SUBJECT: Snail mails without consent, I want to be forgotten!
I have been receiving these postal mails from you on a regular basis:
Often, I accidentally opened them. Just to find something like this:
There is no one-click unsubscribe in snail mail for technical reasons. I get that.
I asked your service team on Twitter. They couldn’t answer my question, as I am not even a client. YES, I have been receiving these mails without being a client. And I would like to know why. So I wrote a Data Subject Access Request e-mail, according to GDPR, to your data protection officer:
Hey folks, it seems you have data stored on me. Why? Where did you get it from?
A few days later I got two snail mails back (this time with a clearly visible Vodafone logo on the outside). This is the first one:
I read that you are using my address solely for the purpose of marketing and you have received it from a company called: “Global Consumer Database Service LTD” — what a strange generic name. After some online research, I am pretty sure that this is a letter box company. It was incorporated on the 26th of October 2018, my request was done only two days after, but the SPAM had happened before.
It’s registered on an escrow director. I found him to be connected to 350+ companies in the UK, many with similar names and registered on the same postal address. I also found multiple posts complaining about SPAM / Phishing e-mails and even a newspaper article on a police raid due to internet frauds made in his name.
Dear Vodafone, I have the feeling that something is not right there. I would like to know the background of all this.
Are you working with crew of criminal spammers, with or without being aware? Or are you just using the same letterbox-company-as-a-service as some spammers? If so, why? How did my postal address ended up in your database? I usually don’t participate in promotional contests. Was it some sort of web scraping? Did Amazon sell my address? Was there a data leak somewhere? Under which circumstances was my address traded to you? Is this a common practice and everyone is doing so?
But let’s come back on the second letter:
It says: To make sure that I will not receive any more marketing mails, you need to store my postal address in a database.
I totally get that this kind of blacklist is the safest implementation to avoid any future mailings, as you are probably planing to proceed to purchase further postal addresses for marketing purposes.
What about my right to be forgotten?
I see you are only making sure to exclude me from future mailings but I still don’t want you to store any data on me.
Dear Vodafone, here is my proposal for you: Stop following dark patterns. Don’t buy illegally obtained address pools to bombard citizens like me. Have a second look at the marketing letter shown atop: Don’t you agree that the overall visual appearance and copy is annoying? I cannot imagine any sane person saying: “WOW, that’s a cool offer!” The letters themselves are hurting your strong brand. Get people interested in what you have to say and they will subscribe.
I am founder of small business myself. We invested a lot of time to comply with the European General Data Protection Regulations. I am not the biggest GDPR fan but I totally see the value here. More privacy please!
Thanks for reading!