• GL
Choose your location?
  • Global Global
  • Australia
  • France
  • Germany
  • Ireland
  • Italy
  • Poland
  • Qatar
  • Spain
  • UAE
  • UK

ICO publishes public sector direct marketing guidance

25 August 2021

The ICO has published new guidance on direct marketing and the public sector.  Read our summary of the key points.

On 4 August the Information Commissioner's Office (ICO) published guidance on direct marketing and the public sector, which aims to help public sector organisations understand when the direct marketing rules will apply to their messages. The key points are:

The rules on direct marketing apply to all sectors and types of organisations.

The majority of communications that public authorities send to individuals are unlikely to constitute direct marketing.

The guidance provides some examples:

  • messages which promote new public services, online portals, helplines and guidance resources may be necessary for delivering your tasks and functions and therefore not direct marketing;
  • messages for the purposes of fundraising or advertising services offered on a quasi-commercial basis or for which there is a charge, e.g. promoting a new fitness class at a leisure centre run by a local authority, are likely to constitute direct marketing. This means that the marketing rules in the Privacy and Electronic Communications Regulations (PECR) apply if you are sending such messages by electronic means, as well as the UK GDPR.

When a public authority sends messages that are necessary for your task or function, these messages are not direct marketing, even if you rely on the lawful basis of consent rather than public task (i.e. necessary for the performance of a task carried out in the public interest). The guidance states that while public task may seem the most obvious lawful basis, there is no obligation to use it, and you may want to consider consent.  

Public authorities must be cautious when relying on consent, as their position of power can affect whether the consent is freely given. In addition, consent must be fully informed, specific and easy to withdraw.

When relying on the public task lawful basis you need to:

  • identify a relevant task or function underlying the communication;
  • demonstrate that sending promotional messages to individuals is necessary for your task. This doesn’t mean that it must be absolutely essential, but it must be more than just useful; and
  • demonstrate that sending the messages is proportionate to your aim. You should consider whether you could reasonably achieve the same objective through other means.

If a message is not direct marketing (or is direct marketing but is sent by non-electronic means, i.e. by post), you don’t need to comply with PECR, but you must still comply with the UK GDPR (including fairness, transparency and the right to object).

Individuals have the right to object:

  • in relation to direct marketing, the right is absolute. This means that if an individual objects, you must stop sending them direct marketing.
  • in relation to promotional messages which are sent on the lawful basis that they are necessary for your public task or function, the right is qualified. You may be able to continue sending the messages if you can demonstrate compelling legitimate grounds. You must consider any objections you receive, and balance your legitimate grounds against the individual's rights and freedoms.

Take particular care before sending any messages promoting third party services, as you need to:

  •  be clear how this is necessary for your functions; and
  • consider whether it is fair – have you been transparent with the individuals and explained that you would use their data to send these messages?

If you require support deciding whether your messages are direct marketing, which lawful basis is appropriate or ensuring that you send messages in compliance with the law, please contact one of our specialist privacy lawyers. 

Alternatively, speak to your usual DWF advisor, who will put you in touch with the most appropriate person to help.

Further Reading

We use necessary cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. These will be set when you accept.

For more detailed information about the cookies we use, see our Cookies page.

Manage your cookies

Our use of cookies

We use necessary cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. These will be set when you accept.

For more detailed information about the cookies we use, see our Cookies page.

Necessary cookies

(Required)

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

These cookies are required

Tracking cookies

Anonymous cookies that help us understand the performance of our website and how we can improve the website experience for our users. Some of these may be set by third parties we trust, such as Google Analytics.

They may also be used to personalise your experience on our website by remembering your preferences and settings.

Marketing cookies

These cookies are used to improve and personalise your experience with our brands. We may use these cookies to show adverts for our products, or measure the performance of our adverts.