Privacy & Information Security Law Blog

The UK Advertising Standards Authority (“ASA”) recently upheld a complaint under the UK Committee of Advertising Practice Code (“CAP Code”) which requires UK marketers to obtain the explicit consent of consumers before disclosing their personal information to third parties for direct marketing purposes.

Kaleidoscope Ltd had published a national advertisement for a marquis ring which included a term in small print stating that “by ordering from us, you are consenting to us sharing your information with other organisations and to us or them contacting you for marketing purposes by mail, telephone, email or otherwise. If you do not wish to be contacted by us by telephone for marketing purposes, please tick this box.”

The ASA ruled that this advertisement breached the CAP Code (rules 43.4c and 43.5), as the small print stated that by responding to the promotion, consumers were not explicitly consenting to the advertiser sharing their information with other organisations who might (by whatever means) contact them directly.

To comply with the CAP Code, which reflects the requirements of the UK Data Protection Act 1998 (“DPA”) and the UK Privacy and Electronic Communications Regulations 2003 (the “Regulations”), marketers advertising within the UK or collecting personal information from individuals within the EU must gain the explicit consent of consumers (i.e., "opt-in” consent) before sending any electronic marketing or disclosing their personal details to third parties for direct marketing purposes.

In contrast, in the U.S., the Federal Trade Commission under CAN-SPAM  allows direct electronic marketing to be sent to anyone, without permission, until the recipient explicitly requests to optout. The Kaleidoscope decision reminds us that in the EU, pursuant to the Directive 2002/58/EC on privacy and electronic communications, marketers are required to obtain explicit consent from subscribers before sending electronic communications.  In addition to a positive indication of consent, the UK CAP Code provides that at the time of data collection and on each occasion that marketing communications are sent, marketers are required to provide subscribers with the opportunity to opt out of future marketing.