“Direct marketing” is a term defined in the Data Protection Act 2018. The term is used in several places including the introductory text on page 1 of the Act itself! In Section 122 the DPA defines “direct marketing” as, “the communication (by whatever means) of advertising or marketing material which is directed to particular individuals”. The definition provides that the marketing materials have to be directed to particular individuals for marketing to be “direct” i.e. door drops, inserts in newspapers and the like are not currently considered as being directed to particular individuals although as progress towards the holy grail of marketing is made; the so-called segment of one; that may come under pressure.
Interestingly the DPA also states that good practice in direct marketing means practice that appears to the Information Commissioner to be desirable having regard to the interests of data subjects and others. WOW! That puts the ICO in a very powerful and responsible position as her opinion is elevated to be the gospel by statute.
The marketing aspects of direct marketing are also worth exploring. Philip Kotler defines marketing as “meeting needs profitably” and refers to the American Marketing Association definition as, “the activity, set of institutions, and processes for creating, communicating, delivering, and exchanging offerings that have value for customers, clients, partners, and society at large.”
This definition correlates with that of ICO’s who’s existing and new draft Direct Marketing Code of Practice, reminding us that direct marketing “includes the promotion of aims and ideals as well as advertising goods or services.” The new draft Code says that any method of communication which is directed to particular individuals could constitute direct marketing and highlights that “direct marketing purposes” include all processing activities that lead up to, enable or support the sending of direct marketing. The new draft Code provides examples of direct marketing and includes:
- a GP sending text messages to patients inviting them to healthy eating event;
- a regulator sending out emails promoting its annual report launch;
- a local authority sending out an e-newsletter update on the work they are doing; and
- a government body sending personally addressed post promoting a health and safety campaign they are running.
So the UK DPA provides for this opinion to be a statutory interpretation applied to the law. Ignore or deviate from the ICO’s Codes of practice regarding direct marketing at your peril! The key message to take away is that “marketing” is defined broadly and the ICO’s interpretation is the one that counts. Not the interpretation of your marketing colleagues, suppliers, or marketing agencies – the law upholds and elevates the opinion of the ICO to be the only one you should focus on. “Marketing” includes advertising or promoting products, services, ideals, concepts, charitable aims, events, and other similar activities whether or not the data controller derives any financial gain from them.
The definition doesn’t seem to differentiate between consumers and individuals in their business or professional capacity, nor does it differentiate internal direct marketing promotions to colleagues and employees from external direct marketing to customers and prospects.
Ironically, informational notices promoting good data protection practices or IT security would seem to fall under the definition of marketing and so any mailshots of information promoting cyber security policy and the like sent directly to individuals would be caught by the definition of direct marketing.
In the next blog the Outsourced DPO will begin to explore how the PECR rules affect direct marketing by telephone and electronic message.