Ahead of the forthcoming UK General Election the Digital Economy Act has been passed and it brings with it a fundamental change for Direct Marketing.
At present organisations can decide whether or not they wish to follow the best practice elements of the ICO’s Direct Marketing Guidance which goes beyond legal requirements. However, the new Act gives the ICO powers to issue a statutory Code of Practice for Direct Marketing.
Crucially the Code will not be limited to covering compliance with the legal requirements of the Data Protection Act (DPA) and the Privacy and Electronic Communications Regulations (PECR), it will also set good practice standards. These standards will be admissible as evidence in court or tribunal proceedings and thereby carry more weight than those in the current guidance.
When the ICO updated its Direct Marketing Guidance in May 2016 it was widely viewed as taking a much tougher stance, specifically surrounding consent and this guidance is likely to form the basis of the new Code of Practice.
When the new code is issued, unambiguous and provable consent will likely become the minimum standard and could mean marketers face having to meet GDPR-levels of compliance ahead of the EU Regulation coming into force on 25 May 2018.
The Commissioner, Elizabeth Denham has welcomed the provisions for a new code and expects it to sit “at the top of a hierarchy of industry codes, such as those produced by the Direct Marketing Association and the new Fundraising Regulator.”
There is a requirement for the Commissioner to consult on the code before it is published. Zach Goldsmith, External Affairs Manager at the Direct Marketing Association says, “the Digital Economy Act puts the ICO’s Direct Marketing Guidance on a statutory footing and so now marketers will have to abide by it. However, before the Code is approved it must be consulted on and the DMA will robustly represent the marketing industry to ensure the Code strikes the right balance and doesn’t go beyond what is required by legislation.”
The Act confirms Regulator fees will continue
The GDPR raised a problem concerning the future funding of the ICO, as it abolished the requirement for national registrations to privacy regulators. The Commissioner will be relieved that the new Act addresses this by stating: “The Secretary of State may by regulations require data controllers to pay charges of an amount specified in the regulations to the Information Commissioner.” So, the fees will continue.
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.