Direct Marketing Under Data Protection Law - Part 2 (EU)

Updated: May 20, 2020

In Part 1 of this three-part mini series, I considered the regulation of Direct Marketing in South Africa under the Protection of Personal Information Act 4 of 2013 (“the POPIA”). In Part 2, I will discuss the position under the European Union’s General Data Protection Regulation (“GDPR”), as well as Recommendations and Guidelines from international Data Protection Authorities. Finally, in Part 3, I will compare and contrast the regulation of Direct Marketing between South Africa’s POPIA and the European Union's GDPR.

What does Direct Marketing mean in the context of data protection law?

According to the International Association of Privacy Professionals (IAPP), from an EU perspective:

direct marketing can be defined as personal data processed to communicate a marketing or advertising message.

This definition includes messages from commercial organisations, as well as from charities and political organisations.

How is Direct Marketing Regulated under the GDPR?

Direct marketing is regulated in an indirect manner under the GDPR - what I mean by this is that there is no specific section of the GDPR dedicated to Direct Marketing. Rather, Direct Marketing is considered under a right to object in Article 21, and is mentioned in Recitals 47 and 70 - all of which are covered in turn below.