The Advertising Association promotes the role and rights of responsible advertising and its value to people, society, businesses and the economy. We represent UK advertisers, agencies, media owners and tech companies on behalf of the entire industry, acting as the connection between industry professionals and the politicians and policy-makers.

A A A

The Advertising Association focuses on major industry and policy areas that have huge ramifications on UK advertising. This section contains our work around Brexit, HFSS and gambling advertising, data and e-privacy, trust, the digital charter and our Industrial Strategy campaigns.

Credos is the advertising industry’s independent think tank. It produces research, evidence and reports into the impact and effectiveness of and public and political response to advertising on behalf of UK advertisers in order to enable the industry to make informed decisions.

Front Foot is our industry’s member network of over 50 businesses across UK advertising. It aims to promote the role of responsible advertising and its value to people, society and the economy through a coalition of senior leaders from advertisers, agencies and media owners.

We run a number of events throughout the year, from our annual LEAD summit to the Media Business Course and regular breakfast briefings for our members. We are also the official UK representative for the world’s biggest festival of creativity – Cannes Lions.

Data Regulations

/ February 5th 2019
Data and E-Privacy

In the UK, the key regulations* that govern data protection are the General Data Protection Regulation (GDPR), the UK’s Data Protection Act (2018) and the Privacy and Electronic Communications Regulations, also known by its abbreviation PECR. The UK’s regulator for data protection is the Information Commissioner’s Office (ICO).

It is worth highlighting that the EU’s Privacy & Electronic Communications Directive (2002), or e-Privacy Directive for short and which PECR is based on, is in the process of being revised to become the e-Privacy Regulations, taking into consideration the changes introduced by GDPR. Even though the UK will leave the EU, the e-Privacy Regulation will have a bearing on UK organisations if they are handling EEA citizens’ data. Like GDPR, the new e-Privacy regulations will have extra-territorial reach.

We thought it would be useful to include links to the California Consumer Privacy Act (CCPA), which came into force on 1 January 2020. The legislation is similar in scope to the GDPR but is the most extensive shake up in consumer data protection laws in the US. There are already moves to implement a privacy law at the Federal level. Like the EU laws, they will also have extra-territorial reach.

EU regulations 

UK Legislation

  • Data Protection Act 2018 – Sets the UK standards for protecting general data, in accordance with the GDPR but it also ensured that the UK had a operable data protection framework after Brexit.
  • The Privacy and Electronic Communications Regulations (PECR) (2003) – This regulation is a UK transposition of the EU e-Privacy Directive (2002). Please note that the 2003 legislation is the original statutory instrument, there have been subsequent revisions since then.
  • Information Commissioner’s Office Direct Marketing Code of Practice (draft for consultation) – this draft code applies to anyone who processes personal data for direct marketing purposes. It explains the law and provides good practice recommendations for those conducting direct marketing and those who participate in the broader direct marketing ecosystem. The code is undergoing public consultation until 4 March 2020 and is expected to be finalised later in the year.

US Regulations

Key Regulatory Bodies

UK’s Information Commissioner’s Office

European Data Protection Board (EDPB) –  The EDPB is composed of representatives of EEA national data protection authorities and the European Data Protection Supervisor. It is established by the GDPR and is based in Brussels.

Federal Trade Commission (FTC) – Unlike Europe, the US does not have a specific data protection authority. Instead the FTC has very broad powers which cover consumer data protection.

*For in depth legal advice please visit the ICO website or consult a legal professional.