Three years on from the coming into force of the Privacy and Electronic Communications (EC Directive) Regulations 2003, the Information Commissioner’s Office has released updated Guidance.
Topic: Email marketing
Who: The Information Commissioner's Office
Where: Wilmslow, Cheshire
When: December 2006
On the third birthday of the coming into force of the Privacy and Electronic Communications (EC Directive) Regulations 2003 ("PecRegs"), the Information Commissioner's Office, the body charged with the task of enforcing them, has published an updated version of its Guidance on the measure.
First a bleat. The document describes itself as a third edition, whereas in fact it is the fourth version, the third having been published in May 2004. Consequently the at first sight helpful list of changes from the earlier version is less helpful than it might have been by drawing attention to changes already made in May 2004.
Another complaint is that the list of changes is only a "Summary of changes". For instance the summary does not mention the quite important new reference to the recent enforcement action against the Scottish National Party in respect of automated calls using pre recorded messages which established beyond doubt that political campaigns are covered by the PecRegs.
The new Guidance is at http://www.ico.gov.uk/what_we_cover/privacy_and_electronic_communications/guidance.aspx
So what has changed? Not a lot.
One significant change, however, is the splitting of Part 1 into two separate documents. One is for "Subscribers" or in an email marketing context, recipients of commercial email, while the other is for marketers.
In this report we will focus on the parts of the version of "Part 1" for marketers that deal with email marketing.
Enforcement cry for help
The earlier general FAQ "What enforcement action can the Information Commissioner take?" has been scrapped. A message here perhaps for HM Government, which has persistently failed to heed the ICO's cries for sharper teeth.
Another reference to enforcement has gone from the FAQ dealing with B2B email marketing. Scrapped or relocated to somewhere obscure is "You should note that persistent failure to comply with [the obligation in section 11 of the Data protection Act 1998 to comply with a request to stop using an individual's data for direct marketing purposes] whether or not it relates to a business to business communication, may result in our taking enforcement action against you." This change does not seem to be drawn to our attention in the summary of changes.
Solicited/unsolicited explanation changed
Encouragingly for those using third party lists, new wording explicitly records the ICO's acceptance that a "solicited email" can be invited via a third party.
Separately colourful previous analogies between opting into unsolicited emails and buying drinks in a pub or dealing with travel agents have moved out of this section altogether and can only be found in the Part 1 version for subscribers. Is this wise as surely these practical examples are also helpful for marketers?
New WAP reference
In the FAQ "How do the regulations apply to marketing by electronic mail" new wording confirms that the PecRegs extend to WAP messages.
Separately FAQs dealing with legacy, pre December 2003 lists have now gone. No surprises there.
Why this matters:
Not that we are suggesting change for change's sake, it is a tad disappointing that after the elapse of two and a half years we have no more material change than the potentially unhelpful splitting out of the meat of the email marketing guidance into completely separate but to an extent overlapping sections for marketers and subscribers.
Over thirty one months of enforcing and advising has the national regulator really amassed no additional know how and insights into the working and application of these crucial regulations that it sees fit to share with us? Or is this another testament to the dire lack of enforcement that has been happening during this period?