Last week, Stephen Lee, an academic and former fundraiser, hit out at the Information Commissioner’s Office's interpretation of direct marketing at a data protection conference in London. It was, he said, "outrageous" that the commissioner’s direct marketing guidance stated that any advertising or marketing material that promoted the aims and ideals of a not-for-profit organisation was covered by data protection. According to Lee, only fundraising activities should be considered to be marketing.
He is quoted as saying: "Who says that’s right? Just the ICO. Who did it consult? No one." He added: "Why and how and in what way should we be compelled to comply with that proposition?"
Who says that’s right? Who did the ICO consult? Well, let me see now.
· The Council of Europe made it clear in 1985 that the definition of direct marketing includes both the offer of goods or services and "any other messages".
· The 1995 Data Protection Directive makes clear that direct marketing rules apply equally to charitable organisations as they do to commercial organisations.
· The Data Protection Act 1998 states that direct marketing is "the communication (by whatever means) of any advertising and marketing material which is directed at particular individuals".
· The Privacy and Electronic Communications Regulations 2003 say this: "Expressions used in these Regulations that …are defined in the Data Protection Act 1998 shall have the same meaning as in that act". Therefore, the DPA definition applies to PECR.
· The First Tier Tribunal dismissed an appeal from the Scottish National Party against the ICO’s definition of direct marketing in 2006.
· The charity sector and anyone else who wanted to be consulted. Virtually every iteration of the ICO’s guidance on PECR and direct marketing has been subject to public consultation – indeed, the very guidance Lee is talking about was subject to a public consultation.
Here’s the problem. Lee is an honorary fellow of the Institute of Fundraising, and has a long association with it. The IoF has been the most consistently pernicious influence on the charity sector’s compliance with data protection and privacy law in the past 10 years. Its guidance and public utterances on data protection are often misleading, and it recently changed its code of practice because it was legally incorrect.
Lee complained at the conference about the "appalling" communication between the ICO and charity umbrella bodies, but Richard Marbrow of the ICO summed the problem up all too well: "One of the things the sector asked for was clarity, and I will try and bring you that. The trouble is, if you then say ‘we don’t like that clarity, could we have some different clarity please?’, we’re not going to get on very well."
The most important thing about Lee’s outburst is the subtext – if any form of communication is not covered by the definition of direct marketing, then your consent is not required in the first place and you have no right to stop receiving it. To me, his interpretation seems like nonsense – but it is also ethically unsound. At its most basic level, privacy means the right to be left alone, the right to have an area of your life which is yours, which others can’t intrude into. Lee seems to want to erode that right.
Lee’s other question about why charities should be compelled to comply with that proposition has an easy answer. Ignore it. Carry on breaching the law, ignoring the rules. I went to the cinema last night and saw adverts for two different charities that plainly breached PECR, so that seems to be the plan. Given that the furore over charities began with an innocent person bombarded with unwanted correspondence, it’s remarkable that senior figures in the charity sector are ready for another go, but if Lee wants to drag charities’ reputations deeper into a swamp that they share with PPI scammers and payday loan merchants, he’s welcome.
Tim Turner is a trainer and consultant on data protection and the Privacy and Electronic Communications Regulations