The ASA/CAP have released a post called: Stay up to data: four key tips on using personal data for marketing. I have enclosed the text of the link below, but please have a look at the ASA/CAP site as there are lots of things of interest to anyone with an interest in Ethical Marketing.
On 26 April 2006 the Council of Europe decided to launch a Data Protection Day to be celebrated each year on 28 January, the date on which the Council of Europe’s data protection convention, known as “Convention 108”, was opened for signature.
To mark this day, here are four top tips on use of data for marketing.
What counts as personal data?
Section 10 of the CAP Code outlines the rules that marketers need to follow when they’re using consumers’ “personal data”. This is any data that can be used to identify a particular living person. When a customer’s name is matched up with their contact details (e.g. their postal address, e-mail address, phone number, or any other means of information that’s specific to the named individual) or an identifier such as an IP address or cookie, this is likely to count as their “personal data”.
What you have to do when you collect personal data
Code rules 10.2 and 10.3 state that certain information must be provided to consumers whenever this personal data is obtained. They need to be told information including the marketer’s contact details, the reason and legal basis for collecting the data, the identities of third parties who the data will be shared with, how long it will be stored, and consumers’ right to ask for it to be deleted.
When do you need consent?
If personal data will be used to send marketing communications by electronic mail, the consumer needs to have given the marketer their explicit consent beforehand. This is stated in Code rule 10.6, and explained in more detail here. “Electronic mail” includes text, voice and video messages sent by e-mail, SMS, or any other form of digital messaging. Direct messages on social media platforms or in apps, for example, are likely to count as electronic mail. Before such messages are sent, consumers need to have been asked to give consent to receive them, through a clear affirmative action such as a tick box. Consent to receive marketing messages shouldn’t be bundled in with consent to receive other types of message. This is what the ‘Definitions’ paragraph in Section 10 means when it says that consent must be “specific”.
When consumers ask not to receive marketing communications
Code rule 10.10 covers consumers’ right to ask you not to contact them. If a consumer makes this request for their data to be suppressed, marketers should accept this request and ensure they don’t send the data subject any further marketing communications. To ensure this, they should retain just enough data about those consumers to meet their obligations to suppress their data.
If you need help and guidance on your non-broadcast promotions, contact the CAP Copy Advice team via the website.