Telemarketing in Lithuania: Mandatory Opt-in, GDPR Compliance, and the National "Do Not Call" List
Posted: Tue May 20, 2025 6:59 am
Telemarketing activities targeting individuals in Lithuania are subject to a stringent framework of privacy regulations stemming from European Union directives and national laws. As of May 20, 2025, businesses engaging in telemarketing to Lithuanian residents must adhere to these rules, particularly concerning the collection and use of personal data, including mobile phone numbers. Understanding these regulations and the existence of a national opt-out registry is paramount for ensuring legal compliance and avoiding substantial penalties.
The Prevailing Regulatory Landscape:
Lithuania, as a member of the European Union, is bound by key European legal instruments that significantly impact telemarketing practices:
General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679): The GDPR is directly applicable in Lithuania and sets a high standard for the processing of personal data, including mobile phone lithuania mobile phone number list numbers used for telemarketing. It emphasizes principles like lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. Explicit consent is a crucial legal basis for processing personal data for marketing purposes.
ePrivacy Directive (Directive 2002/58/EC), as amended by Directive 2009/136/EC: This directive specifically addresses electronic communications, including telemarketing. It mandates that unsolicited marketing communications via electronic means (including phone calls to mobile numbers) require the prior consent (opt-in) of the subscriber.
Law on Electronic Communications of the Republic of Lithuania: This national law transposes the ePrivacy Directive into Lithuanian legislation and further specifies the rules for electronic communications, including those related to unsolicited marketing.
Law on Legal Protection of Personal Data of the Republic of Lithuania: This law complements the GDPR and sets out additional requirements for the processing of personal data in Lithuania.
National "Do Not Call" Registry (atviras skambučių centras): Lithuania maintains a national registry where individuals can register their phone numbers (both fixed and mobile) to opt out of receiving unsolicited commercial communications. Telemarketers are legally obligated to consult this registry and refrain from calling registered numbers.
Key Regulatory Considerations for Telemarketing in Lithuania:
Mandatory Opt-in Consent: The fundamental requirement for lawful telemarketing to mobile phone numbers in Lithuania is prior, freely given, specific, informed, and unambiguous consent (opt-in). This means you must obtain clear affirmative action from individuals indicating their agreement to receive marketing calls on their mobile phones. Passive consent or pre-checked boxes are not sufficient under the GDPR and ePrivacy Directive.
Burden of Proof of Consent: The responsibility lies with the telemarketing organization to demonstrate that valid consent was obtained. Maintaining detailed records of when, how, and for what specific purposes consent was given is essential.
Information Requirements: When obtaining consent, individuals must be provided with clear and comprehensive information, including the identity of the data controller (the organization conducting the telemarketing), the purposes of the processing (i.e., the types of products or services being marketed), how long the data will be stored, and information about their rights under the GDPR (e.g., the right to withdraw consent, access, rectification, erasure).
Right to Withdraw Consent: Individuals have the right to withdraw their consent at any time, and telemarketing organizations must have easily accessible mechanisms for individuals to do so. These requests must be honored promptly and effectively.
Legal Obligation to Consult the National "Do Not Call" Registry: Telemarketers are legally required to check the Lithuanian national "Do Not Call" registry before making any marketing calls to Lithuanian phone numbers (both fixed and mobile). Calling numbers registered on this list is a direct violation of Lithuanian law.
Strict Interpretation of Existing Customer Contact (Soft Opt-in): While the GDPR and ePrivacy Directive allow for the possibility of contacting existing customers for marketing similar products or services under very specific conditions (the "soft opt-in"), this is interpreted narrowly in Lithuania. It typically requires that the contact details were obtained in the context of a sale, the marketing relates to similar products or services, and the customer is given a clear and easy opportunity to object to such processing (opt-out) at the time of collection and in every subsequent communication. Even in these limited cases, checking against the national "Do Not Call" registry is still mandatory.
Transparency and Identification: When making permitted telemarketing calls, the caller must clearly identify themselves and the organization they represent at the beginning of the call.
Data Security: Personal data used for telemarketing must be processed securely, in line with the GDPR's requirements for data integrity and confidentiality.
Enforcement and Penalties: Violations of the GDPR and Lithuanian data protection and electronic communication laws can result in significant fines, potentially reaching up to €20 million or 4% of the organization's total worldwide annual turnover, whichever is higher. The State Data Protection Inspectorate of Lithuania ("Valstybinė duomenų apsaugos inspekcija") actively enforces these regulations.
The Prevailing Regulatory Landscape:
Lithuania, as a member of the European Union, is bound by key European legal instruments that significantly impact telemarketing practices:
General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679): The GDPR is directly applicable in Lithuania and sets a high standard for the processing of personal data, including mobile phone lithuania mobile phone number list numbers used for telemarketing. It emphasizes principles like lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. Explicit consent is a crucial legal basis for processing personal data for marketing purposes.
ePrivacy Directive (Directive 2002/58/EC), as amended by Directive 2009/136/EC: This directive specifically addresses electronic communications, including telemarketing. It mandates that unsolicited marketing communications via electronic means (including phone calls to mobile numbers) require the prior consent (opt-in) of the subscriber.
Law on Electronic Communications of the Republic of Lithuania: This national law transposes the ePrivacy Directive into Lithuanian legislation and further specifies the rules for electronic communications, including those related to unsolicited marketing.
Law on Legal Protection of Personal Data of the Republic of Lithuania: This law complements the GDPR and sets out additional requirements for the processing of personal data in Lithuania.
National "Do Not Call" Registry (atviras skambučių centras): Lithuania maintains a national registry where individuals can register their phone numbers (both fixed and mobile) to opt out of receiving unsolicited commercial communications. Telemarketers are legally obligated to consult this registry and refrain from calling registered numbers.
Key Regulatory Considerations for Telemarketing in Lithuania:
Mandatory Opt-in Consent: The fundamental requirement for lawful telemarketing to mobile phone numbers in Lithuania is prior, freely given, specific, informed, and unambiguous consent (opt-in). This means you must obtain clear affirmative action from individuals indicating their agreement to receive marketing calls on their mobile phones. Passive consent or pre-checked boxes are not sufficient under the GDPR and ePrivacy Directive.
Burden of Proof of Consent: The responsibility lies with the telemarketing organization to demonstrate that valid consent was obtained. Maintaining detailed records of when, how, and for what specific purposes consent was given is essential.
Information Requirements: When obtaining consent, individuals must be provided with clear and comprehensive information, including the identity of the data controller (the organization conducting the telemarketing), the purposes of the processing (i.e., the types of products or services being marketed), how long the data will be stored, and information about their rights under the GDPR (e.g., the right to withdraw consent, access, rectification, erasure).
Right to Withdraw Consent: Individuals have the right to withdraw their consent at any time, and telemarketing organizations must have easily accessible mechanisms for individuals to do so. These requests must be honored promptly and effectively.
Legal Obligation to Consult the National "Do Not Call" Registry: Telemarketers are legally required to check the Lithuanian national "Do Not Call" registry before making any marketing calls to Lithuanian phone numbers (both fixed and mobile). Calling numbers registered on this list is a direct violation of Lithuanian law.
Strict Interpretation of Existing Customer Contact (Soft Opt-in): While the GDPR and ePrivacy Directive allow for the possibility of contacting existing customers for marketing similar products or services under very specific conditions (the "soft opt-in"), this is interpreted narrowly in Lithuania. It typically requires that the contact details were obtained in the context of a sale, the marketing relates to similar products or services, and the customer is given a clear and easy opportunity to object to such processing (opt-out) at the time of collection and in every subsequent communication. Even in these limited cases, checking against the national "Do Not Call" registry is still mandatory.
Transparency and Identification: When making permitted telemarketing calls, the caller must clearly identify themselves and the organization they represent at the beginning of the call.
Data Security: Personal data used for telemarketing must be processed securely, in line with the GDPR's requirements for data integrity and confidentiality.
Enforcement and Penalties: Violations of the GDPR and Lithuanian data protection and electronic communication laws can result in significant fines, potentially reaching up to €20 million or 4% of the organization's total worldwide annual turnover, whichever is higher. The State Data Protection Inspectorate of Lithuania ("Valstybinė duomenų apsaugos inspekcija") actively enforces these regulations.