ICO issues guidance on direct marketing

October 25, 2022

The Information Commissioner has issued guidance on direct marketing using electronic mail. This follows its recent guidance on using live marketing calls to carry out direct marketing. The Privacy and Electronic Communications Regulations 2003 (as amended) (PECR) cover the sending of electronic mail for direct marketing purposes. The guidance covers the following areas:

  • What is electronic mail marketing?
  • What are the rules on direct marketing using electronic mail?
  • How we do comply with the rules on sending marketing by electronic mail?
  • What else do we need to consider?

The PECR define electronic mail as “any text, voice, sound or image message sent over a public electronic communications network which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient and includes messages sent using a short message service”. The Data Protection Act 2018 defines direct marketing as “the communication (by whatever means) of advertising or marketing material which is directed to particular individuals”. The guidance covers the obligations to both individual and corporate subscribers.

The guidance sets out the rules about sending direct marketing by electronic mail. PECR says that you can only send direct marketing by electronic mail if you have consent; or you can meet all of the requirements of the ‘soft opt-in’. However, these rules only apply to individual subscribers (which includes sole traders and some types of partnership). Therefore, if you send electronic mail marketing to a corporate subscriber (e.g. a limited company) without needing to comply with the same requirements for individuals. The guidance also provides more details about how the ‘soft opt-in’ works and provides examples, as well as discussing the difference between solicited and unsolicited marketing messages.

The guidance also covers the issue of consent which is defined in the UK GDPR as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”. As well as providing guidance about what consent means, it gives examples about how to collect it.

Using third party providers to collect email addresses or send out marketing is also covered, including examples such as refer a friend mechanisms.

It also covers the relationship with the wider data protection regime, as well as pointing out that if emails contain tracking pixels, the rules on cookies must also be complied with.

Finally, the guidance covers the ICO’s enforcement purposes.