"prohibition of coupling " - Since the European Data Protection Regulation (GDPR ) came into force, this term is often used in connection with marketing measures. But very few people are aware of exactly what it means. Thus it does not surprise that many offend against the prohibition of coupling , without knowing it at all. Attorney Mario Steinberg explains what the ban means for your email marketing.
If you violate the prohibition of coupling with your marketing measures - whether knowingly or unknowingly - it can end quite badly: Because at the latest since the conference of independent data protection supervisory authorities published its concept for the calculation of fines on 14 October 2019, it is clear that data protection violations can also be really expensive for small companies, freelancers and self-employed persons.
A violation of the prohibition of coupling can often be avoided by a few rewordings. In the following article, I would like to explain to you how to do this and what you need to consider.
What exactly is prohibition of coupling?
Most violations of the prohibition of coupling are probably committed in email marketing. However, before we get into the details, let's first take a brief look at the legal background of the tying ban (for those who are interested in more detail: A more detailed presentation of the legal situation comes at the end of the article):
As always, the starting point is the European Data Protection Regulation. One of the ironclad principles of GDPR is that any data processing requires a legal basis. So if I want to do email marketing and send newsletters, I also need a legal basis for this.
The legal basis for email marketing is the consent of the newsletter subscriber. A prerequisite for effective consent is, among other things, that it is given voluntarily.
This prohibition of coupling is precisely the crux of the matter: According to Article 7 (4) GDPR, when assessing whether consent is given voluntarily, it must be taken into account whether the fulfilment of a contract (or the provision of a service) is subject to consent to the processing of personal data which are not necessary for the performance of the contract (or the provision of the service).
Translated, this means: If I make my service dependent on consent to anything else that has nothing to do with my service, the consent is not voluntary.
It is therefore prohibited to "couple" a service to the consent to something completely different.
Example: Sending a blog newsletter
On a blog website that is purely informative and on which no services (freebies, e-books etc. for download) are offered at all, a newsletter can be subscribed to, which informs about future blog posts. The blogger does not pass on the subscribers' data to third parties and uses them exclusively for sending the newsletter.
From the point of view of the prohibition of tying, this case is completely in order and unproblematic, since no service is "tied" to the dispatch of the newsletter and thus no violation of the prohibition of coupling can exist at all.
Of course, it should be clear that the other requirements of an effective consent of the newsletter subscriber must be present:
- Declaration of consent by actively clicking a checkbox
- Subsequent confirmation of the e-mail address provided by clicking on a confirmation link sent to this e-mail address (so-called double opt-in procedure).
The problems with the prohibition of coupling start, however, when the newsletter dispatch is linked to any service.
Example: The "free" e-book
A "coach" offers a "free" e-book for download on his website. If a website visitor then clicks on the corresponding download link, however, he must first register for a newsletter – whereby he naturally at least impliedly (i.e. by conclusive action) agrees to the processing of his personal (registration) data.
Here, the prohibition of coupling is violated, because the newsletter registration (or the associated consent to the processing of personal data of the registrant) is not required for the download of a "free" e-book.
There would be no violation of this prohibition of coupling if the coach were to state quite openly on his website – what GDPR calls "transparent" – that the information to be provided in the context of the newsletter registration (the personal data) is the trade – i.e. the payment – for downloading the e-book.
This would transparently communicate that the e-book is not free of charge, but actually a kind of exchange. Because this would mean that the newsletter registration would be necessary for the service (exchange e-book for data) and the consent would be given voluntarily - and thus effectively.
The right communication is everything
From these two examples it should be clear that it is crucial for prohibition of coupling to clearly communicate which service is provided for which consideration.
And if an e-book or any other freebie is actually only offered as "free" in order to get the e-mail address and possibly other data of the interested party, it is not free - but "costs" an e-mail address and possibly other data.
Finally, here's a little self-test to see if your email marketing might violate prohibition of coupling . It becomes problematic if you can answer one of the following questions with yes. Then you should take a closer look at the matter.
- Is signing up for my newsletter required to get another service from me (a freebie, etc.)?
- Am I advertising the other service as "free"?
- When I sign up for the newsletter, am I concealing the fact that the information provided (email address, etc.) is the consideration for my service?
Finally, the regulations on the prohibition of coupling
Here is the somewhat more precise (legal) description of the prohibition of coupling mentioned at the beginning: According to Article 6 (1) of the GDPR, any data processing requires a legal basis. One of these legal bases is the consent of the person concerned (by the data processing). The term "consent" of the data subject is defined in Art. 4 (11) GDPR as follows:
Important in this context prohibition of coupling is the term "voluntary" and the related provision in Art. 7 (4) of the GDPR:
The decisive criterion for voluntariness is thus whether the performance of the contract is made dependent on consent to data processing which is not necessary for the performance of the contract.
If this is not the case, the consent is inadmissibly linked to the performance of the contract. In the absence of voluntariness, the consent is invalid; data processing based on it is not permitted. The consequence of this data protection violation can be substantial fines.