CAP Code updates rules on use of data for marketing
Promoters will need to be more vigilant in their administration of sales promotions, thanks to recent changes to the UK Code of Non-broadcast Advertising, Sales… Read more
Notice: Undefined variable: people_info_class in /home/kemplittle/test.kemplittle.com/wp-content/themes/kemplittle/single.php on line 210
Promoters will need to be more vigilant in their administration of sales promotions, thanks to recent changes to the UK Code of Non-broadcast Advertising, Sales Promotion and Direct Marketing (CAP Code).
After industry consultation, the Committee of Advertising Practice (CAP) introduced amendments to the CAP Code in March 2019 to ensure that it aligns with the General Data Protection Regulation (EU 2016,679, GDPR) and the Data Protection Act 2018. These amendments relate to the way promoters announce major prize winners and how they process personal information about children under 13.
[The CAP Code is the rule book for non-broadcast advertisements, sales promotions and direct marketing communications in the UK, and is created, revised and enforced by CAP and administered by the Advertising Standards Authority (ASA). CAP’s member organisations represent a range of media, advertising, sales promotion and direct marketing businesses. By being members of these CAP member organisations, or though contractual relationships with media businesses, these advertisers, promoters and marketers agree to comply with the CAP Code in relation to their marketing communications.]
Marketing to children
The CAP Code has been amended to increase the minimum age for a child to consent to the use of their personal data for marketing from 12 to 13 years of age, in order to align with GDPR. In relation to processing personal data of children under 13 years of age on the basis of consent, the CAP Code now makes a distinction between purposes for which the processing is to be done:
- For online services, such personal data can only be processed if the marketer has verifiable parental consent; and
- For all other marketing purposes, parental consent is not necessary if the marketer can show compelling reasons for relying on the child’s consent and that they have had particular regard to the child’s privacy rights.
Naming major prize winners
The other significant amendment to the CAP Code relates to the publication of details of major prize winners. Until this amendment, promoters/agencies had to seek an entrant’s consent to publicity at the time of entry. However, this rule raised several issues under GDPR, especially in relation to withdrawable consent and the prescriptive nature of the basis for processing. To address these points, CAP updated the relevant rule in the CAP Code so that promoters must either publish (or make available on request) proof that the award took place (such as the surname and country of major prize winners and/or their winning entry).
To strike the balance between demonstrating that a prize has been awarded and minimising any personal data to be published/provided, rule 8.25.5 of the CAP Code now also provides that promoters must:
- notify entrants if they intend to publish or make available information about the major prize winner/the winning entry, so that the entrants may object to such publication or request a more limited scope of information to be made public; and
- if the promotion is challenged, supply the above information to the ASA, regardless of the prize winner’s objection.
- not prejudice the privacy of prize winners by the publication of personal information, and the CAP Code expressly acknowledges that promoters must always comply with any overarching legal requirements not to publish certain personal information.
The updates to the CAP Code set out above took effect on 25 March 2019.
Share this blog
Kay-Anne van Zyl is a commercial technology senior associate (NZ qualified)
Share this Blog
- Adtech & martech
- Artificial intelligence
- Cloud computing
- Complex & sensitive investigations
- Cryptocurrencies & blockchain
- Data analytics & big data
- Data breaches
- Data rights
- Digital commerce
- Digital content risk
- Digital health
- Digital media
- Digital infrastructure & telecoms
- Emerging businesses
- Financial services
- KLick DPO
- Open banking
- Software & services