2020年2月17日
– 4 / 5 观点
Long-awaited direct marketing Code of Practice published for consultation.
The Data Protection Act 2018 (DPA18) requires the UK's Information Commissioner to prepare a number of Codes of Practice to assist with specific types of data processing. An update to the direct marketing code is probably the one that's been most hotly anticipated following the changes introduced by the GDPR. The Code will have statutory force which means the ICO will have to take it into account when assessing GDPR or PECR compliance and enforcement.
The draft Code of Practice on direct marketing has been published for consultation. The consultation is open until 4 March 2020. Once adopted, the Code will have statutory force. It applies to processing of personal data for direct marketing purposes. Direct marketing is widely defined and "includes the promotion of aims and ideals as well as advertising goods or services. Any method of communication which is directed to particular individuals could constitute direct marketing. Direct marketing includes all processing activities that lead up to, enable or support the sending of direct marketing".
The Code looks at data protection by design, lawful basis including consent, generating leads and collecting contact details, profiling and data enrichment, sending direct marketing messages, online advertising and new technologies, sharing and selling data, data subject rights and exemptions. The ICO intends to publish accompanying tools including checklists.
There aren't any major surprises in the draft Code. It builds on previous guidance but takes a wider approach to cover all areas of the GDPR as well as PECR, including sections on data protection by design, the use of DPIAs, accountability and lawful basis. The Code also takes a more detailed look at new technologies and sectors like online advertising, facial recognition, targeting on social media and in-game advertising, and considers specific issues relating to them.
Of course, this may not be the final story. Not only could the draft Code change as a result of the consultation, it also precedes the ePrivacy Regulation which might change rules on direct marketing. To date, the various drafts of the beleaguered legislation do not suggest major differences beyond those introduced by the GDPR (for example, around the standard of consent), but until we see a final version, uncertainty remains.
It will be very difficult (given that it will have statutory force) to be able to demonstrate GDPR and PECR compliance if you do not also comply with the Code although the "good practice recommendations" it includes are recommendations rather than obligations. This means the Code is essential reading and should be looked at now as it is unlikely to change dramatically on its road to finalisation.
The Code covers the following issues:
The definition of direct marketing is wide and "includes the promotion of aims and ideals as well as advertising goods or services. Any method of communication which is directed to particular individuals could constitute direct marketing. Direct marketing purposes include all processing activities that lead up to, enable or support the sending of direct marketing."
This must be fair and lawful. You must be transparent.
The right to object to marketing is absolute. Minimal contact details must be added to suppression list to ensure the right is respected once requested.
GDPR – certain Articles contain limited exemptions. They should be applied on a case by case basis.
DPA18 – there are no exemptions which apply specifically to processing for direct marketing.
PECR – the exemptions in Regulation 6 to the cookie consent requirement do not apply to online advertising, tracking technologies or social media plugins.
2020年2月17日
作者 作者
Long-awaited direct marketing Code of Practice published for consultation.
2020年2月17日
作者 作者
eGaming and gambling addiction under the spotlight.
2020年2月17日
作者 作者