October 23, 2014
The Information Commissioners Office (ICO) has released new guidance for organisations which engage in direct marketing. Here are 13 key features of the guidance and tips on ensuring that you comply with the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR):
- Direct marketing is defined as “communication (by whatever means) of any advertising or marketing which is directed to particular individuals”. This definition also applies to electronic marketing, which falls under the PECR, and includes telephone, e-mail, text messaging or automated calling.
- Direct marketing can only be sent with an individual’s consent. This consent must be ‘informed’, meaning that the individual must know to what exactly they are consenting. Hiding the details of the marketing in a long policy or set of terms & conditions would not be acceptable.
- Under the PECR, the consent condition goes further. An individual must give clear and specific consent to the forms of communication intended to be sent by the marketer. So, for example, you cannot send marketing communications by e-mail or text message if the individual has consented to marketing by telephone (and vice versa).
- It is unsafe to rely on ‘implied’ consent as there must be a positive action by the individual, so merely registering for a service and giving the necessary contact details would not necessarily be sufficient (it would depend on what they were told and what information they were given when doing so).
- Likewise, pre-checked boxes on websites should be avoided.
- You should not use details obtained from another organisation for marketing purposes unless you know that the individuals consented to being contacted by third parties. Implied or inferred consent is not sufficient.
- Equally, you should not supply details of your customers/subscribers/users to third parties unless you have the express consent of the individuals.
- The guidance advises that you keep a clear record of the scope of the individual’s consent, when it was given and how it was given. You should also record what information they were given to enable them to decide whether or not to consent.
- Also, rather than deleting their details entirely, you should maintain a basic list of those who have opted out or specifically refused to receive marketing communications. This will help you avoid future mistakes and provide evidence of the individual’s wishes.
- The rules on direct marketing do not apply to ‘market research’. However, you cannot avoid the rules by disguising the sale of goods or services as research.
- Following a request from an individual to stop marketing, you must do so within a reasonable period. The guidance suggests 28 days for electronic communications and two months for postal communications.
- The ICO’s main concern is cold calling and it is asking the government to change the law to lower the level of harm required to enable the ICO to take enforcement action. The government itself launched an inquiry into nuisance calls and texts in July.
- The ICO can issue penalty notices of up to £500,000 for serious breaches of these rules.
You can access the ICO guide at the link below. This article is for general information only and does not constitute legal advice. If you would like to discuss these issues further, please contact us and we would be happy to help.
Direct Marketing Guide –
www.ico.org.uk/for_organisations/sector_guides/~/media/documents/library/Privacy_and_electronic/Practical_application/direct-marketing-guidance.pdf