[joelellis]

Specifically, section 2 ignores (The Privacy and Electronic Communications Regulations)[https://ico.org.uk/for-organisations/guide-to-pecr/what-are-...] and section 11 ignores (the consent part)[https://ico.org.uk/for-organisations/guide-to-data-protectio...] of GDPR, without giving a different lawful basis for data processing.

[chrismorgan]

That section 2 part is illegal in a lot of the world, and it’s not recent like GDPR. For Europe, PECR is from 2003. It’s illegal in Australia too since 2003: informed consent is required for such commercial messages, and merely being a customer is insufficient, it must be opt-in rather than opt-out (and that means you can’t even pretick a newsletter checkbox). (There used to be an excellent document outlining the legislation requirements at https://www.acma.gov.au/Industry/Marketers/Anti-Spam/Ensurin..., but that page seems to have disappeared recently with no obvious replacement.)