The word ‘sale’ appears in PECR, which is the applicable law for the foreseeable future, and it’s also in the dictionary. The courts frequently consult the OED to work these matters out, so I think that’s the best place to start. Many charities have already kicked around the notion that a donation is a sale (that went nowhere) and I’m aware that some universities argue that they sell their courses like any other product or service. 

As long as an organisation offers a product or service for sale to the person whose data they’re gathering, the soft opt-in is in play. I don’t believe that this applies to the college example, and I don’t believe it was intended to. 

Tim Turner
2040 Training
www.2040training.co.uk


On Thu, 15 Nov 2018 at 12:20, M Bryant <[log in to unmask]> wrote:
Thanks Tim, 

I'll take a look. Do the ICO cover their interpretation of a 'sale' anywhere and do we have any cases on soft opt-in that you could point us to? 

I suppose if that is the case, educational institutions like this would never be able to rely on soft opt-in. However, if they haven't already considered it prior to the sale it's probably a moot point anyway as it's unlikely their privacy notice is geared to such use nor are they likely to have given the subject an informed opportunity to opt out... 

Thanks, 



-- 

Murray  

On 15 Nov 2018 17:56, Tim Turner <[log in to unmask]> wrote:
I don’t think that’s quite true. Your advice is based on materials from the IAPP, which is neither a regulator or the most accurate source of information. Though the ICO isn’t always reliable, their guide to Direct Marketing is clear and I would say rules out this scenario altogether. I think following the regulator’s approach, especially given their enthusiasm for enforcement in this area, is the most sensible approach rather than ‘zero risk’. The risks of choosing IAPP training manuals is admittedly much higher.

Of course, any organisation might decide to say ‘we’ll do this unlawful thing because we’ll probably get away with it’, but that’s a very different conversation.

Tim Turner
2040 Training
www.2040training.co.uk
On Thu, 15 Nov 2018 at 00:46, M Bryant <[log in to unmask]> wrote:
Can't argue with Tim on that, that's the zero risk option. If you want to cut it any other way I think you'll be introducing risk, how much risk and whether or not it's worth it will be for your team to decide. 

Thanks, 


-- 

Murray 
mapsterling.com



All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)