ABSTRACT
This chapter considers the data protection issues that arise when non-targeted
promotions are undertaken. ‘Non-targeted’ in this context, is taken to mean a
promotion that does not involve the use of personal information. Nevertheless, any
promotion offers an opportunity to start to communicate the organisation’s policy on
data protection. Initially the appropriate message may simply be an indication that the
organisation takes seriously issues of confidentiality and security. In addition, data
protection statements can include important information required by data protection
law, such as the name of the party that controls the use of personal data. In most cases
this will be the advertiser, but not necessarily. The status of the organisation can affect
whether or not it is the ‘controller’ of personal information. Three roles have been
identified as relevant: product provider, intermediary and affinity advertiser. The data
protection implications for each when inviting prospective customers to contact them
for further product information are considered below.