DIFC Issues New Direct Marketing and Electronic Communications Guidelines

Laura Holden, Fiona Maclean, Brian Meenagh
Latham & Watkins LLP
Contact
LinkedIn
Facebook
X
Send
Embed

The DIFC guidelines provide practical guidance for DIFC-registered entities engaging in electronic direct marketing, including useful “dos” and “don’ts”.

What Do DIFC-Registered Entities Need to Know?

In January 2019, the Commissioner for Data Protection for the Dubai International Financial Centre (DIFC) issued new Direct Marketing and Electronic Communications Guidelines, aimed at DIFC-registered entities that collect and maintain personal data for electronic direct marketing purposes.

The document provides practical guidance on the rules relating to the collection, maintenance, and use of personal data for electronic direct marketing purposes set out in the Data Protection Law, DIFC Law No.1 of 2007 (DP Law), which is based on the (now superseded) UK Data Protection Act 1998 and EU Data Privacy Directive 1996. However, the guidelines also take into account the latest direct marketing requirements under the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Directive 2002, providing practical examples of “do’s” and “don’ts” for entities to consider. The guidelines also appear to leverage provisions from the October 2018 draft of the EC’s new e-Privacy Regulation (ePR) which is currently anticipated to come into force in 2021.

The guidance covers key topics for DIFC-registered entities, including:

  • Web-scraping and web mining
  • Consent and opt-in options
  • Third-party consent and indirect consent
  • Soft opt-in rules
  • Preference services
  • Cold-calling and telemarketing
  • Spam and suppression lists
  • Statistics and research

The DIFC highlights in the guidelines that, due to its historical reliance on UK and EU data protection and privacy principles, the guidelines should be read in conjunction with existing UK and EU guidance. The guidelines do not expressly identify the relevant UK and EU data protection and privacy guidance, but we would anticipate that it includes the UK Information Commissioner’s Office (ICO) Direct Marketing Guidance.

The DIFC may decide to issue further updates to its guidance following the ICO’s replacement of the Direct Marketing Guidance with the new direct marketing code of practice (that will address the aspect of the GDPR and the UK’s Data Protection Act 2018) and again when the delayed ePR comes into force.

In the meantime, the DIFC guidelines are a welcome addition from the Commissioner for Data Protection and should be read and adhered to by all DIFC-registered entities that engage in direct marketing and electronic communications with individuals.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Latham & Watkins LLP | Attorney Advertising

Written by:

Latham & Watkins LLP
Latham & Watkins LLP
Contact
more
less

Latham & Watkins LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide