Site navigation

New ICO Resource Helping Firms with Direct Marketing Rules

David Paul


direct marketing rules
New guidance aims to help the public sector better understand how the rules apply to marketing messages.

Direct marketing rules can often be confusing and convoluted, and firms have to jump through hoops to ensure they are adhering to regulations.

A new resource released by the Information Commissioner’s Office (ICO) aims to help firms get a better understanding of direct marketing legislation and the legal ramifications.

The guidance aims to help those responsible for data protection within the public sector to get to grips with how the rules apply to marketing messages.

Direct marketing is a broad subject and covers all forms of advertising or marketing correspondence directed at individuals. This includes text messages, emails, social media messaging and traditional methods such as phone calls and post.

Additionally, direct marketing can include commercial marketing such as the promotion of products and services, as well as aims and ideals such as fundraising and campaigns.

Organisations from any sector can send direct marketing messages, however, most of the messages sent by public authorities to members of the public do not fall under direct marketing rules.

What are the rules?

According to the ICO, if sent messages are “necessary for your task or function”, then they do not constitute direct marketing.

In this case, if a message is not direct marketing there is “no need to comply” with the marketing rules which are part of the Privacy and Electronic Communications Regulations (PECR). However, you must still comply with the UK GDPR rules.

If a sent message does fall into the direct marketing category, the ICO states that public authorities must “comply with the marketing rules in the Privacy and Electronic Communications Regulations (PECR) if they are using electronic communications”.

“Messages promoting services, paid for by the user or fundraising, do generally count as direct marketing,” the ICO said. “This means that the PECR marketing rules apply as well as the UK GDPR if you are sending such messages by electronic means.”


Anthony Luhman, ICO Director, said the public should have “trust and confidence” in promotional messaging: “If you work in the public sector, the law doesn’t stop you from sending promotional messages when they are necessary for your task or functions.

“However, there are times when the direct marketing rules will apply and we want to help the public sector get it right.

“Our new guidance will help you understand how to send promotional messages in compliance with the law. Done properly the public should have trust and confidence in promotional messaging from the public sector.”

However, regardless of whether a promotional message is direct marketing or not, public authorities must still comply with the requirements of the UK GDPR, which itself can be confusing and difficult to navigate.

Luhman added: “It’s important to be transparent about what you intend to do with people’s personal data including telling them about the types of messages you want to send.”

The UK GDPR gives people a right to object, and this may apply even if your promotional message is not direct marketing. The new guidance has more details on when this right may apply.

What are the pitfalls?

According to Martin Sloan, IP, Tech & Data partner at Brodies LLP, that the fact some messages are classed as direct marketing and some aren’t can leave firms in “some slightly odd positions”.

“For example, a message from a local authority about a new household service for collecting recycling would not be direct marketing, but a message inviting people to sign up for a paid-for garden waste collection service would be direct marketing.

“Identifying where the new guidance applies will need some detailed analysis of the law and that authority’s public tasks.”

In an attempt to aid firms to comply with data protection laws, the ICO published a Data Sharing Code of Practice in December 2020 to provides advice around compliance with data sharing legislation and to ensure their use of data is fair, lawful, and accountable.

It covers several areas, including transparency, lawful bases for using personal data, the new accountability principle and the requirement to record processing activities.

Sloan continued: “The new guidance applies only to public authorities. That may frustrate charities and other third sector organisations.

“Retailers and other businesses can rely on the “soft opt-in” exemption under ePrivacy laws for marketing to existing customers. However, that exception applies only to the sale of goods or services, which means it isn’t available to charities when contacting previous supporters for fundraising purposes or to tell them about what the charity has been doing.

Sload added: “While the background to the new guidance is not clear, those in the third sector may feel aggrieved that the ICO did not take the opportunity to look at the definition of direct marketing in the context of that sector too.”

David Paul

Staff Writer, DIGIT

Latest News

Diversity Sustainability
Digital Transformation Events Featured
%d bloggers like this: