons.
- Electronic communications service security general population.
- Customers’ communications network privacy is protected
One must not hide their identity in marketing emails they send; they must provide genuine opt-out addresses (or an opt-out link); they cannot send electronic messages without your prior
One must not hide their identity in marketing emails they send; they must provide genuine opt-out addresses (or an opt-out link); they cannot send electronic messages without your prior consent; they must inform people if they set cookies and explain what the cookies do and why they are set. Additionally, you must obtain the user’s agreement. It’s okay if consent is implied, but it must be provided voluntarily.
Because this is only required the first time you set cookies, you can skip doing it every time the same visitor comes to your website after that. Keep in mind, however, that various people may utilize different equipment. It’s a good idea to repeat this process if you expect more than one user to be using it.
It’s unclear whether organizations outside the European Union must comply with the ‘cookie law,’ as it’s an EU directive. However, this is another grey area where no case law has been developed to provide clear guidance; organizations targeting individuals from the EU or a specific country within it should.
When a complaint or a breach occurs, what happens? In the UK, the Information Commissioner’s Office (ICO) will determine whether the Data Protection Act and PECR have been violated as ‘likely’ or ‘unlikely.’ For example, they may pursue criminal cases while enforcing non-criminal laws/or conducting data audits. There is also a monetary penalty notice that can be issued by the Information Commissioner, which can result in a fine of up to £500,000. As a result, if you’re starting a company or a nonprofit, you should think about these rules.
I’ll wrap up Part 1 next week with a look at the Companies (Trading Disclosures) Regulation of 2008, the Electronic Communications Act of 2000, and things to keep in mind while creating a social media strategy.