The ICO has issued two new sets of guidance in relation to the sending of electronic mail and the use of live telephone calls for direct marketing purposes.

The new guidance is a useful summary of the law in this area and serves as a valuable reminder that the ICO is particularly active in issuing fines for breaches of the direct marketing rules (the ICO reiterates that it has the power to issue fines of up to £500,000 for breaches, which can be levied against directors of organisations as well as the organisations themselves).

However, in many ways the guidance does not cover any new ground. It does not go into the level of detail set out in, or resolve many of the outstanding questions that followed, the draft code of practice that the ICO consulted on in March 2020 (which many, including this author, regard as a 'bible'). Unfortunately it seems that plans to finalise this code have been shelved pending the UK Government's proposals to reform UK privacy law (or, as some may say, it's vanity project to tear apart the EU statute book).

As such, this new guidance is a useful tool for covering the basics but does not address some of the grey areas in this space, such as the fine line between a 'service' communication and a marketing communication, methods of communication (the electronic mail guidance covers emails and text messages, without discussion of other channels such as push or over-the-top services such as WhatsApp), or targeting customers on social media via 'custom audiences'.

That said, there are two elements that we found somewhat interesting:

  • The ICO clarifies that viral marketing (or 'refer a friend') direct marketing campaigns will be unlawful if organisations encourage their customers to send electronic mail marketing to others. This is a tougher stance than the ICO took in the draft code mentioned above.
  • The ICO introduces the possibility to remind unsubscribed customers of their marketing preferences in service communications if this is a "minor addition". Some organisations will find this helpful, but care needs to be taken as the ICO has also made clear in the past that consent is needed to contact people to ask them if they would like to receive marketing. 

If you need any help digesting this guidance or ensuring that your organisation isn't next on the ICO's direct marketing breach list, please get in touch with me or your usual LS contact.