Morocco: Adopted CNDP guidance for data controllers on direct promotion of goods and services using SMS, email, or any other means of communication that uses the same technology including opt-out requirement

On 1 February 2023, the National Commission for the Protection of Personal Data (CNDP) issued guidance for data controllers on the direct promotion of goods and services using SMS, email, or any other means of communication that uses the same technology. The guidance specifies that direct marketing messages, including SMS and emails, require prior consent unless the data are directly collected from the recipient through a prior sale of similar goods or services. Advertisers must ensure compliance with Law 09-08 on personal data protection, including facilitating the recipient’s right to opt out of solicitation messages. The guide also emphasises data security and confidentiality obligations, requiring agreements or rules to regulate processing activities. Violations may result in penalties, including imprisonment and fines, as per Article 59 of Law 09-08 on personal data protection.