News and Events

Electronic Marketeer breached Advertising Standards rules

  • Posted

The sending of electronic marketing (emails, SMS etc) to consumers is governed by the Data Protection Act (DPA), The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) and the Code of Advertising Practice (CAP).  A key provision of them all is that the recipient must have consented to receiving such communications.  The DPA is being replaced by the General Data Protection Regulation (GDPR) on 25th May 2018, with the rules of GDPR being stricter than those of DPA.  Geoffrey Sturgess, Commercial Consultant, reviews a recent case in which a company breached Advertising Standards regulations, and highlights the importance of preparing for the introduction of GDPR now.

Breaches of DPA (and in due course GDPR) and PECR can result in fines and civil liability.  Breaches of CAP result only in adverse publicity arising from the publishing of the adverse finding of the Advertising Standards Authority (ASA).

Email marketing consent

There is a substantial market for contact details of individuals who have “opted in” to receiving electronic marketing communications, generally by ticking a box on a website indicating that the individual consents to the receipt of marketing material from the website owner and others, and those purchasing such “opted in” mailing lists will generally seek assurance from the seller that the listed individuals have all given such consent.

A recent ruling of the ASA, finding against Lands End Europe Limited, a clothing retailer, suggests that marketeers should go further before they can conclude that they do have consent from consumers.

Unlike DPA and PECR, the CAP code requires the explicit consent of consumers to the receipt of electronic marketing. Under GDPR (which is the standard to which marketeers should now be working) consent must be “freely given, specific, informed, and unambiguous” and the marketeer must be able to “demonstrate” that each recipient has consented.  PECR requires consent which the Information Commissioner explains as:

Knowingly and freely given, clear and specific.  It must cover both your particular organisation and the type of communication you want to use (eg call, automated call, fax, email, text).  It must involve some form of positive action – for example, ticking a box, clicking an icon, sending an email, or subscribing to a service – and the person must fully understand that they are giving you consent.  You cannot show consent if you only provide information about marketing as part of a privacy policy that is hard to find, difficult to understand, or rarely read.

Lands End used a third party email sender to send marketing emails to recipients, the details of whom had been purchased from another third party, Clic-Plan.  Clic-Plan, in turn, obtained those details from various “partners” who were required to obtain consent and to respect unsubscribe requests from the individuals concerned. The complainant had ticked a box against the statement:

“You understand and agree that you are establishing a business relationship with our network of affiliate partners, and you may be contacted by one of our partners by telephone or mobile using automated dialling or electronic mail. You also agree to our Privacy Policy. There is no obligation for submitting your information”.

The ASA decided that this was inadequate consent as “there was no clear connection between the types of products or services provided by the website the complainant signed up to, which offered deals on a wide range of products, and those provided by Lands’ End” and “that the complainant would not have anticipated receiving marketing communications from Lands’ End as a result of submitting his details to the partner website.”  Many people may be surprised by that finding.

Third party emails

They also held that even though the collection and usage of the personal data was by third parties, Lands End had responsibility for ensuring that its “marketing communications complied with the advertising Codes, and should be able to demonstrate that consumers had provided explicit consent to receive marketing communications from them.”

In consequence, Lands End had breached the electronic marketing provisions of the CAP and might now receive attention from the Information Commissioner’s Office investigating breaches of data protection legislation and PECR.

This case demonstrates that those using electronic marketing should be carefully considering whether they comply with CAP and the relevant legislation and whether, in particular, their processes and procedures will be compliant with GDPR by 25th May next year.

You can find out more about the ASA ruling for this case on their website alternatively, you can contact Geoffrey Sturgess to discuss how you can prepare for GDPR ahead of May 2018 on 02380 717717 or email


This is for information purposes only and is no substitute for, and should not be interpreted as, legal advice.  All content was correct at the time of publishing and we cannot be held responsible for any changes that may invalidate this article.