'Prohibition of coupling' – Since the General Data Protection Regulation (GDPR ) has come into place, this term is often used in connection with marketing activities. But few people are aware of what it is really all about. So it is not surprising that many people violate the prohibition of coupling without even knowing. Lawyer Mario Steinberg explains what the regulation means for your email marketing.
If you violate this prohibition of coupling - whether knowingly or unknowingly - with your marketing activities, it can certainly end badly: Because at the latest since the Conference of Independent Data Protection Supervisors on 14.10.2019, its Concept for setting fines it is clear that data protection violations can be really expensive, even for small companies, freelancers and self-employed persons.
This can prohibition of coupling often be avoided by some rewording. In the following article I would like to explain how this can be done and what needs to be considered.
What exactly is prohibition of coupling?
Most violations of this prohibition of coupling are probably committed in email marketing. Before we get to the details, however, let's first take a brief look at the legal background to the prohibition of tying (who is interested in more detail: A more detailed description of the legal situation comes at the end of the article):
As always, the starting point is the European data protection basic regulation. One of the iron principles GDPR is that all data processing requires a legal basis. So if I want to do e-mail marketing and send newsletters, I also need a legal basis for this.
The legal basis for e-mail marketing is the consent of the newsletter subscriber. One of the prerequisites for effective consent is that it is given voluntarily.
This prohibition of coupling is precisely the crux of the matter: According to Article 7 (4) GDPR, when assessing whether consent is given voluntarily, it must be taken into account whether the fulfilment of a contract (or the provision of a service) is subject to consent to the processing of personal data which are not necessary for the performance of the contract (or the provision of the service).
Translated this means: If I make my service dependent upon consent to anything else that has nothing to do with my service, consent is not voluntary.
It is therefore prohibited to "couple" a service to the consent to something completely different.
Example: Sending a blog newsletter
On a blog website that is purely informative and where no services (freebies, e-books etc. for download) are offered at all, a newsletter can be subscribed to inform about future blog posts. The blogger does not pass on the subscribers' data to third parties and uses them exclusively for sending the newsletter.
This case is completely in order and unproblematic from the point of view of the prohibition of tying, since no service is "tied" to the sending of the newsletter and thus no violation of this can be prohibition of coupling present at all.
It should be clear, of course, that the other requirements for an effective consent of the newsletter subscriber must be met:
- Declaration of consent by actively clicking on a checkbox
- Subsequent confirmation of the specified e-mail address by clicking a confirmation link sent to it (so-called double opt-in procedure)
Furthermore, due to the principle of data economy, the interested party in the newsletter should only have to provide his e-mail address (and not his first and last name, postal address, date of birth, etc.) as mandatory information. And the data protection declaration must specify exactly how the subscriber's personal data collected in connection with the newsletter dispatch are processed.
But the problems with this prohibition of coupling start when the newsletter dispatch is linked to any service.
Example: The "free" e-book
A "coach" offers a "free" e-book for download on his website. If a website visitor then clicks on the corresponding download link, however, he must first register for a newsletter – whereby he naturally at least impliedly (i.e. by conclusive action) agrees to the processing of his personal (registration) data.
This is prohibition of coupling violated here because the newsletter registration (or the associated consent to the processing of the personal data of the registering person) is not required for the download of a "free" e-book.
There would be no violation of this prohibition of coupling if the coach were to state quite openly on his website – what GDPR calls "transparent" – that the information to be provided in the context of the newsletter registration (the personal data) is the trade – i.e. the payment – for downloading the e-book.
It would be transparently communicated that the e-book is not free of charge, but that it is actually a kind of exchange. This would require the newsletter registration for the service (exchange e-book for data) and the consent would be given voluntarily - and thus effectively.
The right communication is everything
It should have become clear from the two examples that it is prohibition of coupling crucial to clearly communicate which service is provided for which consideration.
And if an e-book or any other freebie is actually only offered as "free" in order to get the e-mail address and possibly other data of the interested party, it is not free - but "costs" an e-mail address and possibly other data.
Consequently, the following applies:
In e-mail marketing, this is always prohibition of coupling violated if the newsletter subscriber is not aware that his or her data is the consideration for a (supposedly free) service.
Finally, here's a little self-test to see if your email marketing possibly violates thisprohibition of coupling . It becomes problematic if you can answer one of the following questions with yes. Then you should take a closer look at the matter again.
- Is registration to my newsletter necessary to get another service from me (a freebie etc.)?
- Do I advertise the other service as "free"?
- When registering for the newsletter, do I conceal the fact that the information provided (e-mail address, etc.) is in return for my service?
Finally: The regulations on the prohibition of coupling
Here is the somewhat more precise (legal) description of the prohibition of coupling mentioned at the beginning: According to Article 6 (1) of the GDPR, any data processing requires a legal basis. One of these legal bases is the consent of the person concerned (by the data processing). The term "consent" of the data subject is defined in Art. 4 (11) GDPR as follows:
Any freely given, informed and unequivocal expression of will in the specific case, in the form of a declaration or any other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her
Important in this context prohibition of coupling is the term "voluntary" and the related provision in Art. 7 (4) of the GDPR:
In assessing whether consent is given voluntarily, the fact that, inter alia, the performance of a contract, including the provision of a service, is subject to consent to the processing of personal data that are not necessary for the performance of the contract must be taken into account to the maximum extent possible.
The decisive criterion for the voluntary nature of the contract is thus whether the performance of the contract is made dependent on consent to data processing that is not necessary for the performance of the contract.
If this is not the case, there is an inadmissible linkage of consent to the fulfilment of the contract. In the absence of a voluntary nature, the consent is invalid; data processing based on it is not permitted. This violation of data protection can result in substantial fines.