NESTOR built up a database of prospective clients by automatically collecting personal data made publicly available through third party platform, a practice known as “data scraping” or “web-scraping”, massively used by startup and emerging companies to quickly develop their marketing campaigns.
Under Article 13.1 of ePrivacy Directive, such practice would require a GDPR-compliant6 consent by the data subject prior to sending direct marketing communication through electronic means. Indeed, the ePrivacy Directive prohibits direct marketing via “electronic means” (i.e. emails, text messages, facsimile or automated calling machines7), unless such marketing practices are undertaken by the entity which effectively directly collected the personal data in the first place, within the framework of a sale of a product or the provision of a service, and aim to offer similar products and services.
Read the full article on The National Law Review