At the end of March, the Information Commissioner’s Office (ICO) issued updated guidance on the law in relation to Direct Marketing. The ICO notes in its accompanying blog post that the law applies “equally to any and all organisations who are engaging in direct marketing activity via electronic means, regardless of their sector.”
The updated guidance gives new focus to:
- The collection of third-party (indirect) consent, which it indicates will only be validly obtained in limited circumstances
- How to ensure that consent is freely given, and how this interacts with either incentivising individuals to give consent, or making access to a service conditional on giving consent
In its blog post, the ICO recognises that many would like to see sector-specific guidance documents dealing with direct marketing; however, it states that to provide such guidance would be to misunderstand the law. As the legitimacy of consent will vary depending on the circumstances of its collection, organisations need to assess their compliance with the law on a continuous and case-by-case basis.
Building reviews into data-handling practices is set to become increasingly vital as the forthcoming General Data Protection Regulation will significantly increase the financial penalties that can be imposed by Data Protection Authorities across Europe. Direct marketing is an area of focus for the ICO and one in which it has proved willing to issue significant fines. In February 2016, the ICO issued its largest-ever fine of £350,000 to a marketing company for making automated marketing calls.