The Digital Economy Bill which appears to be quickly making its way through Parliament could have a significant impact on Direct Marketing. The Bill which, among other things, aims to protect consumers from spam email and nuisance calls, is proposing to establish a statutory Direct Marketing Code of Practice.
By law this code would provide practical guidance for direct marketing in accordance with the requirements of the DPA (Data Protection Act) and PECR (Privacy and Electronic Communications Regulations), but crucially it will not be limited to compliance with DPA and PECR. Due to the timing the text is highly likely to contain guidance on the impact of the General Data Protection Regulation (GDPR) due to be implemented on 25th May 2018.
The code will be based on the ICO’s Direct Marketing Guidance. As the guidance contains much that is best practice rather than legal requirement, companies may decide not to comply but this will change.
The Direct Marketing Association’s Zach Goldsmith commented on the proposal saying “the DMA is supportive of the move to put the ICO’s direct marketing guidance on a statutory footing but only if it is done so with the involvement of industry and subject to a consultation. However, the DMA has a number of concerns with the current guidance going beyond what is required by current legislation and this would need to be addressed before the guidance is approved. The DMA is currently consulting with the ICO.”
When the ICO updated its guidance in May 2016 it was viewed as having taken a tougher stance specifically surrounding consent for direct marketing – key changes in the new ICO direct marketing guidance.
The proposal to have a statutory Direct Marketing Code of Practice could see organisations facing GDPR-style compliance ahead of May 2018.
Philippa Donn, Opt-4 Associate and Editor of the Data Protection Network
Published January 2017
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.