Direct Marketing
Data Protection Act 1998
The Data Protection Act 1998 (‘the DPA') regulates the use of personal data for
direct marketing purposes. Personal data must be processed lawfully and fairly
and the consent of the data subject is required unless processing can be said
to be in the data controller's ‘legitimate interests'. Personal details given
for one purpose, such as handling a customer's order, should not be passed to
third parties for direct marketing purposes without the customer's consent
‘Sensitive data' must not be processed without explicit consent.
Under the DPA an individual has an express right to object to the use of his or
her personal data for the purposes of direct marketing. This usually means that
an ‘opt-out' must be given for direct marketing, and sometimes an ‘opt-in' is
required.
The Privacy and Electronic Communications (EC Directive) Regulations 2003
The Regulations protect personal data in all kinds of electronic communication,
including e-mail and the Internet as well as voice telephony, fax and text
messages. The requirements of the Regulations are in addition to those under
the DPA.
What is covered by the Regulations?
The Regulations prohibit:
-
the use of unsolicited calls for direct marketing purposes where (i) the called
line is that of a subscriber who has previously notified the caller that such
calls should not be made on that line, or (ii) the number is listed on a
recognised opt-out register;
-
the use of unsolicited faxes for direct marketing purposes where the called
line is that of (i) an individual subscriber, unless the subscriber has
previously consented to such communications, or (ii) a corporate subscriber who
has previously notified the caller that such communications should not be sent
on that line, or (iii) an individual or corporate subscriber where the number
is listed on a recognised opt-out register;
-
the use of an automated calling system for direct marketing purposes where the
called line is that of an individual or a corporate subscriber, unless the
subscriber has previously consented to such communications;
-
the use of unsolicited e-mails (including text messages) to individual
subscribers for direct marketing purposes unless (i) the recipient has
previously consented, or (ii) the sender obtained the contact details in the
course of a previous dealing, and the email concerns the sender's similar
products and services only; and unless the recipient is given a simple means to
opt-out of such emails;
-
unsolicited communications by e-mail (including text messages) to individual or
corporate subscribers for direct marketing purposes where the identity of the
sender is disguised or concealed, or no address is given to which the recipient
can request that such communications cease.
Implications for Marketing Teams
A business that uses direct marketing methods must (a) make sure of the source
of any database it uses; (b) have a system for obtaining any necessary consent;
(c) delete from its database the details of individuals who have asked not to
receive direct marketing communications, or have registered with an opt-out
register; (d) check with the relevant opt-out register on a regular basis; (e)
provide the required information in connection with all direct marketing; (f)
provide an opt-out where required.
Enforcement
Failure to comply with the Regulations can result in payment of compensation to
the person affected or enforcement proceedings as set out in the Data
Protection Act 1998.
© Davenport Lyons 2005 All rights reserved
This document reflects the law as at January 2004. It does not purport to be
comprehensive or a substitute for specialist legal advice in individual
circumstances.
 Click
here to download a copy of the full guidelines in PDF format
|
