Most recently, amendments to the draft data protection directive, which aims among other things to require explicit consent before marketers can process individuals’ data, have included an attack on the practice of pre-ticked permission boxes assuming consent. If the law passes in its current form and is enforced accordingly, the Direct Marketing Association says it will “severely restrict” DM – and in its current form that would be true.

But brands might be more optimistic if they look back at what happened with the implementation of the so-called ‘cookie law’, which requires consent before websites can use cookie files to remember users’ online preferences or track their behaviour. After dire warnings that it would fatally hamstring the online advertising industry, the final law was just vague enough to allow individual countries room for interpretation.

In the UK, the Information Commissioner’s Office allowed website owners a year’s grace before enforcing the law and even made an 11th-hour declaration before doing so that getting ‘implied consent’ would be considered sufficient. In other words, for now at least, all companies have to do is tell users that if they carry on using a website, it’s assumed that they consent to the use of certain cookies.

There’s good reason to believe that a similar course could be taken again, and that the UK will once more end up with a solution that doesn’t severely impact on businesses’ ability to send marketing communications but still pays lip service to privacy campaigners in Brussels. UK governments of different colours have consistently advocated a pro-business line on topics of data privacy.

What the current Government will certainly want to avoid is the UK replicating the situation in Germany. There, recipients of commercial emails must confirm after signing up to a list that they had indeed intended to do so. The original legal advice had been that an email with a confirmation link – known as the “double opt-in” – is a suitable way of getting this consent.

But a court in Munich threw this into confusion in November 2012 by ruling that a company’s confirmation email was a commercial message and could not, itself, be sent without explicit permission.

This state of affairs, where brands are in a catch-22 and sending out direct marketing becomes a regulatory risk by its nature, will hopefully not happen here. Instead we could end up with something similar to the inelegant but unavoidable cookie notifications that now appear on UK-based websites.

Even if that’s the case, however, it makes sense to plan for all eventualities.

Is your work with data worthy of industry recognition? If so, you should be entering the data-driven marketing category at Marketing Week’s Engage Awards 2013.

Click here to submit your entry.