May 22, 2019

May 22, 2019

Subscribe to Latest Legal News and Analysis

May 21, 2019

Subscribe to Latest Legal News and Analysis

May 20, 2019

Subscribe to Latest Legal News and Analysis

ICO’s Consultation on Direct Marketing Code of Practice

Direct marketing has been a focus of the UK data protection regulator, the Information Commissioner’s Office (ICO), for the last several years. Direct marketing for these purposes includes promotional messages that are sent directly to an individual recipient electronically (email or text), by post or communicated by phone. Such messages are considered to be unsolicited communications, as opposed to marketing messages that were specifically requested by individuals.

Email marketing or business communication concept on touch screen. The use of contact details of individuals for direct marketing (such as direct marketing by email, text or phone) are subject to the EU e-Privacy Directive (implemented in the UK by the Privacy and Electronic Communications Regulations). This means there additional specific limitations beyond those applicable to direct marketing as set out in the EU GDPR and UK DPA. Prior consent is required in most cases and the form of consent must be compatible with the GDPR.

The ICO has issued a number of fines to enforce the rules on direct marketing. For example, this year around 40% of the enforcement action taken by the ICO was in relation to failures by organisations to comply with the rules on direct marketing by email, text, or phone.

To date, the ICO has used its enforcement powers in situations where:

  • direct marketing emails or texts were sent without necessary consents,
  • direct marketing phone calls were made without checking the Telephone Preference Service (the TPS) lists for opt outs,
  • third-party marketing lists were used without checking if valid consents were obtained for marketing or screening against the TPS lists, or
  • personal data was used for profiling individuals by third parties without making it transparent to individuals.

The ICO had issued Direct Marketing Guidance pre-GDPR and most of the enforcement measures the ICO took this year largely fall under the old regime. The guidance must now be updated as post-GDPR the rules on direct marketing have been reinforced and updated due to a number of new requirements, including:

  • transparency when processing personal data for direct marketing purposes,
  • documenting lawful bases for the processing of personal data for such purpose, and
  • ensuring the rules on electronic direct marketing are complied with (emails, texts) including obtaining “GDPR-standard consent” unless an exception to the “opt-in” requirement applies.

You may use this link to provide your views on how new rules affect your business and how you would like them to be implemented.  If you would like help formulating a response, please let us know.

The consultation closes on 24 December 2018.

© Copyright 2019 Squire Patton Boggs (US) LLP


About this Author

Asel Ibraimova, Squire Patton, Media Industry Lawyer, data controllers attorney

Asel Ibraimova is an associate with expertise in European data protection matters.

Asel has worked in the healthcare industry and media industry, representing the interests of both data controllers and data processors. She has advised on methods of international transfer of personal data, on data protection issues related to the launch of websites, apps, mobile devices and online personalization services. She has negotiated data protection contracts with major online service providers, including cloud providers. Asel has drafted data protection...