Out-Law News 3 min. read
16 May 2014, 5:00 pm
The advertising industry body said it had consulted with the UK's Information Commissioner's Office (ICO) in a bid to clarify some confusion about how advertisers can practically adhere to guidance the ICO issued last year on direct marketing.
However, the ICO told Out-Law.com that whilst it welcomes the DMA's work "to make its members more aware of the rules around marketing calls and texts" it does not endorse the trade body's clarifications and added that its September 2013 guidance still applies.
“It’s important to remember that the guidance we produce is carefully worded to reflect the law we regulate, and companies shouldn’t think that because they find the law complicated, it doesn’t apply to them,” an ICO spokesperson said.
In the ICO's guidance, which was issued to help organisations understand their obligations under the Privacy and Electronic Communications Regulations (PECR), the watchdog said that third parties cannot claim to have the consent of consumers to the sending of electronic direct marketing messages unless the consumers had "intended for their consent to be passed on to the organisation doing the marketing" when they had engaged with the business that passed on their details.
However, the DMA has cited an example which suggests businesses may not need to list each individual advertiser it intends to share consumers' data with when informing those consumers about that data sharing activity and its purpose and given guidance as to the level of specificity required.
It said that advertisers often collect consumer data through surveys, or as a result of consumer queries about a product or service, and often incentivise the submission of this data by consumers by entering them into prize draws. It said, however, that businesses collecting the data may not always make it clear enough to consumers that they may share that data with third parties.
Data protection law expert Marc Dautlich of Pinsent Masons, the law firm behind Out-Law.com, said the DMA's interpretation would be welcomed by organisations that seek to pass personal data on to third parties for marketing purposes.
The ICO's direct marketing guidance said that "indirect consent" could be said to be valid and compliant with PECR requirements "if it is clear and specific enough".
"In essence, the customer must have anticipated that their details would be passed to the organisation in question, and that they were consenting to messages from that organisation," the guidance said. "This will depend on what exactly they were told when consent was obtained. Clearly, organisations cannot infer consent just because consent was given to a similar organisation, or an organisation in the same group. It must have extended to the organisation actually sending the message as well."
"Indirect consent may therefore be valid if that organisation was specifically named, or if the consent described a specific category of organisations and it clearly falls within that description. But if the consent was more general – eg to marketing ‘from selected third parties’ – it will be very difficult to demonstrate valid consent to a call, text or email if someone complains," the guidance said.
The DMA said that the ICO is to publish a blog on the subject of direct marketing in the coming few months to "address some of the questions raised by the industry" since it published its guidance and that it will review the existing guidelines in the autumn.