FEDMA, Brussels and data protection regulation

FEDMA (Federation of European Direct and Interactive Marketing) is a Brussels-based, pan-European association representing twenty-one national DMA’s and corporate members. Their team of legal experts are frequently in contact with various European institutions, with FEDMA seen as the voice of one-to-one and data-driven marketing in Europe.

Dr Sachiko Scheuing, FEDMA co-chair, kicked off proceedings with a talk about the different legal structures and cultures in Europe and how they have led to very different data protection regimes. Her presentation centred on the Netherlands, Germany and Sweden.

Sweden has one of the most liberal data regimes in the EU, an example being business-to-business email marketing which is opt-out only. Dr Scheuing quipped that if only the rest of Europe was like Sweden, it would be plain sailing for marketers.

This was in stark contrast to the Netherlands and Germany, both of which have far more restrictive regimes. To demonstrate we looked at the UK. Here companies must abide by principles laid out by the Data Protection Act 1998: marketing that follows this framework is deemed permissible.

In Germany, however, rather than principle-led legislation legal wording is much more definitive. If marketing doesn’t abide with strict codes as laid out in law, it falls foul of the “prohibitive system”. The Netherlands straddles a middle ground, but ultimately follows the German model more closely.

Moving on, we heard from Mathilde Fiquet, FEDMA EU affairs manager. She spoke about DPR and what businesses can do to prepare for it. The audience had plenty of questions for her, evidence that there is much uncertainty and anxiety about what the regulation will mean for UK businesses.

A key part of the regulation is the principle of accountability: how can businesses adapt their documentation processes to mitigate potential risks? The conversation moved on to address the questions businesses need to ask themselves about the data they collect and why they need it. What are the current legal grounds for holding and processing the data? Mathilde Fiquet stressed that answers to these queries should be clearly recorded. The process was described as being a privacy impact assessment: a business able to clearly demonstrate steps taken to mitigate risk is a good first step.

Businesses must also examine privacy policies and opt-out mechanisms. Are their policies clear and easy-to-use, written with accessible, jargon-lite legal language? Opt-out mechanisms should be similarly be clear, concise and unambiguous. Businesses acting now will have more time to adjust to change when the regulatory reform comes into force. They will also prove to consumers and regulators that they are taking proactive steps

However, the regulation is still pending. There are three different versions of the text in circulation encompassing the input of the EU Commission, Council and Parliament. Sebastien Houze, FEDMA secretary general, emphasised the major role FEDMA plays in influencing events in Brussels. He believes there is still time to change outcomes as regards DPR.

Houze also discussed the ratification of FEDMA’s own code of conduct by the Article 29 Working Party and the need to update it in light of the coming regulation. The code of conduct was widely championed by consumer groups as well. This seal of approval lends further weight to FEDMA’s voice in Europe, establishing it as a voice trusted by business, consumer and political institutions.

FEDMA is also in the process of creating a new code for DPR and is working hard to make sure that code will also receive ratification from the EDPS.

The DMA works extensively with FEDMA, with DMA team members often travelling to Brussels to support FEDMA lobbying efforts.

If you would like to learn more about FEDMA, please visit their website.