It’s been a while since we’ve provided an update on data governance and the long awaited DPDI, because since the election there has been little in the way of news.

However, last week it was announced that under the new government, DPDI has morphed into the Data Use and Access Bill. Unveiled by the Department for Science, Innovation, and Technology, this bill is positioned to integrate technology and data protection into the economy’s core, fostering economic growth, streamlining public services, and enriching lives. With an expected £10 billion economic boost projected over a decade, the Bill is set to transform how data is used across sectors.

The DMA has actively participated in discussions around the Bill, advocating for provisions that uphold both data protection and innovation in the marketing industry.

Chris Combemale has highlighted the legislation’s focus on driving collaboration between the public and private sectors, which will enhance businesses’ ability to engage with customers while maintaining high data protection standards.

Key Provisions of the Data Use and Access Bill

  1. Legitimate Interest: Recognising direct marketing as a legitimate interest within GDPR (Article 6.1.f) provides essential legal clarity. Direct marketing is now formally acknowledged as a valid basis for data processing, pending necessity and balancing tests, which streamlines compliance for marketers.
  2. Definition of Direct Marketing: The Bill broadens the definition of direct marketing, clarifying it as any targeted communication of advertising or marketing materials, irrespective of format. This inclusion across both GDPR and PECR ensures consistent legal grounding for marketers.
  3. Cookie Consent Exemptions: A variety of exemptions from cookie consent requirements in Schedule 12 of the Bill cover cases such as strictly necessary cookies, statistical purposes, and website appearance. For many B2B, ecommerce, and corporate sites, this could mean fewer cookie consent pop-ups, aligning with the DMA’s push to reduce friction on non-advertising-supported sites.
  4. Accountability Framework: The Bill upholds the current GDPR accountability framework, including requirements for Data Protection Officers and Records of Processing Activity. This consistency will help organisations maintain established privacy practices without disruption.
  5. Codes of Conduct: Supporting the DMA’s push for a structured framework, the Bill emphasises trade association Codes of Conduct under GDPR Articles 40 and 41, extending them to PECR-related matters. This will allow the DMA to develop and enforce a Direct Marketing Code of Conduct, promoting sector accountability and trust.
  6. Legislative Progress: The Bill started its legislative process in the House of Lords on October 23, 2024. The DMA will monitor and contribute to the Bill’s progression, ensuring that industry perspectives remain front and centre.

What This Means for Direct Marketers

For marketers, especially in direct marketing, the Bill provides much-needed clarity and security in data practices. The confirmation of direct marketing as a legitimate interest simplifies legal compliance, and broader cookie exemptions mean that customer experiences can be enhanced by reducing intrusive prompts. Additionally, the importance of Codes of Conduct solidifies self-regulation, allowing the industry to set clear, high standards in line with customer expectations.

The Importance of Data Hygiene

Effective data handling remains paramount in realising the Bill’s potential. Data hygiene practices ensure that marketing communications are not only lawful but also relevant and respectful. Clean, accurate data strengthens customer trust, making data hygiene an essential aspect of adapting to new regulatory frameworks.

Stay tuned for more info as the Bill progresses! If you have any questions about data hygiene in the meantime, let us know!