General Data Protection Regulation

300+ Responses To ICO’s Draft GDPR Guidance

Back in March 2017, the ICO (Information Commissioner’s Office) published draft guidelines on the new European Union’s General Data Protection Regulations. This was essentially its interpretation of “consent”. As part of the draft guidelines, the Information Commissioner’s Office ran a public consultation to get feedback on the draft guidance. Today sees the consultation closed. In a blog on the ICO’s website, interim head of policy and engagement Jo Pedder says:

“I previously announced back in early March that we were running a public consultation on our first piece of detailed, topic-specific GDPR guidance as we were interested in gaining your feedback on our draft.

“The consultation is now closed and we received more than 300 responses from organisations across a variety of sectors, along with interested members of the public.

“Thank you very much to everyone who took the time to provide us with their views.

“The hard work of analysing the feedback is under way and this will feed into the final version of the guidance. We will also be taking into account any guidelines on consent that may be issued by relevant European authorities.”

Whilst it’s not clear who exactly has provided feedback to the Information Commissioner’s Office, one thing is clear, much of it will have been about the issue of consent under GDPR. Under the new General Data Protection Regulations introduced by the European Union and which all countries currently in the UK will have to comply with by May 2018, the concept of consent is being strengthened with a number of new rules that will require organisations to be much more transparent.

Some organisations have already gone public with their criticisms of the Information Commissioner’s Office’s interpretation of consent under GDPR. Both the Direct Marketing Association and the Institute of Fundraising have said that their interpretation could negatively impact charities in a significant way.

The Direct Marketing Association argues that the ICO have incorrectly interpreted GDPR and that the this will adversely affect charities and other organisations and businesses. “The potential impact of the implied ban on opt-out consent could be significant for many businesses, but particularly those in the third sector.”

The Institute of Fundraising have called for much clearer guidance on the issue:

“We believe that the consent guidance, particularly in relation to direct marketing purposes, must be more strongly and explicitly joined up with other legal conditions for processing personal data, and have more practical and illustrative examples. While it is useful to include links to other documents and resources, we are concerned that this creates a fragmented approach, which could lead to people understanding one strand of the GDPR rather than the whole.”
The National Council for Organisations have also raised the issue of consent with the NCVO’s head of policy and public services Elizabeth Chamberlain commenting in a blog on their website that  “…the current draft [of the guidance] does not provide a clear distinction or explanation between what the ICO will require as a matter of legal compliance, and what instead the ICO recommends as good practice”.

Add comment