Marketers bracing themselves for the imminent launch of the new statutory UK Direct Marketing Code of Practice can rest easy – for now at least – following reports that the Information Commissioner’s Office has admitted the rules will be “significantly delayed”.
The code, first drawn up by the ICO back in November 2018, was put out for its final consultation in January this year following submissions from the 65 organisations. It is believed this final session attracted even more suggestions and objections, triggering a further delay to the finished article to next near at the earliest.
In a damning analysis, the DMA has already claimed that, in its draft form, the code would hand increased power to the online giants, create more consumer confusion, and kill off the third-party data market, sending the marketing industry back two decades.
The new rules, a requirement under the UK Data Protection Act 2018, are designed to explain the law and provide good practice recommendations.
Serious breaches could lead to legal action, while the good practice standards will also be admissible as evidence in court or tribunal proceedings and carry far more clout than those in the current guidance.
But, it seems, the code has now been placed on the ICO’s mushrooming “to-do” list, which also includes its investigation into the data broking sector from July 2018, its probe into the adtech industry dating back to September 2018, and the final GDPR rulings against British Airways and Marriott International, dating back to July 2019.
The regulator also has countless other investigations under way, under GDPR, PECR and even the Data Protection Act 1998. Last year, following a Freedom of Information request by Decision Marketing, the ICO admitted it had over 10,000 active cases – and counting – of potential breaches of data protection laws.
Critics claim the ICO appears more concerned with new technology, regulatory sandboxes, data ethics and politics than with enforcing the data protection law.
In a recent blogpost, Mischon de Reya data protection advisor Jon Baines highlighted one case in which the ICO refused to take action against a local authority for a failed data subject access request, instead advising the complainant to seek her own legal advice.
Baines wrote: “It is just one data subject, exercising her right. But it is a right which underpins data protection law: if you don’t know and can’t find out what information an organisation has about you, then your ability to exercise other rights is stopped short.
“The ICO should reboot itself. It should, before and above all else, perform its first statutory duty – to monitor and enforce the application of the GDPR. I don’t understand why it does not want to do so.”
Earlier this summer, the regulator was also branded “pathetic” and “weak” for failing to intervene in the row over the algorithm marking system used to award A-level grades. The ensuing uproar eventually triggered a Government U-turn but the ICO remained silent throughout.
Prior to that, the regulator’s annual report revealed a huge rise in expenses, including trips abroad, travel and entertainment; a lack of action against nuisance calls; and the fact that fewer than 1% of its investigations led to a monetary penalty.
In response to the delay to the code, legal consultant Janine Paterson said on LinkedIn: “There has been a great deal of speculation about what the ICO has been doing this year and this doesn’t answer the question.
“I am glad, however, that they seem to be taking this seriously. This is how the ICO see implementation of GDPR in our sector and as this will be law, they need to get it right. I responded to the consultation and raised a number of issues with their interpretation so I hope they are using the time to reconsider the issues I and many others raised.”
ICO Code will set industry back 20 years, DMA claims
Marketers urged to have their say on draft DM Code
ICO launches consultation on first statutory DM Code
ICO whacked for ‘pathetic’ response to A-level outrage
Will it ever end? Now Marriott wins further GDPR delay
Fresh delay to Marriott and BA fines fuels ICO criticism
Privacy groups hit out at fresh delay to adtech probe
ICO reveals fewer than 1% of investigations led to a fine
‘Chicken’ ICO kicks adtech investigation into long grass
Top UK data firms still under investigation, 2 years on
Data firms under cosh as ICO ramps up political probe