Report comment

Both the DMA and the article are oversimplifying what is a complicated legal framework which needs to be considered on a case by case basis.

Yes, sometimes consent is the only legal basis relating to marketing if all others have been exhausted or are not feasible, however, there are also many nuances which mean if you build in data protection from the beginning its far easier then shoehorning it in after the fact. Its also incredibly important for people to realise that when referring to marketing activities, which the DMA are, then it may not just GDPR that is in play but PECR which brings with it other legal responsibilities to be navigated and therefore needs to be considered side by side.

The DMA are just as 'guilty' of giving poor advice to it members or not giving it in a timely fashion which meant poor advice went unchecked and unchallenged. Even the ICO found this out the hard way and had to start issuing GDPR Myths to help clear up and counteract the advice being seen in public.

Also, to the anon individual mentioning train companies using opt out not opt in - this is likely a method known as 'soft opt-in' and is perfectly legal if done correctly. Such statements, when not made clear, whether the company is acting correctly or not, only further hammer home the incorrect message that it is consent or nothing

Unfortunately the scaremongering that occurred in the build up to May 2018 meant confusion and those who shouted loudest about consent were heard first.