I want to tell you about my recent experience with the Data Protection Commissioner of Ireland.
Self styled Governors of data throughout Europe. They are the Irish supervisory authority for GDPR.
I want to tell you a story about a business man who regularly abuses others’ right to email privacy and ignores their requests to be removed from his list, a list he has built not from opt ins. The business man in question is Peter Halpin of Halpin Sports Partnership.
I’m afraid though.
I’m afraid that this case will serve as an incentive for others to go all out and spam.
But I’m sharing it with you because you may have also been a victim of email abuse from this Irish company selling sports sponsorship that sounds like a famous Swiss muesli but with a H!
I was a victim, more than once, so I decided to do something about it.
I made a report to the Data Protection Commissioner on 3 October.
It started off hopefully:
So they went off and emailed the offender. And I got an email back which reported verbatim the responses that the offender had supplied and in which he stated that he harvested my email address from LinkedIn.
In relation to my repeated requests to be removed from the list, he said “it was human error.”
The DPC concluded that the offender was contacting me lawfully.
1. The DPC believes it is acceptable to harvest email addresses from LinkedIn connections.
This is in direct violation of LinkedIn’s own terms.
So that would have been it.
If you report a case to the DPC, they will send 1 email to the offender, who gets to reply with a load of bullshit about what they know they should do, and then the DPC, satisfied that their work is done, moves to close the case.
Except I didn’t leave it at that.
- I emailed the DPC and asked them to address the fact that none of the mass communications had an unsubscribe link, which I thought was the law?
- I also asked them to confirm that they believe it is legally possible to email all of your LinkedIn contacts.
The DPC ignored me for a few weeks.
But I wasn’t going away.
I emailed the DPC again:
- Asking them to confirm their belief that it is acceptable to harvest LinkedIn connections
- Asking them for the number of reports they need to get in order to take action against repeat offenders.
They came back to say they were re-opening the case.
Gave me a few hoops to jump through, which I did.
And then they ended it all with a letter some weeks later which stated what I said, what they said, didn’t answer my questions, and was a classic case of closing this ass covering communication if I ever saw it.
The essence of the letter, apart from putting me back in my box, was that because this was a first time report, nothing will be done.
2. You can get away with spamming even if you are reported to the Data Protection Commissioner.
Moral of this story - for desperate businesses:
- You can harvest email addresses from LinkedIn or other sources and spam them repeatedly
- If you are reported, say it was human error and there are no consequences whatsoever
- You can get away with being reported once, with no consequences whatsoever
For the rest of us:
- If you receive emails from businesses who you believe are spamming you - report them to the DPC
- If enough people do this about repeat offenders, maybe the DPC might do something about it
- Or maybe not.
The DPC are very good at doing their own PR. They love to flex their might about how they are looking after communications for all of Europe.
It seems to me that they are here to police a different type of business. Perhaps they are after big Tech.
What this means for SME’s which make up 90% of Irish business, is that you’re free to do what you please regardless of consequence.
Carry on spamming if that is your nature.