ICO publishes public sector direct marketing guidance


The ICO has published new guidelines for direct marketing and the public sector. Read our key points summary.

On August 4th, the Information Commissioner’s Office (ICO) published guidance on direct marketing and the public sector, which aims to help public sector organizations understand when the direct marketing rules apply to their messages. The most important points are:

Direct marketing rules apply to all sectors and types of organizations.

The majority of communications that government agencies send to individuals are unlikely to be direct marketing.

The instructions provide some examples:

  • Messages promoting new public services, online portals, hotlines and advisory resources may be necessary for the performance of your tasks and functions and are therefore not direct marketing;
  • Messages for the purpose of fundraising or promoting services that are offered on a quasi-commercial basis or for which a fee is charged, e.g. This means that the Privacy and Electronic Communications Regulations (PECR) marketing rules apply when you send such messages electronically, as well as the UK GDPR.

If an authority sends messages that are necessary for your job or function, those messages are not direct mail, even if you rely on the lawful basis of consent and not a public task (i.e., required for the performance of a publicly performed task ) Interest). The guidelines state that while public duty seems the most obvious legal basis, there is no obligation to use it and you might want to consider consent.

Authorities need to be careful when invoking consent, as their position of power can influence whether consent is given voluntarily. In addition, the consent must be fully informed, specific and easily revocable.

If you are relying on the legal basis of public service, you must:

  • identify a relevant task or function on which the communication is based;
  • show that sending promotional messages to individuals is necessary for your job. That doesn’t mean it has to be strictly necessary, but it has to be more than useful; and
  • demonstrate that the sending of the messages is appropriate for your purpose. You should consider whether you could reasonably achieve the same goal by other means.

If a message is not direct marketing (or is direct marketing but is sent non-electronically i.e. by post) you do not need to comply with PECR but you still need to comply with the UK GDPR (including fairness, transparency). and right of objection).

Individuals have a right to object:

  • in relation to direct marketing, the law is absolute. This means that if a person objects, you no longer need to send direct marketing.
  • The right is restricted in relation to commercial communications sent on a lawful basis that are necessary for your public task or function. You may still be able to send the messages if you can demonstrate compelling legitimate reasons. You must consider any objections you receive and weigh your legitimate reasons against the rights and freedoms of the individual.

Be especially careful before sending messages promoting third party services, as you will need to do the following:

  • Understand how this is required for your functions; and
  • See if it’s fair – have you been transparent to the people and stated that you would use their data to send these messages?