Ireland - Vodafone & Three Compliance Requirements

Ireland - Vodafone & Three Compliance Requirements

Breach severity assessment - Marketing flows and service operation

Issue Severity
Misleading advertising or banner
False advertising, fake claims or incorrect promotions. For instance, “Your phone has been infected with 5 viruses” or “Congratulations you have won an iPhone”.
Unrelated banner
Banner appears to promote content or service which is completely different to the Value Added Service (VAS) being offered.
Use of the word “FREE” in advertising
False marketing claim that the service is free, if the service is a paid-for Premium Rate Service (PRS).
Advertising on Content Locking site – “incentivised traffic”
Content lockers offer a product in return for subscribing to a PRS service. The original offer is never delivered. Red if the offer is illegal e.g. PayPal, WhatsApp, Facebook hack offers. Yellow if not an illegal offer e.g. Pokemon Go coins, game cheats, free shopping rewards.
Yellow or Red
Click Training – misleading payment flow
Pre-payment pages served that look like payment pages, to desensitise the consumer of the nature of the payment pages.
i-Frame Masking / overlay
Pricing, subscription or payment information, or opt-in buttons hidden from consumer by i-frame, page or other content. This means that the consumer may subscribe to this service without being aware, because they did not see any indication that they opted into a chargeable service.
Charging without consent (including App Malware)
Other illegal techniques to cause consumers to be subscribed without ever having pressed compliant payment buttons, including automatic opt-in via malware hidden in apps. This also includes any case where there is inadequate evidence that the consumer did opt-in to a service.
Promoting in media that is particularly attractive to kids
Merchants who evidently have no process in place to deal with Google AdWords filter failures will be Red Carded and expected to adopt best practice techniques to reduce the risk of being promoted in a kids app.
Yellow or Red
Adult service promoted in non-adult site Red
“Passing off” by using big brand logos etc
Red if brand is associated with a lie (i.e. Google and a pre-lander stating 27 viruses discovered).
Yellow if the merchant is using a retailers brand without permission for a competition for a voucher from the retailer.
Yellow or Red
Price not prominent
Pricing must be bold and prominent, on its own line, separated from a clear and unambiguous description of the service.

Pricing and description – including competition terms and conditions where appropriate - must be a on a solid background colour always using a good level of contrast between background and text – grey on white will not be accepted.

Pricing must be prominent on all payment pages - this applies for any and all CTAs or MSISDN entry boxes during the process.
Price not proximate to Call To Action (CTA) 
Pricing must be directly above or below the CTA or MSISDN entry box, displayed clearly, using the € symbol for the cost on all steps of the payment process.
The service description must also be visible on both pages without scrolling.
No graphical separation between price and service description and CTA.
Price incorrect / charge different from the promotion
The service actually charges more than the promotion states. Apart from the obvious overcharging, this includes a service that states a daily price per 3 days, but in particular circumstances can have more than one daily charge in any one 3 day period.
Not following subscription, receipt and reminder rules
Include the proper functioning of the STOP command, which must take immediate effect under all circumstances.
Missing merchant name and / or contact details from the payment page Yellow
Compliance with GDPR
All SMS marketing must be GDPR & E Privacy Regulations (See note) compliant with regards to hard and soft opt-in. Opting out of marketing communications must also be in line with GDPR.
(Note: The European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 and any amendments or revisions to that legislation).
Ambiguous CTA button labelling
The CTA must be labelled with words that state an “unambiguous obligation to pay” i.e. Buy Now, Subscribe Now and not Next or Continue. Auto Renewal wording is mandatory in both payment pages and welcome message. Only the CTA button should be clickable and this should apply to all buttons.
Consent to process personal data
Prominent privacy notice of the PSP to be displayed prior to consenting to using the service. Wording sitting alongside the consent button, ensuring the customer knows that their data is being sent to the phone provider and what will be done with it. Consent to be retained in line with customer expectation.
PIN Opt-in

Failure to produce a Comreg license and permission to Empello before offering services via PIN opt-in. Any one instance of a service with PIN opt in running on Vodafone will result in a red card and subsequent 30-day suspension of the short code.