CAMPAIGN DIRECT: How will the industry adapt to the new Data Protection Bill? While many are ready for the new legislation, there may be teething problems for some. By Robert Dwek

Elizabeth France, the Data Protection Registrar, welcomes the UK’s new Data Protection Bill as timely. She fears for personal privacy when ’in both the public and private sectors, there is great impetus to deliver services electronically and to use computerised personal information to inform decisions affecting individuals’.

Elizabeth France, the Data Protection Registrar, welcomes the UK’s

new Data Protection Bill as timely. She fears for personal privacy when

’in both the public and private sectors, there is great impetus to

deliver services electronically and to use computerised personal

information to inform decisions affecting individuals’.

But what do direct marketers make of it? When it becomes a reality in

October of this year, below-the-line specialists will have to think that

bit more before trying to leap through the letterbox (or down the phone

line - or, indeed, over the Internet) - although it shouldn’t be a

quantum leap, since the new Bill is about 85 per cent covered by

existing legislation.

Colin Fricker, legal affairs director at the Direct Marketing

Association, has been closely involved with the Bill since it began life

as an EC draft directive in 1990. He estimates that only half of the

legislation has stayed the same, thanks to lobbying from the direct

marketing industry, and he believes the biggest hurdle has been overcome

- namely, the proposal that consumers should have to ’opt in’ rather

than ’opt out’ when giving permission for their data to be used by


Since the UK’s Data Protection Act of 1984, marketers have got used to

the opt-out system, which warns consumers what might be done with

information being collected (this normally means they’ll be targeted by

the same or other companies at some point in the future) and asks them

to tick a box if they don’t want this to happen. The system puts the

onus on the consumer but has appeared to work very well, particularly

with the growing profile of the Mailing Preference Service, which

records the details of consumers who want to ensure that their names are

removed from mailing lists. An opt-in would have put much more onus on

marketers and was considered almost unworkable by many. It was unclear,

for example, whether direct marketers would have had to contact

consumers before they ’officially’ contacted them, seeking their

permission to do so.

Because that potentially Alice in Wonderland piece of legislation hasn’t

come to pass, Fricker is able to give the Bill - which is the UK’s

interpretation of the EC’s 1995 directive - a ’cautious welcome’. He

says there is ’nothing unexpected to those who were familiar with the


That’s the good news. The bad news is that there are ’no less than 20

areas (of the EC directive) where the Secretary of State can make

amplifications’ and this has already led to one potential bombshell.

France has toyed with restricting access to the Electoral Roll, a vital

part of the direct marketing industry.

The DPR is concerned it might breach EC guidelines on public domain data

being used for something it wasn’t originally intended for. The industry

has forcefully argued that the Electoral Roll has long been used for

things such as credit checking - which could also theoretically be

called into question by the new legislation - and that if exceptions are

to be made then direct marketing is as legitimate an exception as any.

Apart from this unexpected zealousness on the part of the DPR, the Bill

does contain a couple of other concerns for Fricker.

One is that business-to-business direct marketers might find life a bit

trickier, because the new legislation gives as many rights to business

recipients as to consumers in general. This means that if an individual

at work demands to be removed from a mailing list then his or her wishes

must be met. This would be a serious irritation, if not a major problem,

because it is the job title which is addressed more than the


Another big legal question mark hangs over the transfer of data to and

from the EEA (European Economic Area). Since just about every other

country in the world, including the US, is considered below par on data

protection by the EC, this would be impossible, reinforcing the image of

Fortress Europe and dealing a sizeable blow to the UK’s list rental

industry. The restriction also seems incompatible with the Internet,

which sends data round the world, even when it’s ultimately just

travelling down the road.

Direct marketing agencies don’t appear to be too perturbed by the


’It’s been on the cards for such a long time,’ says Bates Communications

managing director, Martin Troughton. ’It means we’ll have to be much

more open about how we’re going to use people’s data, but the trend in

marketing is towards more transparency, so this isn’t necessarily a


David May, client services director at dp&a, says: ’There are quite a

few things that need to be clarified, but the Bill doesn’t feel anything

like as shocking as the 1984 Act, which as an industry we had quite a

tough time adapting to.’

However, David Strickland-Eales, managing director of Chapter One, is

concerned that, ’unwittingly, a lot of new users of direct marketing

might fall foul of the legislation because they haven’t got the time to

keep abreast of it.’ He also feels it might lead to more, rather than

less, consumer irritation, since ’large companies are increasingly

seeking multiple relationships with their customers, but they’re going

to have to keep a sort of Chinese wall between each relationship, and

the consumer will not understand why’.

Telemarketing agencies say they don’t feel particularly disadvantaged by

the Bill. ’What we need to worry about is the ISDN Directive, which

could have much more of an impact on how we operate,’ says Andrew Raine,

a consultant at the L&R Group.

Clients seem sanguine about the changes, too. John Hymas, customer

strategy and analysis manager at the Halifax, comments: ’Hopefully it

will give the consumer that extra bit of confidence and, if used

correctly, could even provide companies with an opportunity to increase

their ethical credentials, improving the quality of their customer


Paul Leadbitter, head of direct marketing at PPP Healthcare, says his

company does a lot of business-to-business mailing and has just started

to increase its consumer activity. He is concerned by the possibility of

a mass opt-out among business recipients - ’it could be higher than in

the consumer arena’ - but he has tried targeting by job title before and

might be tempted to do so again.

Sally Wolfenden, deputy marketing manager at the Daily Mail, believes

her salvation will be the ’almost infinite opportunities I have to

establish relationships with our customers because we’re selling a

different product every day’. If data protection considerations prevent

her from using information from another part of the company - say, an

unrelated promotional offer - then ’it won’t be the end of the world

because I know I will have another chance tomorrow to get fresh


The supermarket giant, Tesco, has already come under scrutiny from the

DPR because it was thought to be making over-energetic use of data

collected from Clubcard members. However, the company argued that it

gave very clear notice to all members of how it might use information

and allowed them to restrict that use if they wished. A Tesco

spokeswoman says of the Bill: ’We don’t anticipate any problems.’


1981: The Council of Europe issues a Convention on data protection and

asks all member states to comply

1984: The UK government introduces the Data Protection Act to ensure the

’fair obtaining’ of data. It establishes the principle of allowing

consumers to deny use of their personal information for marketing


1990: Only five of the 12 members of the European Union have implemented

the 1981 Council of Europe Convention, so the European Commission steps

in and proposes a law. This produces the first draft of the EC’s Data

Protection Directive

1995: The EC’s adoption of the final draft of the Directive. Member

states have three years to implement it

October 1998: The EC’s Data Protection Directive becomes UK law

(although there is a ’compliance’ period of three years). Its wording is

more specific and much less general than that of the Data Protection Act

when dealing with the consumer’s right to opt out. Contains only about

50 per cent of the 1990 draft directive


- The Bill will be phased in over three years from 24 October, 1998

- Consumers will have more scope to seek ’financial and other redress’

for breaches of the Bill

- Marketers must give consumers the chance to opt out each time their

data is processed and passed to a third party

- The use of sensitive data, such as information about ethnic origin,

voting patterns or sexual orientation, requires an explicit consent or

opt-in before any marketing message is received

- The Data Protection Registrar, Elizabeth France, will become the Data

Protection Commissioner and have wider powers. For instance, she’ll no

longer have to wait for a consumer complaint before taking action

against a company, and will have the power to stop and search companies

who are suspected of data misuse

- Companies must make consumer data more easily accessible to


- Unlike the 1984 Data Protection Act, the new legislation will apply

equally to all data controllers, whether they are registered with the

Commissioner or not.