Do some barriers to opting out of direct marketing risk a breach of the Data Protection Act?
I’m trying to open a credit card account: long interest-free periods are useful for those who are careful with their money. They’re also useful for people like me.
My application was going fine until the point at which I was asked to agree to their policy on the use of my information for marketing purposes. This says
[Generic Financial Services Company] may inform me of special offers, products and services, either by letter, telephone or e-mail. If I am a new GFSC customer and I do not wish to receive marketing material by letter, telephone or email, or any combination of these I can write to you at GFSC, Marketing opt-out, FREEPOST XXXX
Thanks GFSC, but I don’t have to send you snail mail to opt-out of marketing. Section 11 of the Data Protection Act 1998 (DPA) simply says I can serve a notice in writing requiring you to cease, or not to begin, processing my personal data for the purposes of direct marketing. “In writing” includes, by virtue of section 64 of the DPA, email.
So I agreed to the terms of their marketing statement (I didn’t have to do that by snail mail, of course – I just ticked a box) and then very cleverly emailed them serving a section 11 notice requiring them not to being marketing, and asking them to confirm receipt of the notice.
However, I’ve now received a friendly email saying
Thank you for your message. The email service you have used is not 100% secure and we’re unable to reply to you using this service. Emails can be intercepted which is why we provide secure messaging within our Online Banking facility. I’m unable to access your account details and provide the information you require. I want to answer your query, but in a secure environment…
I didn’t “require” any specific information (other than an acknowledgement of receipt) and I was not wishing to discuss any matters which required secure email correspondence (I had freely provided my name and address). And I don’t have account details, because they haven’t accepted me as a customer yet.
So now I’m in limbo. I agreed to receive direct marketing, by ticking an online box, but immediately served a section 11 notice which they presumably won’t pay any attention to.
However, in strict terms the fact I got a reply to my email confirms that my notice was received. It may not mean I won’t get direct marketing, but it does probably mean that any such marketing would be sent to me unlawfully, in breach of section 11 of the DPA, as well as the first, second and sixth principle in Schedule One, and (therefore) section 4(4).
Having said all this I’m not sure I should name this nation wide financial institution, because I still want the service, and my principles don’t quite extend to withdrawing my application under these circumstances. I’m left wondering what I should do?
informationrightsandwrongs 
In my experience, financial services companies only understand opt-outs and the like when they are in “compliance mode”. Try to exercise your rights without following their specific channel at what they think is the right time, and they don’t comprehend. In this case, they received your Section 11 request and if they don’t action it, you should complain.
Either snail mail through their suggested channel or by Recorded Signed For addressed ‘Company Secretary, [registered address for company]’ which you get from Companies House. ‘Company Secretary’ gets it opened by someone lawyer-ish as that is a good address for service of letters before action and summonses. Hopefully wakes them up to the trouble they could get in.