Who: UK government
Where: UK
When: 27 April 2017
Law stated as at: 23 June 2017
What happened:
The Digital Economy Act was rushed through Parliament before it was dissolved for the general election, meaning that it was passed with less fanfare, scrutiny or debate than might have otherwise been the case. The Act will come fully into force by May 2018, which is also when the General Data Protection Regulation (GDPR) comes into effect.
The Act covers a diverse number of issues but the main themes are:
- consumers should have access to broadband wherever they live;
- building a better infrastructure for the digital future;
- building better public services using digital technologies; and
- providing more protection for consumers from spam email and nuisance calls.
It is the last theme which is most relevant for marketers. The government has used the Act to introduce the concept of a new statutory Code of Practice for Direct Marketing.
The rationale behind this is that existing legislation does not impose any obligations on organisations in respect of the Information Commissioner’s Office (ICO) existing Direct Marketing Guidance. Consequently, there are currently no sanctions for marketers who do not comply with the practical recommendations contained within the current guidance.
The statutory code will also be a way of fulfilling the GDPR requirement for regulators to introduce more effective enforcement of data protection laws. It reflects the government’s increased focus and scrutiny in the area of direct marketing, nuisance call and spam emails over recent years.
What does the Digital Economy Act say about the statutory marketing code?
The Act states that the Information Commissioner must prepare a statutory code of practice for direct marketing which contains:
- practical guidance on how to ensure that direct marketing complies with e-privacy regulations; and
- guidance on how to promote good practice in direct marketing.
The ICO will produce new guidance in the next few months focusing on how to carry out direct marketing whilst protecting the interests of individuals. This guidance will go beyond mere compliance with legal requirements to set good practice standards.
The ICO’s current guidance on direct marketing was published in May 2016 and contains practical guidance for direct marketing in relation to mail, emails, calls and texts.
This existing guidance takes a tough stance on consent and the ICO stated that in most cases organisations would need consent to send consumers marketing communications, or to pass their details onto third parties. Organisations must be able to demonstrate that consent was knowingly and freely given, clear and specific, and should keep clear records of consent. The ICO goes on to recommend that opt-in boxes (rather than opt-out boxes) are used to obtain consent for direct marketing.
It is highly likely that the new code will be largely based on this existing guidance, albeit it will be updated to reflect incoming changes from GDPR and e-privacy regulations.
The new direct marketing code will be capable of being used as evidence in any legal proceedings and the code must be taken into account when a decision is reached.
The intended effect is that the ICO will find it easier to take action against those in breach of the direct marketing rules and issue fines against marketers who contact individuals without valid prior consent to market to them.
Why does this matter:
In terms of practical tips for those involved in direct marketing, it’s worth reviewing your direct marketing practices and ensuring that they comply with the existing ICO guidance because, as noted above, this is likely to form the basis for the new statutory code.
Before the ICO creates the new statutory code, it must consult with key stakeholders including trade associations, data subjects and individuals representing the interests of data subjects. Therefore if you are involved in direct marketing, then look out for this consultation as it will be your opportunity to submit your views and comments.
