The Direct Marketing Association believes the Information Commissioner’s Office is wrong to say that the General Data Protection Regulation prohibits opt-out consent, and has warned that banning it could cause problems for charities.
The DMA, the marketing trade body, made the comments in its response to the month-long consultation on the ICO’s guidance on consent under the GDPR, which closed last week.
The GDPR will introduce more stringent EU data protection rules from May 2018. They will apply to all organisations that process personal data, including charitable bodies. The rules will require organisations to be able to show that recipients of direct marketing have explicitly consented to receiving materials.
The ICO’s draft guidance said organisations "must ask people to actively opt in" and must not "use pre-ticked boxes, opt-out boxes or default settings".
But the DMA response argues that this is not what is meant by the section of the GDPR that deals with consent, which states that "silence, pre-ticked boxes or inactivity" do not constitute consent.
"The guidance equates opt-out consent with a pre-ticked box and implies the GDPR bans its use," the DMA response says. "The DMA believes this interpretation is incorrect."
It says that the debate within the European Parliament considered adding "opt-out" consent to the list of explicitly banned consent mechanisms, but in the end did not.
"The potential impact of the implied ban on opt-out consent could be significant for many businesses, but particularly those in the third sector," the DMA response says.
The response gives the example of an unnamed charity, which it says is heavily reliant on traditional direct marketing for its fundraising activity.
The charity updated its privacy notices in autumn 2015, collecting what the DMA describes as unambiguous and informed consent, using opt-in for the electronic channels covered by the existing legislation, the Privacy and Electronic Communications Regulations, and opt-out for postal communications.
The response says that if post was to become opt-in under GDPR, as the guidance implies, the charity would have to seek permission from its supporters once again, which it estimates would lead to people either withholding permission or simply failing to respond.
"The impact of re-consenting supporters will clearly have a negative effect on the third sector’s ability to continue to raise funds from its pool of existing donors – at best reducing the pool to a fifth of the size," the response says.
The DMA warns that the number of different aspects of data processing that people would have to explicitly consent to under the guidance would actually make any consent form more confusing because people would be forced to fill in numerous tick boxes.
Rachel Aldighieri, managing director of the DMA, said in a statement: "The DMA agrees with the ICO that the GDPR sets a high standard for consent, and industry will have to adapt to those changes.
"However, we believe that some aspects of the ICO’s guidance will have a significant effect on both the customer experience and the industry at large.
"For example, if the guidance remains as outlined, the sheer volume of new tick boxes could only serve to confuse consumers rather than inform them.
"An over-strict interpretation of the GDPR will have a negative impact on consumers, have economic consequences for the marketing industry and affect the UK economy more broadly."
If you’re interested in fundraising, you can’t miss Third Sector’s Annual Fundraising Conference on 23 and 24 May. Click here for more information and how to book