New tools, old problems

By Daragh O Brien
June 10, 2015
18min read

Every iteration of communications tools brings with it opportunity for those tools to be used to promote businesses, sell services, and raise awareness.

Twitter is one such tool. I love it. I was a relatively early adopter and have been a regular tweeter since 2009 (longer than many “social media consultants” I’ve met over the last few months). Recently I’ve begun receiving DMs from sole traders and small business owners who I follow promoting their services or with a call to action to go and look at a new product or service they are offering.

There is only one problem. That’s probably illegal.

The Law

In Ireland, the applicable law is SI336 of 2011, which gives effect to the 2009 Electronc Privacy Directive. That legislation covers all electronic marketing by phone, fax, sms, email, and other electronic means.

The rules relating to marketing using “electronic mail” are contained in Section 13(1) of the Regulation. It’s a pretty clear and unambiguous rule.

13. (1) Subject to paragraph (2), a person shall not use or cause to be used any publicly available electronic communications service to send to a subscriber or user who is a natural person an unsolicited communication for the purpose of direct marketing by means of— (a) an automated calling machine, (b) a facsimile machine, or (c) electronic mail, unless the person has been notified by that subscriber or user that he or she consents to the receipt of such a communication.

Section 13(4) deals with the question of communications to “non-natural persons” such as businesses:

A person shall not use or cause to be used any publicly available electronic communications service to send an unsolicited communication for the purpose of direct marketing by means of electronic mail, to a subscriber or user other than a natural person, where the subscriber or user has notified the person that the subscriber or user does not consent to the receipt of such a communication.

The key term in the legislation that relates to Twitter DMs is “Electronic Mesage”. It is defined as follows:

“electronic mail” means any text, voice, sound or image message including an SMS message sent over a public communications network which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient;

(emphasis is added by me).

The Twitter Rules

It’s also worth bearing in mind that Twitter has some clearly set out rules about Spamming and the acceptable use of their platform by people and businesses. You can find those rules here:

If you send unsolicited Direct Marketing via a DM channel, you may be blocked by people for sending spam. If you are blocked by a large number of people, Twitter can (and will) suspend your account. Personally, I can’t wait to see that happen to some of the anti-social media consultants who’ve been DM spamming me on my personal twitter accounts and the company account recently.

The implications

A DM on Twitter is a text, voice, sound or image message. It is sent over a public communications network. It is stored on the network (twitter) or on the recipients terminal equipment (i.e. a computer, phone, tablet that is connected to a communications network) until it is collected (read) by the recipient.

So, a Twitter DM is an electronic message. Therefore the same rules as apply to email and SMS apply to DMs that are promoting products or services. You need to have prior, informed, opt-in consent when sending messages to natural people (i.e. human beings) and you need to have a mechanism for people to opt-out of recieving messages if they are businesses or other types of non-natural person. The penalty for getting this wrong is €3000 per instance of offence. While the Data Protection Commissioner hasn’t prosecuted for a spammy DM yet, their second largest area of enforcement action is in the area of unsolicited direct marketing. Given that a number of the team in the DPC’s offices read this blog (and my other one) I would be unsurprised if their analysis doesn’t match mine in this context. Get ready for the guidance note!

“But they followed me” is not the same as “they gave me permission to direct market to them” so is unlikely to be a defence. People follow people on Twitter to have their public broadcast tweets enter their timeline. This is like turning on the radio and having an advert for a particular brand of coffee popping into your ear every 45 minutes. It’s not direct marketing. It’s broadcast marketing. Once you target an individual with the message however that makes it a direct communication and the rules on electronic marketing apply. This means that organisations and businesses looking to use Direct Messaging on Twitter (or Private Messages on Facebook for that matter) as a way of promoting their businesses need to ensure that they are managing that on the basis of a clear opt-in consent.

How can this be achieved?

  • Put it in your bio that if people follow you you will from time to time direct message them with offers or promotions that might be of interest to them (expect your followers to drop like a rock)
  • Have a method for capturing an “opt-in” for DMs about products or services and DM only those people when you have a “sales pitch” message or call to action – an initial DM to followers inviting them to sign up for an opt-in list for DM marketing will get you a validated list. You need to ensure that people have a free and easy way of getting back off that list as well.
  • For non-humans, remind them they can opt-out by unfollowing you

Having a separate opt-in list gives you something you can bring to the Twitter Police or the Data Protection Commissioner if your account is suspended or you are contacted about a DPC investigation. You have a strong argument that you were not engaging in spamming by DM because you had sought and obtained an additional level of permission over and above what Twitter’s default settings cater for. Just relying on the “They followed me” defence will hold very little water with the DPC and is unlikely to impress the Twitter Abuse team.

Learn More

To learn more about how Data Protection rules can affect Direct Marketing strategy for small businesses and social media, why not register your interest in our Data Protection for SMEs course taking place in August. Places are limited and we will be confirming venues based on where in the country we get the most interest from.

Related Insights


Keep up to date with all our latest insights, podcast, training sessions, and webinars.

This field is for validation purposes and should be left unchanged.