Recent amendments to proposed new legislation relating to data protection are likely to have positive implications for charities' marketing activities say Darryn Hale and Emma-Jane Dalley, partners at international law firm DAC Beachcroft.

Currently making its way through Parliament, the Data (Use and Access) Bill - commonly referred to as the DUA Bill - proposes significant changes to the UK’s data protection landscape. Those changes will require all organisations to take steps to ensure they are compliant with the new law before it comes into force later in 2025.

However, a recent amendment added to the DUA Bill will likely have positive implications for the charity and non-for-profit sector, and in particular make it easier for charitable organisations to send promotional communications.

This article explores the context of the changes, their implications for charities and the necessary steps to ensure compliance.

Current legislation in the UK - where are we now?

The UK’s data protection regime is primarily governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018), laws which set out the principles that organisations must follow when using personal data (i.e. any information from which living individuals can be identified). 

Alongside these, the Privacy and Electronic Communication Regulations (PECR) impose additional and specific obligations relating to electronic marketing communications sent to individuals. Marketing in this context specifically includes charities campaigning for support or funds, although excludes genuine market research (provided the research materials do not include any promotional material and/or involve the collection of personal data to be used for future research). 

PECR is strict in requiring explicit consent before sending marketing emails, text messages, or making automated calls. There is, however, an exception to this rule, known as the “soft opt-in”, which allows certain businesses to send marketing communications to individuals without prior explicit consent, provided specific conditions are met.

To date, charities have been expressly excluded from being able to rely on the soft opt-in and are therefore required to obtain explicit consent before sending electronic marketing communications. 

Extending the "soft opt-in" to charities 

The previous government proposed legislation which, among other things, would have extended the soft opt-in to charities. That legislation was not passed before the end of its tenure and the new government's proposed legislation, in the form of the DUA Bill, did not initially include a similar provision. This prompted significant lobbying and pressure from the sector, and as a result the DUA Bill now proposes the extension of the soft opt- to charities. Assuming the Bill becomes law with those proposals still included then charities would therefore be able to send electronic marketing messages to individuals without explicit consent, provided:

• The individual’s contact details were obtained in the context of a previous interaction with the charity (e.g. donating, volunteering or campaigning)

• The communication pertains to similar charitable activities or campaigns, and

• The individual has been given a clear opportunity to opt out of marketing when their details were collected, and in every subsequent message

This represents a significant opportunity for the sector, enabling organisations to communicate more effectively with their supporters while reducing the burden of obtaining explicit consent. However, charities must approach this change with caution, ensuring their use of the soft opt-in is compliant with both PECR and the UK GDPR.

Legal challenges and considerations

The key legal points to consider are:

Defining “similar activities”: Charities must ensure that any communication aligns with the definition of “similar activities” to those previously supported by the individual. For example, a donor who contributed to a wildlife conservation campaign may not expect to receive communications about unrelated causes such as homelessness unless explicitly stated.

Clarity in opt-out mechanisms: The legislation requires that charities provide a clear and simple opt-out mechanism in every communication. Failure to do so could lead to non-compliance and potential regulatory action, including monetary penalties.

Data accuracy and management: Maintaining accurate records of individuals’ engagement history is crucial. Charities must invest in robust data management systems to track donations, volunteering activities, and communication preferences.

Balancing UK GDPR obligations: While PECR governs electronic communications, charities must also comply with the UK GDPR, which emphasises transparency, accountability, and data minimisation. For instance, charities must clearly inform individuals about how their data will be used and ensure that communications are proportionate and relevant.

Avoiding over-reliance on the soft opt-in: While the soft opt-in provides a valuable tool for charities, it should not be seen as a substitute for building genuine, consent-based relationships with supporters where appropriate. In particular, it will be important not to overly stretch the soft opt-in – for instance where the last interaction with the individual was a long time ago. 

To leverage the benefits of the new soft opt-in provisions while ensuring compliance, charities should consider preparing for the changes well in advance in order to hit the ground running. This may include:

• Reviewing and identifying potential updates to privacy policies that reflect the changes in the law

• Assessing how best to track supporter interactions, preferences, and opt-out requests effectively

• Training staff and volunteers to ensure everyone involved in data collection and communication understands the new requirements and adheres to best practices, and

• Engaging legal expertise specialising in data protection and charity law to navigate complex scenarios and ensure full compliance

In the long term, the success of this legislative change will depend on how well charities adapt to the new provisions and integrate them into their operations. By understanding the implications of the legislation and taking proactive steps to ensure compliance, charities can harness the benefits of the soft opt-in while upholding the values of transparency, trust, and accountability that underpin their work.

For the charity sector, this is not just a legal obligation but an opportunity to demonstrate leadership in ethical data use and foster deeper engagement with the communities they serve.