Dr. Axel Spies and Andrew M. Ray of Morgan, Lewis & Bockius LLP write:
Parties to transactions involving personal data in Europe are well-advised to investigate whether individual consent or the offer of opt-outs are required to avoid the risk of fines and other sanctions imposed by the DPA or local courts.
[…]
The issue goes beyond the mere sale of email lists. Parties to a transaction involving personal data (such as names, email and physical addresses, phone numbers, or financial information) in Europe are well-advised to investigate whether the acquisition or transfer is covered by a European legal concept known as the “list privilege” for advertisement, marketing, or polling purposes. If the “list privilege” doesn’t apply, individual consents of the data subjects (or at least the offer of customer opt-outs for marketing emails) are required. Otherwise, both the buyer and the seller risk fines and other sanctions imposed by the regional or national DPA, or local courts.
Read more on National Law Review.