During the hysteria in the run-up to May 2018, one of the ways in which it was easy to spot GDPR practitioners whose sole Data Protection experience was doing That Dreadful Course Run By Those Awful People was their lack of awareness of the Privacy and Electronic Communications Regulations 2003, known to its friends as PECR. As organisations fell over themselves to get ‘GDPR consent’, they demonstrated how much they didn’t know. The crucial elements of both as they related to marketing (and much else) weren’t changing, and the experts advising differently were just demonstrating their lack of understanding.
So it is with a garbled dog’s dinner of a story in the Mail on Sunday, combining anti-EU fear-mongering, moronic MPs, and proud ignorance of how the law works. According to Glen Owen’s feverish tale “Doctors will be banned from warning patients about the risks of coronavirus under EU rules that are set to become law in Britain despite Brexit“. None of this statement is true, and more importantly, the crucial elements on which the story is based are not new. The story claims that the Information Commissioner Elizabeth Denham “is working to put EU data protection laws into a statutory code that the Government would have no power to amend“. As a consequence, doctors would be prevented from sending messages about the corona virus, and “Council tax bills would also rise because local authorities would be forced to print leaflets to publicise services such as bin collections“. This garbage is supported by some frothing at the mouth from dim rentaquote MP Ben Bradley about “bully-boy diktats” and EU red tape.
Bradley is a proven liar whose previous misdeeds including publishing false claims about Indian call-centres, libelling Jeremy Corbyn and standing up for police brutality, so his knee-jerk nonsense should be ignored. There is an interesting quote from an unnamed Downing Street source which is presumably Dominic Cummings, describing Denham as an “unelected anti-Brexit pen-pusher“. Denham has plainly been angling for some kind of involvement in online harms, but given Dom’s disdain for QE2, I suspect she’s not going to be on anyone’s shortlist.
The origin of the story is the Information Commissioner’s draft Code of Practice on Direct Marketing, a document that the Commissioner is obliged by law to create in accordance with the Data Protection Act 2018, legislation passed by the previous Tory Government. Obviously, the current regime may take issue with their predecessors, but if Boris Johnson and his cadre of far-right headbangers don’t want Denham to do what the law requires her to do, they should amend the DPA. Obviously, the content of the code is up to the ICO and so I guess the alleged anti-Brexit conspiracy to smuggle EU red tape into UK law could happen there. The problem with this conspiracy theory is that the EU laws that the Tories and the Mail are so furious about are already on the UK statute book, and will continue to be so. Unless, of course, the Government use their majority to change things, as they have the power to do.
PECR is UK law, so the rules that require marketing emails to be sent to individual subscribers only with their consent are already there. EU GDPR is currently the law in the UK until the end of the transitional period, and after that, specific regulations will automatically convert the EU GDPR into the UK GDPR. The idea that Denham is sneaking anything into UK law in her Direct Marketing code is nonsense. Anyone who claims otherwise is either a liar or a moron. In Ben Bradley’s case, it’s plainly the latter (this is a person who argued for benefit claimants to have enforced vasectomies), but as far as Downing Street is concerned, it’s likely that Cummings is using Data Protection as part of his ongoing game of 3D chess with reality. The Government doesn’t care that the story isn’t true, they just want to keep Brexiters in a heightened state of annoyance and frustration.
The one thing that the ICO does have control over – and this has nothing to do with the EU – is the definition of direct marketing. Unless the government passes legislation that specifically defines what constitutes marketing (something neither Labour or the Tories have ever done), and until a court gives some definitive judgment on a definition, the meaning of ‘direct marketing’ and therefore the type of message you need consent for, has to be determined by someone. The current someone is the Information Commissioner. The ICO definition includes “the promotion of aims and ideals as well as advertising goods or services“. On this, the ICO has been consistent for more than a decade. Richard Thomas took action against all major political parties in the mid-2000s and won a Tribunal case against the Scottish National Party on the basis of this definition, so the idea that somehow Denham’s interpretation is some of kind of plot to undermine Brexit is just evidence of Cummings’ addiction to fake news and lack of attention to detail.
If you drill right down, the seed of the Mail story is on pages 22 and 23 of the draft code, where an example contrasts two different kinds of message from a GP practice. A neutrally-worded message about screening is not marketing, but a text advertising a flu jab clinic would be. To be honest, if I received texts from my GP practice telling me I was due for a cardio-vascular risk check, I would think of it as marketing and expect only to receive such texts with consent, but that’s an argument for a different blog. What the draft Direct Marketing Code is saying is what the ICO has been saying consistently for many years, but unlike the old Direct Marketing guidance, this time they have included public sector examples, of which the GP case is one.
I don’t know how we get from this example in the code to the government propaganda in the Mail – perhaps Downing Street is constantly scanning for opportunities to wind people up over Brexit and the EU. Given that the ICO fined Vote Leave, it’s possible that Cummings nurses a personal grudge against Denham, and so this might simply be a symptom of his wounded ego. It’s equally possible that the NHS isn’t happy that the ICO is turning its attention – at least in principle – to the large amount of marketing that it does under the false guise of public health messages. This could be NHS folk briefing the Mail to defend their ability to spam people about purely optional services.
My point is that the story is wholly without foundation. This isn’t an anti-Brexit plot, and the message that the ICO is sending shouldn’t be controversial. I don’t know about you, but the only messages I receive from my council about bin collection are an annual leaflet explaining how they work – an email would be useless as I would easily delete it, whereas I can put the leaflet on the fridge. Unlike Ben Bradley, I can’t get outraged about the cost of printing a leaflet that I actually need (but which wouldn’t meet the ICO definition of marketing if it was sent electronically). If you want the NHS to have carte blanche to send whatever messages they think we need to hear, get ready for an onslaught of digitised nanny state lectures about drinking, diet and exercise, your phone pinging like a pinball machine.
There will be a lot more of this. The pro-Brexit media / government cabal have to keep the pot boiling and Data Protection is something that many journalists and politicians are too stubborn to get to grips with, so it will be a handy target. It would be nice if there was a competent Commissioner who could put the case for sensible Data Protection. Instead we have Disaster Denham, with her record of one-sided enforcement against pro-Brexit campaigns and her obsession with Facebook and Cambridge Analytica which even her own office has had to admit had nothing to do with Brexit. The Mail gleefully picked on her huge salary, and they could just as easily focus on her expensive tastes in international travel and extending the ICO top table. If the government really does have Data Protection in its sights as Bradley suggests, it’s hard to imagine a worse defender than a profligate absentee who has cocked up nearly every big enforcement case she has touched. I’m not famed for being an optimist, but we have a government stupid and ideological enough to ruin Data Protection, and a Commissioner without the moral authority to stop them. Indeed, I’ll make a prediction – the GP examples are correct, and the ICO will cut them from the final version of the code in hopes of appeasing No 10.
Nevertheless, when you read this kind of nonsense in the Mail, remember to take it with a pinch of salt that definitely exceeds NHS guidelines.