The Direct Marketing Association (“DMA”) has introduced a new code of conduct (the “DMA Code”) which came into force on 18 August 2014. The DMA is a trade organisation which brings together companies involved in direct one-to-one marketing including advertising agencies. It has over 1,050 corporate members who are required to comply with the DMA Code as part of their membership. The DMA Code is therefore a self-regulatory industry code of practice which supplements data protection legislation. It is primarily concerned with all marketing activity which is driven by the use of customers’ data.
The new DMA Code was developed following an 18 month consultation period with various industry stakeholders as well as Ofcom, the Information Commissioner’s Office, the Ministry of Justice and the Department of Culture, Media and Sport. With the UK economy becoming more digitised, the DMA’s stated objective with the new Code was to address consumer concerns about data privacy in direct marketing.
A principles-based approach
The previous DMA Code consisted of set of recommendations which had provided a more prescriptive approach to regulating the one-to-one marketing sector. In comparison, the new DMA Code is underpinned by five basic principles: put your customer first, respect privacy, be honest and fair, be diligent with data and take responsibility. They are inspired by the eight data protection principles from the EU Data Protection Directive 1995.
The overall aim of these principles, according to the organisation’s executive director, Chris Combemale, is to serve each customer with fairness and respect. Combemale emphasised in the DMA’s press release on the new Code that the principles are designed to go above and beyond compliance with the law and are more concerned with fostering a culture of creating trust among customers. It is also hoped that switching to a principles-based approach will create flexibility as they should still be applicable even if there are developments in technology and legislation.
Put your customer first
Described as the “hero” principle, this part of the Code promotes the concept of one-to-one marketing being seen as a value exchange between businesses looking to offer products and services, and customers benefitting from them. Members should ensure that customers experience transparency as well as a prompt and efficient service. Customers should only receive marketing information that is relevant to them and reflects their preferences.
Under this principle members must clarify to customers why they are collecting data and how it will be used. They must also ensure that they do not target vulnerable customers, such as children, and avoid intrusive and excessive marketing.
To comply with these outcomes members must ensure that any unsolicited communications comply with the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended 2011). In addition, they should maintain a file of customers who have indicated that they do not wish to receive commercial communications.
Be honest and fair
This part of the Code indicates that members should not mislead customers and should deliver on their promises. To achieve these outcomes, members are obliged to ensure that the advertiser can be identified on marketing communications and that a phone number is visible when making phone calls to customers, so that calls can be returned.
Customers must also be provided with contact details on marketing communications so that they can opt-out of them should they wish. In addition, members are not allowed to mislead customers into thinking that they are carrying out research or a survey, if the real purpose of the contact is to sell goods or services.
Be diligent with data
This principle is concerned with ensuring that customers are clear about how their data will be used and that any data collected is held safely. As such, members must clearly identify themselves or the party collecting data, and specify the purpose for which it is being collected. Members should not collect data excessively or keep it longer than is necessary.
Members are required to take responsibility for the entire customer experience and their commitments. This is an important obligation because it means that members will be responsible for the actions of any third parties working on their behalf. They are also required to ensure that any non-members that they work for, and any non-members that they subcontract work to, also adhere to the DMA Code. This will broaden the scope of application of the Code.
The DMA Code also emphasises the importance of complying with data protection legislation (such as the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended 2011)) and states that communications should not be sent to consumers where their data has been obtained in breach of the legislation.
The Code is supplemented by a series of channel-specific guides which provide recommended best practice on how to comply with the DMA Code.
The DMA Code will be enforced by the industry’s independent watchdog, the Direct Marketing Commission (the “DMC”). If a complaint to the DMC is upheld, the DMC can apply a range of sanctions. This includes making a formal recommendation to the DMA (e.g. to suspend a member or cancel membership entirely) or requiring the DMA to make a formal visit to a member. The DMC may also require the member to give a formal undertaking to comply with the DMA Code or carry out specific changes in their business processes. As a last resort, the DMC may also refer a member to the relevant law enforcement authority such as the Trading Standards Authority or the Information Commissioner’s Office.
The new DMA Code recognises that customers are now more conscious about what companies are doing with their personal information, especially given the increasing presence of social media in everyday life and the widespread use of online shopping where personal information can be easily collected, shared and stored. Consumers are now more inclined not to do business with companies that they do not trust. Accordingly, it is important for companies operating in the current digitised era to foster a culture of respecting customers’ data protection rights, which is exactly what this new Code aims to promote.