MALTA Law and Practice Contributed by: Karl Tanti and Christine Borg Millo, AE Legal
All communications must be transparent, clearly explaining how personal data will be used, the type and frequency of emails, and providing a simple opt- out mechanism that must be honoured promptly. Email marketers are required to provide clear and transparent information about their identity, the pur - pose of processing personal data, and the rights of the data subjects. Additional GDPR principles apply. Failure to comply can lead to severe penalties. Without prejudice to any other available remedies, including the right to lodge a complaint with the Information and Data Protection Commissioner, a data subject who believes that their rights under the Data Protection Act or even the Gen - eral Data Protection Regulation (EU) 2016/679 have been infringed, may initiate a judicial action against the data controller or processor. This can be done by filing a sworn application before the First Hall of the Civil Court. Any person who contravenes or fails to comply with these regulations shall be liable to pay an administra - tive fine not exceeding EUR23,293.73 for each vio - lation and EUR2,329.37 for each day such violation persists. An action may also be instituted in the same manner for damages caused by the use of such information in a manner contrary to the Regulation or Act. Contraventions of this kind may also breach aspects of the Consumer Affairs Act, depending on the type of marketing practices; therefore, such liability should Inbound telemarketing, where consumers initiate con - tact with a company to enquire about or purchase products or services, does not have dedicated legisla - tion but is regulated under the Consumer Affairs Act. Companies engaging in inbound calls must ensure transparency, clarity, and fairness, avoiding any mis - leading or aggressive commercial practices. Outbound telemarketing, where the company initiates contact with potential consumers, is more tightly regu - lated under the Processing of Personal Data (Electron - also be borne in mind. 6.2 Telemarketing
ic Communications Sector) Regulations (S.L. 586.01). These regulations prohibit the use of automated call - ing machines to send unsolicited marketing commu - nications without the prior consent of the recipient. Liability for non-compliance varies depending on the type of telemarketing. Inbound telemarketing breaches fall under the Consumer Affairs Act, and the MCCAA can enforce penalties or corrective measures for misleading or unfair practices. Outbound tele - marketing violations additionally intersect with data protection rules under GDPR, exposing companies to significant fines, including those linked to unauthor - ised processing of personal data or failure to respect opt-out requests. 6.3 Text Messaging Text messaging (SMS marketing) is regulated primar - ily under the Processing of Personal Data (Electronic Communications Sector) Regulations (S.L. 586.01), which transpose elements of the EU ePrivacy Direc - tive, and supplemented by the GDPR. Together, these rules impose strict requirements on how businesses may use SMS for marketing. As a result, 6.1 Email Marketing and 6.2 Telemarketing are applicable. 6.4 Targeted/Interest-Based Advertising The key framework is the GDPR, supplemented by the Processing of Personal Data (Electronic Com - munications Sector) Regulations (S.L. 586.01), which transpose the ePrivacy Directive. Together, these laws set strict requirements on how businesses may col - lect, process, and use consumer data for behavioural advertising. Under the GDPR, any form of targeting or retargeting requires a lawful basis for processing personal data – typically explicit, informed opt-in consent. This applies to tracking technologies such as cookies, device IDs, and online behavioural profiling. Consumers must be provided with transparent information about what data is being collected, for what purpose, and with whom it will be shared. Retargeting cannot be based on vague or bundled consents but it must be specific and revocable at any time. The ePrivacy rules further require that cookies or simi - lar tracking technologies used for behavioural adver -
221 CHAMBERS.COM
Powered by FlippingBook