Friday, September 05, 2008


Just came across this interesting paper written in the latest BNA World Data Protection Report on the legal status of "bluespam":

"Bluespam: Is it legal?" examines whether so called bluespam falls within the restrictions imposed by the Privacy and Electronic Communications Directive [2002/58/EC] and whether organisations can therefore be prevented from marketing via bluetooth without first obtaining consent. It also considers the practicality of obtaining consent from bluetooth users and discusses the options for Bluetooth users who do not wish to receive bluespam.

Increasingly, we are seeing Bluetooth technology being used for the purposes of direct marketing to mobile phones.

"There are options for those that do not wish to receive direct marketing via Bluetooth – you can turn the Bluetooth on your mobile phone or other device off or “hide” your phone. However, many will take the view that they should not have to take such steps to avoid receiving what is termed as “Bluespam”.

Whilst at first glance Bluespam appears to fall into the same category as unsolicited direct marketing via email, telephone and SMS spam (all of which are caught by the terms of the Privacy and Electronic Communications Directive (Directive 2002/58/EC), there is legal uncertainty as to whether the Directive does catch it. In short, the Directive captures communications over “public” networks, but at least arguably, the only network used in Bluespam is that created on an ad hoc basis between the transmitting device and the handset in the hands of the recipient."
A copy of the full text paper can be found here (pdf).

1 comment:

Tim Trent said...

Renzo and his colleague wrote this paper after he and I had been chatting about the PECR and Bluespam and the UKIC's earlier thoughts that it was covered under the PECR.

My initial reaction concurred with the UKIC, but Renzo persuade me otherwise.

He often posts on the JISCMail data protection discussion list - open membership. If you or your readers wish to join simply send an email to with the text "join data-protection" without the quotes in the body of the email and no other content.