ICOS Direct Marketing Guidance

ICO Christopher Graham has officially handed over the office to his replacement Elizabeth Denham after seven years of holding the post. In that time he has been instrumental in helping to improve the perception of the direct marketing industry and in sanctioning the actions of organisations that have been irresponsible in their targeting practices.

The ICO recently published an updated guidance paper for direct marketing to accompany the DPA which included more direction around indirect or third party consent. The guidance notes say that indirect consent is no longer sufficient for text, emails and automated calls as a result of the stricter rules of PECR (The Privacy and Electronic Communications Regulations) unless the recipient anticipated their details would be passed to the organisation in question, for example, where the third party organisation was specifically named.

The guidance also reminds marketers that consumer consent does not last indefinitely. This is most pertinent to third party as this is only a one-step process. This means that A may get consent to pass data to B but that will not allow B to pass data to C. As a result of this marketers must rigorously check how and when consent was obtained, by whom and what the customer was told. It is very clear on Ignorantia juris non excusat (ignorance is no excuse) – in other words organisations cannot rely on assurances that consent was properly obtained but must conduct their own due diligence.

Finally, the ICO warns against over-incentivising consent. It must be freely-given rather than bartered for. This takes the value exchange one step further. Today consumers are more aware of the value of their personal information and will only give consent to brands they perceive as being relevant. Consequently, opted-in customers have a much higher value to marketers than ever before. Data hygiene is therefore growing in importance as sending communications that are poorly targeted can both irritate and potentially upset customers. Furthermore, losing track of people that have moved means diminishing numbers of opt-ins. Suppression and tracing products will help organisations keep their customer data up to date and compliant meaning great ROI and reduced threat of ICO fines.