In classic ICO style, new direct marketing guidance dropped this week without much fuss (or, as far as I can tell, any publicity at all!). The guidance is aimed at those in regulated industries who may be required by their regulator to send service messages to customers (for example, energy companies who must encourage customers to install smart meters) – the guidance refers to them as “regulatory communications”, but for all intents and purposes these are service messages.
What’s it all about? The scope of the guidance advises on what to do if you’re required by a regulator to send a regulatory communication but that communication constitutes direct marketing because you’re being asked to promote a particular product or service. If that communication inadvertently falls within the scope of PECR, you’ll need to have consent (or soft opt-in) to send the message, and allow customer to opt out of them. This creates a bit of a dilemma where you may be legally obliged to send comms to a customer, but need their consent to do so! The guidance doesn’t really deal with this apparent contradiction and simply reminds you that you must comply with PECR where applicable – great!
Ultimately, if you are in a regulated industry and are already careful to ensure service messages sent to customers do not constitute directly marketing, you’re unlikely to need to take any further action. It's just worth bearing in mind that the ICO have no sympathy for regulatory comms which are overly promotional, and that this is clearly on their radar. Some key takeaways below.
When will a regulatory communication constitute direct marketing? The approach is as before – whether a message contains direct marketing will be determined largely by its phrasing, tone and context. Calls to action or direction to an initiative are more likely to be considered promotional, but things like neutral tone, presentation and the fact the call to action may not benefit the sender of the communication are important mitigations (such as where you may be required to advertise a competitor’s rates). So make sure that you aren't going beyond what is absolutely required by your regulator.
If my regulatory communication is promotional, will I need consent to send it? Yes, but this isn’t new – this has always been the case with service messages containing direct marketing. In this new scenario identified by the ICO however, i.e. where you are essentially required to send direct marketing by a regulator, the question arises as to how a regulated business can comply with its obligation to send such messages yet at the same time allow customers to opt in/out of them. The guidance specifically states that you must ‘respect people’s wishes and don’t send direct marketing to anyone who objected, opted out or unsubscribed’. The approach suggested by the ICO is to send regulatory communications via channels outside of the scope of PECR, to avoid the requirement to collect consent, such as displaying it on your website, during inbound calls or on social media. This of course doesn’t acknowledge the fact that many regulatory communications are required to be directed at individuals and cannot be a generic message on a website.