CAP updates its advertising code to align with GDPR

On 6 November 2018, CAP announced changes to Section 10 of the CAP Code to reflect the General Data Protection Regulation which came into force back in May 2018.

The new Section 10, renamed “use of data for marketing” has now been revised:

• Rules which relate to pure data protection matters (not those specifically relating to marketing), such as data security, adequacy and retention of data have been removed.
• Rules and definitions relating specifically to direct marketing have been amended to align with GDPR. This includes new GDPR-based definitions of “consent” and “personal data.”
• New rules have been added on transparency, lawful processing and the right to object.
• Section 10 also includes regulation of online behavioural advertising, previously set out in Appendix 3 of the Code (which has now been removed).

If these rules have a direct impact on your day to day activities you can find the full details of the changes in the regulatory statement here.

CAP was clear to state in its regulatory statement that the ICO, and not CAP, is the statutory regulator for data protection matters and therefore the ICO, not CAP, should regulate this area. There should not be two different regimes.

The new rules will take immediate effect, but the ASA is likely to deal with issues on only an informal basis in the first six months, unless a formal ruling is in the sector’s and public’s interest.

We also await the new ePrivacy Regulation and we understand that CAP will consider the impact of this legislation on the Code in due course.

Separately, CAP has published a further consultation of marketing to children and the publication of prizewinners’ names, see below.