Q&As

The General Data Protection Regulation, Regulation (EU) 2016/679 states that legitimate interest can be used for direct marketing as a lawful purpose provided we comply with the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426. Can you clarify the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426 requirements? Also, can you rely on legitimate interest for sharing data? Or can you share data on the basis the customer has not ticked an 'opt-out' box?

read titleRead full title
Published on LexisPSL on 05/03/2018

The following Information Law Q&A provides comprehensive and up to date legal information covering:

  • The General Data Protection Regulation, Regulation (EU) 2016/679 states that legitimate interest can be used for direct marketing as a lawful purpose provided we comply with the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426. Can you clarify the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426 requirements? Also, can you rely on legitimate interest for sharing data? Or can you share data on the basis the customer has not ticked an 'opt-out' box?
  • Legitimate interest
  • Requirements for direct marketing under the PECR
  • Requirements for valid consent to direct marketing
  • ICO guidance
  • Data sharing under the GDPR

The General Data Protection Regulation, Regulation (EU) 2016/679 states that legitimate interest can be used for direct marketing as a lawful purpose provided we comply with the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426. Can you clarify the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426 requirements? Also, can you rely on legitimate interest for sharing data? Or can you share data on the basis the customer has not ticked an 'opt-out' box?

Legitimate interest

The Data Protection Act 1998 (DPA 1998) defines direct marketing as the communication (by whatever means) of advertising or marketing material directed to particular individuals. This definition is replicated in the draft Data Protection Bill. The Information Commissioner’s Office (ICO) has further refined the concept of direct marketing in its direct marketing guidance as including the promotion of aims and ideals as well as the sale of products and services. This means the direct marketing rules are not restricted to commercial organisations—they also cover not-for-profit organisations, eg charities and political parties.

Many direct marketing activities involve processing personal data. To process personal data, you need a lawful ground under the General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR). In the case of direct marketing, there are two potential lawful grounds under Article 6(1) of Regulation (EU) 2016/679, GDPR:

‘The processing is necessary for the purpose of your legitimate

Related documents:

Popular documents