Brand owners, charities, public authorities, data firms, tech giants and anyone else who uses data-driven marketing techniques – in other words, nearly all organisations in the land – are being urged to give their views on the draft Direct Marketing Code of Practice, which has been over a year in the making.
The Information Commissioner’s Office has now opened its final consultation on the code, which also takes into account submissions from the 65 organisations – including trade bodies, academia and law firms – who contributed to the initial consultation that closed on December 24 2018.
The regulator has previously produced direct marketing guidance but the new code, which is a requirement under the UK Data Protection Act 2018, is designed to explain the law and provide good practice recommendations.
The ICO insists that by following the code, along with other ICO guidance, organisations will be able to comply with both GDPR and the Privacy in Electronic Communications Regulations (PECR).
Not only will the code be put on a statutory footing – meaning that serious cases could lead to legal action – the good practice standards will also be admissible as evidence in court or tribunal proceedings and carry far more clout than those in the current guidance.
The 124 page draft – available on the ICO website – aims to tackle widespread confusion which was flagged up by many of the responses to the first consultation.
It contains detailed chapters on areas such as data protection by design, generating leads and collecting contact details, profiling and data enrichment, selling or sharing data, profiling and data enrichment, sending direct marketing messages and online advertising and new technologies.
The document states: “This code is for anyone who intends to conduct marketing that is directed to particular individuals or anyone that operates within the broader direct marketing ecosystem. For example, if you are processing for direct marketing purposes and use or offer profiling, data enrichment, or list brokering services.
“You will be caught by the direct marketing rules if you are using data with the intention to market, advertise, or promote products, services, aims or ideals. For example, commercial businesses marketing their products and services; charities and third sector organisations fundraising or promoting their aims and ideals; political parties fundraising or canvassing for votes; public authorities promoting their services or objectives; or organisations involved in buying, selling, profiling or enriching personal data for direct marketing purposes.”
The consultation runs until March 4 2020 and the final version is expected later this year. However, there may well be significant changes if and when the new EU ePrivacy Regulation – currently stuck in the Brussels mire – is eventually passed.
The ICO concludes: “We will monitor compliance with this code using the full range of measures available to us from intelligence gathering, using our audit or assessment powers to understand an issue, through to investigation and fining where necessary.
“Our approach is to encourage compliance. Where we find issues we take fair, proportionate and timely regulatory action with a view to guaranteeing that individuals’ information rights are properly protected.”
ICO urged to tackle confusion over legitimate interests
ICO launches consultation on first statutory DM code
Fresh delay leaves ePrivacy Regulation dead in water
Break new DM guidance and face court, industry warned
Brands face court action for breaching DM guidance
ICO finally publishes GDPR legitimate interest guidance