A key element of the Digital Economy Act 2017 comes into force on 27 June 2017. It requires the Information Commissioner’s Office (“ICO”) to produce a new statutory code of practice for direct marketing, with the aim of ensuring that the ICO can better enforce sanctions against organisations that make unsolicited marketing communications.
The ICO’s current guidance on direct marketing (version 2.2 of May 2016) provides commentary on the Data Protection Act 1998 and the Privacy and Electronic Communications Regulations 2003. However, the current guidance is not legally binding, and so organisations are neither required to follow it nor sanctioned for failing to do so.
Unlike the current guidance on direct marketing, the statutory code of practice will be binding and must be followed. This will allow the ICO to create enhanced certainty on what organisations can and cannot do when engaging in direct marketing.
It is anticipated that the statutory code of practice will make it easier for the ICO to take enforcement actions against organisations that make unsolicited marketing communications. The code will also be admissible as evidence in court proceedings, and will need to be considered by the tribunals and courts in relevant cases.
Before the code is adopted, the ICO will need to consult, as appropriate, with trade associations, individuals, and representative bodies.
Currently, there is no date scheduled for the publication of the code. Until it comes out, you may find our summary of the current direct marketing rules helpful.
A vital component for direct marketing is obtaining valid consents, the bar for which will be raised under the EU General Data Protection Regulation from 25 May 2018. Businesses and other organisations are advised to review their policies and privacy statements now to prepare for the upcoming changes.