ICO Updates: Code of Practice

Direct Marketing Code of Practice 

The ICO recently published its draft Direct Marketing Code of Practice for consultationIt will be an important document for all organisations conducting direct marketing activities. “Direct marketing” is defined widely within the draft: 

“Direct marketing includes the promotion of aims and ideals as well as advertising goods or services. Any method of communication which is directed to particular individuals could constitute direct marketing. Direct marketing purposes include all processing activities that lead up to, enable or support the sending of direct marketing.” 

So it covers more than simply the sending of direct marketing messages, by whatever format. It also covers the use of online advertising, social media and new technologies with explicit reference to Facebook’s Custom Audiences tool. It is important that any new marketing or digital strategy is developed with this Code in mind.  

The Code of Practice is a requirement under section 122 of the Data Protection Act 2018 and, as such, holds more legal weight than the ICO’s previous “guidance” published in relation to direct marketing.  

The consultation is open to all and closes on 4th March.  

Age Appropriate Design Code  

The ICO has been busy of late with new consultations, codes and guidance and the latest to be formally published is the Age Appropriate Design: A Code of Practice for Online Services. As it sounds, the content will be particularly important for organisations who provide online services or products to children.  

From the Information Commissioner’s foreword: 

“The code is not a new law but it sets standards and explains how the General Data Protection Regulation applies in the context of children using digital services. It follows a thorough consultation process that included speaking with parents, children, schools, children’s campaign groups, developers, tech and gaming companies and online service providers.” 

The GDPR’s core principles and requirements are built into the Code, with specific sections covering transparency, Data Protection Impact Assessments, data sharing, data minimisation and data protection by default.  

If you are not sure whether a service you provide is covered by the Code, a flowchart is included to help you define this.  

For more ICO updates please read our previous post here…