Earlier this month, the Information Commissioner’s Office published its draft of the new direct marketing code of practice.
This is the first time the direct marketing industry has had a code of practice. What does it propose, and what will firms need to do to comply?
What is the direct marketing code of practice?
There have long been calls for a code of practice for direct marketing – Marketing Week calls the draft code ‘long-awaited’.
While Marketers have previously had guidance on direct marketing from industry bodies like the Data & Marketing Association, there has been no legal framework governing it.
Launching the draft code, the ICO said that it ‘ai
ms to provide practical guidance and promote good practice’. It is also designed to consolidate the ICO’s previous guidance around GDPR, the Privacy and Electronics Regulation (PECR) and cookies.
The code will exist alongside existing data protection and e-privacy rules – and for those regulated by an industry body like the Financial Conduct Authority, alongside those rules as well. It proposes slightly different rules for Marketers in B2B and charities, to reflect the differences in the way data regulation is applied in these sectors.
How does the ICO define direct marketing?
The ICO defines it as any marketing that directly targets individuals.
As well as some of the obvious marketing channels, like mail addressed to an individual, emails and SMS, direct marketing includes some that you might not expect, including advertising in mobile apps and games, and location-based marketing.
Quoted in the Marketing Week article, DMA director of policy and compliance, John Mitchison makes the point that:
‘People have typically thought of direct marketing as direct mail and telephones. This guide makes it clear that direct marketing is anything that is directed to an individual whether based on their phone number, location or IP address, both online and offline.’
What does the draft code propose?
In the words of the ICO, the code ‘takes a life-cycle approach to direct marketing’ – meaning that the rules follow chronological actions, rather than being channel-specific.
A section defining direct marketing will help Marketers to decide whether the code applies to them. If it does, sections on ‘planning your marketing’, ‘collecting data’, ‘delivering marketing messages’ and ‘individuals’ rights’ set out exactly what Marketing teams need to do to be compliant.
The ICO also intends to produce tools such as checklists to help firms to understand and comply with their obligations around direct marketing.
The code also proposes new rules for companies that collect data from sources other than the data subject. Any firm that does this – for example, obtaining data from Companies House or the Edited Electoral Roll – will need to provide privacy information to the data subject within a month.
There are some other specific proposals which may surprise Marketers:
- Hosted email campaigns will require consent in future: the advertiser, as the instigator of the email, as well as the email sender, will need to have consent to contact the recipient
- ‘Refer a friend’ campaigns will be in breach of the new code, as ‘friends’ will not have consented to receive direct marketing
- In-app marketing will require consent under the proposals
Will the code go further than existing regulations like GDPR?
No – the code doesn’t contain any additional requirements over and above those currently in law, for example via GDPR.
However, compliance with the code will be seen as a way of measuring whether firms comply with other laws like GDPR; the ICO says that ‘adherence to this code will be a key measure of compliance with data protection laws’. It will be difficult for firms to prove that they are complying with GDPR if they can’t evidence compliance with the direct marketing code.
What happens next?
Some areas in the code still need firming up, and some outstanding issues around things like cookies and digital advertising still need resolving. But the draft code goes a long way to consolidating requirements from several different sets of rules and guidelines.
The code is open for consultation code until 4 March 2020. You can read the consultation document on the ICO website and, if you want to respond, email your response to firstname.lastname@example.org.
Nothing in this document should be treated as an authoritative statement of the law. Action should not be taken as a result of this document alone. We make no warranty and accept no responsibility for consequences arising from relying on this document.