RE: [WSG] Check boxes ticked (UK Law)
Paul, I think you are way off topic here. If you want to contact me directly I'd be happy to help [EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Paul CollinsSent: 30 January 2006 15:33To: wsg@webstandardsgroup.orgSubject: [WSG] Check boxes ticked (UK Law) Hello all I recall reading somewhere a while back that UK law states you can't have a check box ticked on a form EG- "untick this box if you don't want to receive emails" would beillegal for a UK site. Could anyone tell me if I'm right or wrong and if possible give me some credible links to back this up?Thanks heaps, Paul Collins
Re: [WSG] Check boxes ticked (UK Law)
I believe this question would fall within the scope of this group. Anyway I would be very interested to know the answer to this, with a link to the related legislation. Giles Clark wrote: Paul, I think you are way off topic here. If you want to contact me directly I'd be happy to help [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of *Paul Collins *Sent:* 30 January 2006 15:33 *To:* wsg@webstandardsgroup.org *Subject:* [WSG] Check boxes ticked (UK Law) Hello all I recall reading somewhere a while back that UK law states you can't have a check box ticked on a form EG - untick this box if you don't want to receive emails would be illegal for a UK site. Could anyone tell me if I'm right or wrong and if possible give me some credible links to back this up? Thanks heaps, Paul Collins ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
Re: [WSG] Check boxes ticked (UK Law)
On 31 Jan 2006, at 12:33 am, Paul Collins wrote: I recall reading somewhere a while back that UK law states you can't have a check box ticked on a form EG - untick this box if you don't want to receive emails would be illegal for a UK site. That would be European Community law, not only UK law. And yes, I believe this to be correct. You have to make this 'opt- in', default being 'opt-out'. Philippe --- Philippe Wittenbergh http://emps.l-c-n.com/ ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
Re: [WSG] Check boxes ticked (UK Law)
Just out of curiosity, what about Tick this box if you don't want to receive massive amounts of spam? Is it really anti-checked box, or anti-default-opt-in? Seems pretty... open to abuse and/or re-interpretation, unless it's the latter. On 1/31/06, Philippe Wittenbergh [EMAIL PROTECTED] wrote: On 31 Jan 2006, at 12:33 am, Paul Collins wrote: I recall reading somewhere a while back that UK law states you can't have a check box ticked on a form EG - untick this box if you don't want to receive emails would be illegal for a UK site. That would be European Community law, not only UK law. And yes, I believe this to be correct. You have to make this 'opt- in', default being 'opt-out'. Philippe ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
Re: [WSG] Check boxes ticked (UK Law)
Richard Czeiger wrote: I agree - I think the areas of Web Standards and Best Practices should go side by side. If one country has decided to actually legislate on something then it's at least worth discussing. I fail to see how the UK's anti-spam law is relevant to web standards...but nonetheless: IANAL, but the reference I can find is The Directive on Privacy and Electronic Communications (2002/58/EC) http://www.dti.gov.uk/industries/ecommunications/directive_on_privacy_electronic_communications_200258ec.html extends controls on unsolicited direct marketing to all forms of electronic communications including unsolicited commercial e-mail (UCE or Spam) and SMS to mobile telephones; UCE and SMS will be subject to a prior consent requirement [ed. an opt-in], so the receiver is required to agree to it in advance, except in the context of an existing customer relationship, where companies may continue to email or SMS to market their own similar products on an 'opt-out' basis; This is in line, as Philippe mentioned, with the European directive http://europa.eu.int/information_society/policy/ecomm/todays_framework/privacy_protection/spam/index_en.htm Article 13(1) of the Privacy and Electronic Communications Directive requires Member States to prohibit the sending of unsolicited commercial communications by fax or e-mail or other electronic messaging systems such as SMS and MMS unless the prior consent of the addressee has been obtained (opt-in system). The only exception to this rule is in cases where contact details for sending e-mail or SMS messages (but not faxes) have been obtained in the context of a sale. Within such an existing customer relationship the company who obtained the data may use them for the marketing of similar products or services as those it has already sold to the customer. Nevertheless, even then the company has to make clear from the first time of collecting the data, that they may be used for direct marketing and should offer the right to object. Moreover, each subsequent marketing message should include an easy way for the customer to stop further messages (opt-out). The opt-in system is mandatory for any e-mail, SMS or fax addressed to natural persons for direct marketing. It is optional with regard to legal persons. For the latter category Member States may choose between an opt-in or an opt-out system. Now, I can't find a definitive piece of legislation or code of practice that clearly says an opt-in needs to be an unticked checkbox that the user needs to actively check, and an opt-out needs to be a ticked checkbox that the user needs to actively uncheck, but I strongly suspect that there is case law relating to this, and any double-triple-negative obfuscation a la don't check this checkbox if you don't want to receive no spam would not hold in a court of law and make a contract thus entered null and void. Again, IANAL, but speaking purely from a common-sense point of view. P -- Patrick H. Lauke __ re·dux (adj.): brought back; returned. used postpositively [latin : re-, re- + dux, leader; see duke.] www.splintered.co.uk | www.photographia.co.uk http://redux.deviantart.com __ Web Standards Project (WaSP) Accessibility Task Force http://webstandards.org/ __ ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
Re: [WSG] Check boxes ticked (UK Law)
Paul Collins wrote: Could anyone tell me if I'm right or wrong and if possible give me some credible links to back this up? http://www.theregister.co.uk/2004/01/26/prior_consent_does_not_mean/ Kind of right, kind of wrong :) ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
Re: [WSG] Check boxes ticked (UK Law)
To quickly follow up, before the thread gets presumably closed for being way off topic: Patrick H. Lauke wrote: The Directive on Privacy and Electronic Communications (2002/58/EC) http://www.dti.gov.uk/industries/ecommunications/directive_on_privacy_electronic_communications_200258ec.html extends controls on unsolicited direct marketing to all forms of electronic communications including unsolicited commercial e-mail (UCE or Spam) and SMS to mobile telephones; UCE and SMS will be subject to a prior consent requirement That seems to be an interesting distinction to the EC directive: it only mentions prior consent, not necessarily an opt-in. According to law firm Pinsent Masons' article http://www.out-law.com/page-5657 (free reg required) Consent by definition requires some sort of positive action on behalf of the recipient. However, it is a widely held misconception in data protection terms that consent requires that the user opts-in to their data being used. Prior consent does not mean the same thing as opt-in. [...] Prior consent, however, does not specify any particular means of assessing the user's intention. Therefore, while opt-in is one way of demonstrating a user's consent, it is not the only way. Another equally acceptable practice would be to collect the customer's details, at the same time presenting them with a data protection notice which is drafted to state that by providing their details the user consents to the receipt of unsolicited marketing emails. Key to this is the way in which the consent statement is drafted. It must be a positive statement, the effect of which is to be considered as positive consent by the user. At the same time the user must be provided with an opportunity to opt-out of their details being used for this method. The best way of achieving this is to include an opt-out tick box as a part of the data protection notice. -- Patrick H. Lauke __ re·dux (adj.): brought back; returned. used postpositively [latin : re-, re- + dux, leader; see duke.] www.splintered.co.uk | www.photographia.co.uk http://redux.deviantart.com __ Web Standards Project (WaSP) Accessibility Task Force http://webstandards.org/ __ ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **