Comments made by the lawyer Mikhail Ilyin to an article titled “Don’t mail, don’t call”.

1 September 2011

The law which has been effective for five years protects Russian citizens from direct mail ads and unwanted phone calls: any use of phone numbers and addresses aimed at promoting goods or at political propaganda necessitate the prior consent of the citizen. In reality, however, these restrictions are simply disregarded not only by commercial entities, but by public agencies as well, and only a few infringers are hold liable.

Provisions of law on personal data and advertising are unique – unlike other regulations, they stipulate for presumed guilt of a person making phone calls or mailing ads. They are under a duty to prove that the addressee granted their prior consent to receive ads (both commercial and political). Only in this case one may call or mail ads.

Moreover, the law secures the right of the recipient to forbid mailing, calls or any other usage of their address, phone number and other data at any time.

Other organizations are mailing to clients as well

However, even large lending agencies actively use mailing to promote their services. For instance, Darya, a St.-Petersburg citizen received an SMS message stating that the Home Credit Bank has approved 200 000 rubles credit. The aggrieved person told the reporter of "Fontanka” that having read the text she concluded that some person applied for a credit on her behalf by adding her name to their application, and that now the bank notified her on their decision. “Actually, they may give a weak-nerved person a heart attack! Besides, the SMS contained the code required to obtain credit. I managed to get through to a bank employee on the phone, and she said that one can cease receiving SMS only by taking out a loan. Mind you, other operator has stated otherwise: to have my phone number excluded from database, I should just go to the office and to file an application.”

Darya admitted that once she took up a small loan with this bank and does not remember, what was the content of the contract. The Home Credit Bank acknowledges that they carry out the mailing, but they only mail to their clients, based on the contract signed by the latter. The press-service of the lending agency explained us that the code is required for quick calling line identification. If a client is unwilling to receive information on bank offers, he may apply (including by phone) with the bank for the issue”.

Such practice is adopted by other banks as well, especially those specializing in consumer lending (i.e., banks seeking to acquire lots of reckless clients willing to run into debt). For instance, such letters are mailed out by Tinkoff Kreditnye Sistemy (TSK) bank: “I never utilized crediting services provided by banks, however I and my family regularly receive such proposals issued by TSK bank,” told Svetlana. “The letters state that the Bank has already approved a 30 000 rubles credit for me and that all I have to do is run to the bank and obtain their credit cards right now. But they did not reveal how did they knew my address.”

This bank does not perceive their actions as an infringement. “We commissioned mailing to professional companies which gather information and statistics related to consumer services. Moreover, some clubs and organizations have, as part of a joint program, forwarded proposals of our bank to their clients. People tend to forget that they agreed to receive commercial proposals by the company or its partners, when they were filling out some form. Anyway, they did it. According to the TKS-bank press service, if mobile operators, insurers, carriers, or retailers wish to use personal data of their clients, they shall ask client permission first.”

However, the bank of Oleg Tinkov already appeared in the reports issued by supervisory agencies: the Federal Supervision Agency for Information Technologies and Communications authorized to supervise over compliance with personal data legislation caught the bank partners (Data Management and Data Suarez) using “databases of unknown origin” in client mailout. Nevertheless, the companies simply disappeared, and the Federal Supervision Agency for Information Technologies and Communications was compelled to apply to law-enforcement authorities to find them.

Fan out mailing to all known accounts (customers, partners, etc.) became regular practice of many Russian companies. In particular, such mailings were carried out by bank VTB 24, insurance company “RESO-Garantia”, waterworld “Rodeo Drive”, PMI Radio, DHL Express and others. By way of an experiment and without giving his name, a reporter of “Fontanka” called most of senders of such mail and asked to remove from database any addresses of people who did not consent to receive mail. None of the companies considered it necessary to apologize for carrying out fan out mailing (at times the ads included subscription lists that contained hundreds of addresses).

The end justifies the means

All the interviewed experts considered such practice an unlawful one. “Any usage of a phone number or an e-mail address aimed at sending messages or promotional and informational materials requires a written the consent of the citizen (such consent may be given in electronic form as well),” stated Valerya Rykova, the Senior Associate at Pen&Paper company. “It being understood that consent shall be deemed as unavailable, until proved otherwise.”

Darya Pyatkova, the lawyer of business practice of Rightmark group also noted that addresses and phone numbers are personal data. In general, no usage of such data is allowed without the prior written permission of the citizen: “Should a citizen give no permission to use his personal data, or to mail him any information via any communication facilities, the company shall be expressly deemed to violate the law,” concluded the lawyer Darya Pyatkova.

At the same time, Valerya Rykova pointed out some subtleties. For example, if a citizen wishing to open an account or to get a loan has signed a contract containing their permission to use their personal data, the bank shall be entitled to include this client in their SMS database: “This being said, the client shall anyway retain the right to forbid the bank to use their personal data in promotional SMS, by notifying the bank of their request. The law does not stipulate for any mandatory written form of such request, however, we recommend to send the letter by registered mail, in order to confirm the fact of request.”

Another subtlety consists in using the sources of “publicly available” data: guides, directories, etc. “Organizations can legally call any phones quoted in these sources,” explained Valerya Rykova. “Upon request of a citizen, their personal data should be removed from directories; however, they shall not be protected from phone calls, since their numbers are still present in past editions of directories. In such situation, they should forward their written requests to each organization, after calls (mailings).”

Crime and punishment

In the preceding year, 1.400 complaints concerning breaches of the Law on Personal Data Protection (all aspects of this law), and the majority of these complaints were recognized as justified

Moreover, the advertising market is monitored by the Federal Antimonopoly Service (FАS). According to Mikhail Ilyin, the lawyer of legal firm S&K Vertikal, any distributor of advertising material may be held administratively liable for mailing without the prior consent of the recipient. He mentioned a curious instance of a fan out mailing carried out by Trast Bank: the latter mailed their ads to directorate of FAS, among other recipients! The aggrieved agency penalized the bank with a fine of 40 000 rubles. The bank applied to arbitration court, invoking accidental error as an excuse for mailing to FAS, but their explanations were rejected. Major operators, such as Beeline, Energomashbank, and some other companies were already held administratively liable for sending SMS without the consent of recipients.

However, all these decisions apply to a tiny part of total infringements. According to research data, about 15-30 million spam messages are sent daily in Russia. Experts believe that the problem is rooted in citizens’ unwillingness to struggle for their rights: “Those who send such information are right until a consumer expresses their desire to have their contact information removed from mailing lists,” believes Aleksandr Krasilnikov, the expert of the Higher School of Economics. “There are lots of lists, and each consumer should decide whether they wish to be removed from a specific list. It is quite easy to imagine that costs will greatly exceed benefits.”

Pavel Netupsky, ""

Back to the list