GDPR - Direct marketing as a legitimate interest | DMA

Filter By

Show All
X

Connect to

X

Please login to comment.

Comments

This is really interesting, I've been researching the same thing. As PECR does not cover postal marketing, does that mean that I can collect personal data for DM without consent? 

Thanks, Mike

Hi Steve, great article. 

I generally think you got to the right place but I am not convinced by how you got there.
 
The phrase "The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest" is not vexing at all. In fact, it is remarkably clear for European legislative language. Direct marketing is a legitimate interest and there for does not need an opt-in - full stop, crystal clear. If GDPR was the only law of the land then we would be back to the wild west days of opt-out email rather than the current opt-in regime. GDPR however, is not the only European law or regulation that covers the email marketing industry. The EU e-Privacy Directive was written to sit on top of the old Data Protection Directive and it sets a higher standard for direct marketing via email and SMS. While the current e-Privacy directive does not sit well on the new GDPR, it's fundamental principles have not changed and therefor email is still opt-in. Throughout the spring, there was a public consultation on the e-Privacy Directive with a view to adapt it based on technological advancements, support the Digital Single Market Strategy and bring it into line with the GDPR. Those responding to the consultation overwhelmingly feel that special privacy rules are needed for the electronic sector and that the current language has not achieved its objective. I suspect that the e-Privacy Directive will be rewritten and most likely get upgraded from a directive to a regulation.
 
In essence, your argument presupposes that the e-Privacy Directive exists and therefor it would not be possible under GDPR to legitimately collect email without an opt-in. While that is true, should the e-Privacy Directive go away, then GDPR would not enforce an opt-in. Put another way sending an email in the UK without an opt-in would not contravene GDPR but would contravene PECR. The only way GDPR would come into play is if an enterprising enforcement person at the ICO wanted to levy a significantly higher fine.

Hi Mike - Simple answer: no.

Remember that the GDPR covers data collection, storage and use; how that data is protected while in your control; how data subjects control the quality, use, disclosure and destruction of that data.

You need a legal basis for collecting, storing and using personal data. Full stop!

Think of web browsing and purchase data, linked to an individual:

If you record page and product views, the device used and the location of the browsing; and you build up a profile based on this location and behaviour and it’s linked to an individual – this is a common scenario convered by the GDPR.

If you have marketing consent, that marketing consent may already cover that behavioural profiling:

The question to ask is: If you don’t have marketing consent what is your justification (the legitimate interest that you can prove) for collecting and processing personal data?

Related Articles

A new government brings new legislation, and in the world of marketing, data protection is always on the front line. We dissect the implications of these legislative changes, providing you with insights to navigate this regulatory landscape.

what uk marketers need to know DMA.png

This article is written by MBA Group Ltd.

priscilla-du-preez-tAnrp8P51tY-unsplash.jpg

Businesses must be ethical in their telemarketing practices to protect customers from unwanted, intrusive, or deceptive calls, ensuring their privacy and well-being are respected. Read how

Depositphotos_718680692_S.jpg

Let’s face it, building customer loyalty is harder than ever.

1.png