The DMA has joined forces with ISBA, the Data Protection Network and cross-sector data protection specialists as part of plans to produce new guidance for marketers over using so-called “legitimate interests” as an alternative to consent under the new EU data legislation.
The Information Commissioner’s Office recently submitted its draft guidance for using consent once the General Data Protection Regulation comes into force in May 2018. This guidance frequently pointed to legitimate interests.
However, the regulator did not give any specific guidance on the issue, and does not plan to do so in the future.
To close this gap and give marketers more certainty the DMA plans to produce its own guidance, written by the Data Protection Network, for both commercial businesses and the not-for-profit sector on the use of legitimate interests under GDPR.
Guidance will include practical advice on: Understanding what legitimate interests are; identifying areas of processing where legitimate interests may apply; making legitimate interest assessments (LIAs) that meet the crucial ‘Balance of Interests Condition’ threshold; effectively and transparently communicating legitimate interests to consumers; and supporting the individual’s right to object to processing under legitimate interests.
The guidance will cover a broad spectrum of uses of personal data to highlight potential risks and give clarity to individuals so they understand why legitimate interests may be in their interests as well as those of business.
Robert Bond, Partner at Bristows LLP and Chairman of the working group set up by the group of organisations, said: “A cross-industry guide to the appropriate reliance on the use of Legitimate Interests to lawfully process personal data is both timely and necessary in order to support the work of the ICO in creating practical advice on Consent and other lawful data processing mechanisms both now and under GDPR.”
The working group’s draft guidance is expected to be submitted to the ICO for its review and comment in early April.
DMA managing director Rachel Aldighieri said: “Specifics for using legitimate interest are currently conspicuous by their absence from the ICO’s guidance. Marketers need to know the “how, when and why” of legitimate interests as a legal basis for contacting potential customers so they can better understand and better prepare their businesses to operate properly and compliantly under the GDPR from May 2018.
“The Information Commissioner Elizabeth Denham said she wants to work with industry to develop practical guides, which is why the DMA joined the Data Protection Network’s legitimate interests working party to work with the ICO and draft practical guides to help the industry.”
GDPR consent updates spark chilling warning to brands
GDPR compensation to dwarf £30bn bill for PPI claims
Half of all firms still not compliant with 1998 data laws
Data compensation claims ‘could run into millions’
Major ICO recruitment drive to prevent GDPR meltdown
Cancer Research UK aims to be GDPR compliant by July
Dogs Trust signs deal to secure GDPR compliance
Ten crucial steps to tackle GDPR compliance anxiety
Industry on alert over third-party data legal crackdown