The Information Commissioner has published updated guidance on
the use of direct marketing, giving more direction on what
constitutes valid consent.
What's the issue?
The ICO provides guidance on the rules around sending direct
marketing materials under the Data Protection Act 1998 and the
Privacy and Electronic Communication Regulations (PECR). It was
originally published in 2013, since when there have been calls for
further clarification, particularly in relation to the role of
consent. In addition, in the wake of the scandals around the use of
direct marketing by not-for-profit organisations, the ICO had
promised a revised version of the guidance.
In terms of what's new, the ICO says the guidance gives:
more direction around
"indirect" or third party consent– the ICO says that indirect consent is
insufficient for texts, emails or automated calls due to the
stricter rules on electronic marketing under PECR which require
that the sender of the message obtains consent. However, indirect
consent may be acceptable under certain circumstances where it is
sufficiently clear and specific. In essence, the customer must have
anticipated their details would be passed to the organisation in
question, for example, where the third party organisation was
specifically named or where the class of third parties to whom
personal data might be transferred was sufficiently well defined. A
customer is unlikely to consent to unlimited marketing calls or
texts from anyone, says the ICO, so the question is what the
customer would reasonably expect given the context. If the third
party marketing content is different from the type of content in
relation to which the consent was originally obtained, it is
unlikely to be valid under PECR;
the ICO also says that the fact that consent does not last
indefinitely is even more important in relation to third party
consent and reminds organisations that consent to pass personal
data to third parties is a one-step process so that A may get
consent to pass data to B but that will not allow B to pass data to
organisations should make rigorous checks as to how and when
consent was obtained, by whom and what the customer was told. They
should not rely on assurances that consent was properly obtained
but should conduct their own due diligence. Where consent was
generic, it will be very difficult to show it was specific enough
for calls, texts or emails. And, at the very least, any promotion
sent e.g. by mail must be consistent with the context in which
consent was given and aimed at a similar market;
information about what
constitutes "freely given" consent– it is not acceptable to
'over-incentivise' someone for giving consent to receiving
direct marketing materials, nor to make it a condition of receiving
products or services; and
a greater focus on
scenarios involving not-for-profit organisations– a reminder that they have to follow the
same rules as other organisations in the wake of the high profile
scandals involving the marketing practices of some
What does this mean for you?
The revised guidance is particularly relevant to those seeking
to rely on third party or indirect consent. The increased focus on
the role of consent in direct marketing in the guidance will be be
helpful for many organisations. The ICO acknowledges, however, that
most of the guidance will be familiar and says it has deliberately
not not issued sector specific guidance, nor is it possible to give
definitive answers to all questions as each case will be specific
on its facts.
The ICO is lobbying to have the guidance issued as a Code of
Practice which would give it statutory recognition and allow it to
be considered by the courts but, for now, it remains a useful
indicator as to the kind of behaviours that would trigger
enforcement action by the ICO who has been on something of a
crusade against companies sending nuisance marketing recently.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Food blogger Jack Monroe has been awarded £24,000 in damages in a libel action against controversial columnist Katie Hopkins. The action stemmed from two tweets posted in May 2015 by Katie Hopkins asking Jack if she had "scrawled on any memorials recently".
Hotel proprietors are strictly liable, without proof of negligence, for the loss of property brought to the hotel by their guests, unless they can show that the loss resulted from the guest's own negligence.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).