Can my e-communication be prohibited as spam or unlawful use of data? (cont’d)
(e) Electronic mail and personal data
Electronic mail under the AISS is, as explained previously, a message between a finite and unchangeable number of parties. In order to reach the recipients of the message, it will often be necessary to use the user ID or e-mail address of individuals (e.g. the account ‘EmmaB’ on a web board or the e-mail address firstname.lastname@example.org), which are personal data. Consequently, quite apart from the issue of compliance with the AISS, a company must ensure that any e-communication by electronic mail complies with the rules in terms of processing of personal data.
As the purpose of this website is not (at this stage) to provide an in-depth analysis of the Privacy Act, we shall restrict ourselves to the principles of the Privacy Act and their application in practice.
In summary, the processing of personal data (user ID, e-mail address, etc.) must be legitimate (i.e., in most cases, justified on the basis of either consent of the data subject or of performance of a contract) and must be made for lawful purposes; in addition, a certain degree of transparency is to be observed (in the sense that the person in question, the data subject, must notably be informed of his or her rights), and the rights of the person in question may not be violated.
It is worth noting that in addition to avoiding being classified as ‘electronic mail’, public communications (as defined previously) do not normally entail any processing of personal data by the company in the transmission process, as they do not have any specific and identifiable recipients.