Filter By

Show All
X

Connect to

X

Please login to comment.

Comments

This is really interesting, I've been researching the same thing. As PECR does not cover postal marketing, does that mean that I can collect personal data for DM without consent? 

Thanks, Mike

Hi Steve, great article. 

I generally think you got to the right place but I am not convinced by how you got there.
 
The phrase "The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest" is not vexing at all. In fact, it is remarkably clear for European legislative language. Direct marketing is a legitimate interest and there for does not need an opt-in - full stop, crystal clear. If GDPR was the only law of the land then we would be back to the wild west days of opt-out email rather than the current opt-in regime. GDPR however, is not the only European law or regulation that covers the email marketing industry. The EU e-Privacy Directive was written to sit on top of the old Data Protection Directive and it sets a higher standard for direct marketing via email and SMS. While the current e-Privacy directive does not sit well on the new GDPR, it's fundamental principles have not changed and therefor email is still opt-in. Throughout the spring, there was a public consultation on the e-Privacy Directive with a view to adapt it based on technological advancements, support the Digital Single Market Strategy and bring it into line with the GDPR. Those responding to the consultation overwhelmingly feel that special privacy rules are needed for the electronic sector and that the current language has not achieved its objective. I suspect that the e-Privacy Directive will be rewritten and most likely get upgraded from a directive to a regulation.
 
In essence, your argument presupposes that the e-Privacy Directive exists and therefor it would not be possible under GDPR to legitimately collect email without an opt-in. While that is true, should the e-Privacy Directive go away, then GDPR would not enforce an opt-in. Put another way sending an email in the UK without an opt-in would not contravene GDPR but would contravene PECR. The only way GDPR would come into play is if an enterprising enforcement person at the ICO wanted to levy a significantly higher fine.

Hi Mike - Simple answer: no.

Remember that the GDPR covers data collection, storage and use; how that data is protected while in your control; how data subjects control the quality, use, disclosure and destruction of that data.

You need a legal basis for collecting, storing and using personal data. Full stop!

Think of web browsing and purchase data, linked to an individual:

If you record page and product views, the device used and the location of the browsing; and you build up a profile based on this location and behaviour and it’s linked to an individual – this is a common scenario convered by the GDPR.

If you have marketing consent, that marketing consent may already cover that behavioural profiling:

The question to ask is: If you don’t have marketing consent what is your justification (the legitimate interest that you can prove) for collecting and processing personal data?

Related Articles

Every marketer knows intuitively how incredibly valuable their customer base is, but you need to be able to accurately quantify that, and then be able to cost effectively cultivate it. But how do you profitably reactivate your existing customers?

reactivating dormant customers.png

So the shops have reopened and we’re back to cautiously treading the path to normality. Where the path leads, no one is quite sure but this is all of our ‘normal’ now and that means making hay whilst the sun shines. And that means getting customers back on board as quickly as possible and keeping those who’ve been with you throughout to stay.

mike-petrucci-c9FQyqIECds-unsplash.jpg

We have all had to adapt to new ways of living and interacting over the past 12 months. This change of communication has significantly changed the relationship between consumers and brands. But what exactly has changed? And what impact has this had on email? Read on to find out.

MicrosoftTeams-image (1).png

Bavaria's BayLDA rules that MailChimp's sending of EU citizens' data to the USA is unlawful under GDPR, even with Standard Contractual Clauses in place.

US-EU-Privacy-Shield.png