Do you send marketing emails to existing or potential clients to advertise your own products and services? If so, you should be aware that the Information Commissioner’s Office (ICO) has issued new guidance on direct marketing, with regard to complying with the Data Protection Act (DPA) and the Privacy and Electronic Communications Regulations (PECR) both of which apply to sending direct marketing to consumers (BTC).
Businesses must obtain “extremely clear and specific” consent from individuals in order to conduct direct marketing via email or through any other form of electronic marketing i.e. text or via the telephone. Businesses cannot simply rely upon implied consent unless this is adequate.
Implied consent will not be adequate if:
- it must be given in order to subscribe to a service;
- it is not freely given;
- the individual is not specifically informed about what they are consenting to; and
- it does not involve a positive action indicating agreement.
Businesses must obtain specific consent to the type of communication in question. For example, if an individual has consented to receive marketing texts a supplier is not permitted to send marketing emails and vice versa. Also, although a general statement of consent to receive marketing might be valid for email marketing, it will not cover telephone calls or texts as additional rules apply to these forms of marketing under the PECR.
Email Marketing Lists
The ICO guidance specifically refers to the issue of obtaining consent in relation to the use of third party email marketing lists. Often marketing lists are sold to businesses and the seller of the list claims to have obtained relevant consents from individuals. However, such third party consent cannot be relied upon – unless the individual intended their consent to be passed on to the buyer of the list who will be sending the marketing emails.
Businesses should also be aware that other regulatory bodies have rules that apply to social media and digital advertising that must also be complied with. For example the Advertising Standards Agency (ASA), the Digital Marketing Association (DMA) and the Office of Fair Trading (OFT) also have their own rules.
How to Obtain Consent
To avoid the above problems businesses should use opt-in boxes in order to obtain explicit consent to direct marketing from individuals. Clear records should be kept of all consents, showing when and how such consent was obtained. These records can then be used as evidence if a complaint is made.
The context in which consent is obtained will determine whether a business can rely on consent to all future direct marketing via electronic messaging. For example, consent for a one-off message, or consent that is clearly only intended to cover a short period of time or a particular context, will not count as on-going consent for all future marketing messages.
Fines for Breach
The ICO can fine businesses up to £500,000 for serious breaches of the DPA or PECR i.e. for sending unsolicited marketing emails, texts or live and automated marketing phone calls. If you are a business supplier who sends marketing emails to consumers, you need to ensure that you follow the ICO guidance on direct marketing to avoid facing a possible fine.