Does Your Mailing List Comply With The Law? - Part III

London-photographer-JC-Candanedo-Grey-Pistachio-Fashion-Corporate-Portraits-Headshots-Blog-Creative-Industry-London.JPG

This post is part 3 of 3 posts.

In case you have been living under a rock for this past year, the new EU General Data Protection Regulation (GDPR) came into effect on May 25, 2018, forcing businesses across the globe to reassess how they process personal data. It has been a very painful and confusing process, especially for freelancers and sole traders. That is why this month, the Information Commissioner’s Office (ICO) has launched a self-assessment checklist that will help freelancers, sole traders and self-employed individuals to assess their compliance with new data protection laws.

This new tool is meant to show freelancers and sole traders how compliant they are by generating a rating based on their responses and provides handy links to relevant ICO guidance and further information. It also includes practical suggestions of how to stay in line with the law.

This self-assessment checklist has been created with small business owners and sole traders in mind. I recommend you take it even if you have already done all your GDPR homework. After all, it is our duty as business owners to keep our compliance with these laws up to date, the same way that we do our taxes every year.

To access the the self assessment checklist go to: https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/assessment-for-small-business-owners-and-sole-traders/

If you still haven’t made your business compliant with the GDPR, you can find more information on: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

Do you like what you just read? Subscribe to the weekly blog posts here!

What Is A Model Or A Property Release?

Headshots-Photographer-London-JC-Candanedo-Portraits-Corporate-Fashion-Beauty-eCommerce-Lookbook-Catalog-Campaign.jpg

When you have been practising photography for a while, there are certain things that you do automatically without giving them a second thought. Which shutter speed, aperture or ISO to use, what lens works best for a certain situation, or to make sure that the sitter always signs a release. Especially the latter, as that will establish how you can use the images.  But you would be surprised to know that not every photographer signs them, and when they do, not every sitter reads them when they sign. Why is it so important to have a release?

A release is a contract that gives the photographer permission to use the image of a person or property (works of art, trademarks, brands or buildings) in the ways specified in the document. It is signed between the model (sitter, subject) or their representative (agent, parent, legal guardian) and the photographer in the case of people, or between the owner or legal representative (agent, estate) and the photographer in the case of properties. It should clearly state the intention of use that the photographer will give the images (e.g. where, how and for how long will the images be used).

It is a document that is both important for the photographer and for the model/property as it protects both parties' rights. On the one hand, it protects the photographer against future claims by the model/property or their heirs and assigns; on the other hand, it protects the model/property against misuse of their image. Before signing, both parties should understand what they are agreeing to.

Copyright

In the UK, copyright gives the creator of the image the ownership over the photograph (in most cases), but not necessarily the right to use the image of the people or properties depicted on it. According to the UK Intellectual Property Office, "The person who creates an image (“the creator”) will generally be the first owner of the copyright", except if the "image was created as part of the creator’s employment, rather than by a freelance creator, the employer will generally own the copyright."

But this ownership of the copyright does not allow the photographer the right to photograph just anyone or anything and use the image as they please. People have a right to their privacy, and the use of their image is part of it. Also, properties like works of art, trademarks, brands or buildings are protected by copyright themselves. This is where the model/property release comes in.

When do you need a model/property release?

Different countries have different laws, but in general, you can take photos in public spaces that include people or properties and not need a release. Although, if you are planning on using the images commercially or for publication, it will be safer if you had some sort of release. Better safe than sorry.

If you are taking portraits of people (everyday people, models, friends, family) for your projects, for your website and self-promotion, or for publication, you will need a model release. If you are dealing with model agencies, they would have signed the release with the model but you will have to sign an agreement with the agency regarding the use of the photos. For client work, when dealing with talent, everyone in the photos needs to have a release signed. When dealing with minors, their parents/legal guardians must sign the release for them.

If you are taking photos in public spaces, be careful if you include works of art, trademarks, brands or buildings that may have a copyright. Be vigilant, especially in the UK, that some areas that look like public spaces are actually privately owned or managed.

Best practices

Because of the nature of my work, I have made a habit of always signing a model/property release, even when I don't necessarily have to. But I find that it is a good way to establish trust with the subject and let them know exactly how I will be using the images. Also, if in the future I decide to have the photos published or enter some sort of competition, there are organisations that won't take your photos if they are not properly released.

Sample Model/Property Release forms

There are many samples of release forms available online, each adapted to the specific region where the photographer works. Here are just a couple of samples:

  • The Association of Photographers of the UK: https://www.the-aop.org/information/downloads/legal-business-forms
  • The New York Institute of Photography: https://www.nyip.edu/photo-articles/business/heres-a-sample-model-release-form

Disclaimer

I am not a lawyer, I am a photographer, and the information on this post is just to try to explain a confusing topic in a simple manner. If you need more information on privacy and copyright laws you should seek professional legal counsel.

Photo credit: Behind the scenes photography by Andrzej Gruszka.

Do you like what you just read? Subscribe to the weekly blog posts here!

Does Your Mailing List Comply With The Law? - Part II

Portraits-Photographer-London-JC-Candanedo-Headshots-Corporate-Couple-Portraits.jpg

This post is part 2 of 3 posts.

Back in October, I wrote a post about the new EU General Data Protection Regulation (GDPR) coming into effect on May 25, 2018, and how there is not enough information for small businesses on how the GDPR affects us. Now, a new dedicated telephone service has been set up in the UK aimed at helping small and micro businesses prepare for the new data protection laws.

On November 1, 2017, the Information Commissioner’s Office (ICO) implemented a phone service for people running small businesses or charities to help with the particular problems that we are facing while getting ready for this new law. The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

According to the ICO's website: "people from small organisations should dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support. As well as advice on preparing for the GDPR, callers can also ask questions about current data protection rules and other legislation regulated by the ICO including electronic marketing and Freedom of Information."

The ICO has also announced that they will adapt and simplify their infographics and toolkits for small and micro businesses that need access to targeted information about how to prepare for the GDPR.

In the meantime, you can find more information on:

Photo credit: Behind the scenes photography by Andrzej Gruszka.

Do you like what you just read? Subscribe to the weekly blog posts here!

Does Your Mailing List Comply With The Law? - Part I

Fashion-Portraits-Photographer-London-JC-Candanedo-Headshots-Corporate-Couple-Lookbook-Campaign-eCommerce-Photography-Privacy-Law-Bill-GDPR.jpg

This post is part 1 of 3 posts.

If you are a freelance photographer or creative (or any sole trader for that matter) who uses mailing lists to market your services or send out newsletters with updates of your work or blog, and you are based in the United Kingdom or the European Union, or email people who are based in any of the two, this post is for you.

On May 25, 2018, the new EU General Data Protection Regulation (GDPR) will come in effect. The GDPR is a privacy law which will apply in the EU and the UK and will affect anyone who processes personal information of EU citizens. The UK Government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR, and it's introducing measures related to this and wider data protection reforms in a Data Protection Bill (DP Bill).

The UK DP Bill is an evolution of the current Data Protection Act 1998 (DPA). It will apply the GDPR and it has been amended to adjust to the national context and the UK citizens.

How does this affect freelance creatives?

Freelance creatives make use of mailing lists to send out promotional material, blog updates and newsletters to current and prospect clients. All the information in those mailing lists (emails, names, addresses) is considered personal information and are part of the scope of these privacy laws. Keep in mind that personal emails of employees of companies fall into this category and both laws have become more strict in terms of what they consider personal information (IP addresses are now part of the scope).

What does this mean?

It basically means that for you to be able to send your self-promotion material you need to have the consent of the recipient that you can use their email for this purpose.

What is consent?

Consent means permission, and for you to send marketing emails to your clients or prospects you must have their permission to do so. If you send blog updates or newsletters to people who have subscribed and agreed to receive them, and you use services like MailerLite or MailChimp, you mustn't worry. On the one hand, by subscribing to receiving these emails they have given you their consent. On the other hand, both services have taken measures to help you comply with these laws (MailChimp wrote about it on their blog and MailerLite has assured me that they are working on these as I am writing this post).

But if you are sending emails to people who have not subscribed to them, you must ask for their consent. You can send, for instance, emails to your existing client list if the email promotes similar products and services to the ones they bought from you. The Information Commissioner’s Office (ICO) has prepared a very thorough guide for direct marketing. The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

What if you bought an email list or compiled your own?

This is where it starts to get confusing for me. There is a lot of misinformation on this matter, especially because all the official communications target large organisations, but there is very little written for freelancers and sole traders.

As freelance creatives, we all have a mailing list of some sort for our marketing and self-promotion. Some of us have compiled these lists using contact information of people that we have met along the road, people that we have worked with, people that we wish we could work with, information of people that we find in the mastheads of publications or on websites, and the list goes on. Other creatives buy mailing lists from companies like Bikini Lists or Agency Access.

Freelancers and sole traders are considered individuals under the privacy laws. When we send out our promotional emails to prospect clients, we address these emails to companies but also to other freelancers. If freelancers and sole traders are individuals, and we email other freelancers and sole traders, then these communications are between individuals, but because they are business related I understand that they are considered Business-to-Consumer (B2C) communications.

On the other hand, if freelancers and sole traders email companies, and these communications are business related, they should be considered Business-to-Business (B2B) communications and not really fall under the scope of these laws (the CEO of Bikini Lists, Ross MacRae, wrote a post about this). To make things more confusing, and like I mentioned earlier on this post, personal emails of employees of companies are considered personal information too.

So, it seems to me that in any of these two cases, whether freelancers and sole traders are writing B2C or B2B communications, we must comply with the privacy laws. I have written the ICO asking for more help on this matter because it is really confusing. Watch this space. Yesterday they published a post on their blog announcing that they will launch a dedicated telephone service aimed at helping small and micro businesses prepare for new data protection laws.

So, what can you do in the meantime?

While all this information is clarified, you must definitely make sure that you are taking into consideration best practices in what personal information refers to:

  • Only use personal information that you have consent to use and use it in a fair and lawful manner;

  • Use this personal information only for the purposes for which you have obtained the consent;

  • Send direct marketing emails that are adequate, relevant and not excessive;

  • Keep personal information in your mailing lists accurate and up to date and not for longer than is necessary;

  • Keep personal information in your mailing lists secure and password protected; and

  • Do not transfer to third parties or to other countries without consent and adequate protection.

Where can I find more information?

Photo credit: Behind the scenes photography by Stef Mic

Do you like what you just read? Subscribe to the weekly blog posts here!