Back to more articles

Making company directors personally liable

  Article added: 04/05/2017

The Digital Economy Act – law as of 27th April 2017

While Parliament is coming to a close, ready for the General Election on 8th June 2017, they have to consider which of those Bills currently in progress are to be rushed through before closure, and which are to be, essentially, dropped.

One Bill that has been quietly rushed through is the Digital Economy Bill, now the Digital Economy Act 2017.

The Digital Economy Act

This Act does a number of things, but one which is particularly relevant to direct marketers – it turns the ICO’s Direct Marketing Guidance into a Statutory Instrument, meaning failure to follow it could lead to enforcement action (though it’s worth noting that the ICO will first have to consult with the industry prior to issuing the Statutory Guidance).

One bill which didn’t make the cut was the Unsolicited Marketing Communications (Company Directors) Bill), which proposed giving the ICO the power to take action against company directors personally for breaches of PECR (they’re already able to do this for some breaches under the Data Protection Act 1998 (DPA)).

A welcome relief for many, we’re sure. However it is worth noting that just because the bill will not make any further progress right now, does not mean that it is completely gone forever. It will, in all likelihood, be reintroduced at some point after the General Election.

For now, though, company directors can sleep easier at night knowing that the ICO does not yet have these additional powers.

ICO’s Direct Marketing Guidance

If you haven’t yet read the ICO’s guidance on direct marketing then it’s worth doing so. It not only lays out the do’s and don’ts for direct marketers, but also addresses the difficult subject of opt-ins and what is or is not acceptable in a Privacy Policy.

When data is collected on a website for resale the Privacy Policy has to opt the consumer in to allow the website owner to resell the data and for the purchasers of that website data to use it in their marketing campaigns. Many Privacy Policies, in an attempt to maximise the usability of the data the websites collect, opt data collected into ‘everything’ by way of including lots of general industries such as:

Do's and Don'ts for Marketers
Do’s and Don’ts for Marketers

The following sectors are the industry types you can expect to receive products, information, services or special offers from - Automotive, Broadband, Call Centre, Charity, Competition Sites, Debt\ Tracing\ Linkage and Collections, Education, Entertainment\Gaming\Leisure, Fashion, Finance, FMCG, Freebie Sites, Gambling, Gardening, Government, Health & Beauty, Home & Lifestyle, Mobility, Home Improvement, Household, IT/Technical, Insurance (Life, Home, Automotive, General, Private Medical, Travel), Legal Services, Lottery, Mail Order, Market Research, Music, Pension, Pharmaceutical, Claims Management Companies - Claims for Financial Product and Services for: mis-sold PPI / PBA, SERPS / Pensions, Loans, Mortgages, Personal Injury (RTA, Holiday Claims and other PI related products), Housing Disrepair, Employment Matters and criminal injury (products regulated by the Claims Management Regulator), Premium Rate, Publishing/Media, Retail, Sport, Telecoms, Toiletries/Cosmetics, Travel, Utilities.

Which is clearly in breach of the ICO’s guidelines as it simply covers too many industries.

Some websites additionally name the companies to whom they will supply your data to, but in doing so simply list every company who purchases data from them with some having over 500 companies listed in their Privacy Policies. This too is in breach of the ICO’s guidelines.

If you purchase data for marketing purposes you would be well placed to set aside some time to read up on what will soon be LAW and how it applies to data collection and use of that data for marketing purposes.

For more download and read the ICO’s guide to Direct Marketing.

Back to more articles