Although not local - take note of what consent means when you want to use Personal Information for Direct Marketing - the same principle/condition will apply in the RSA as well:
The First-tier Tribunal has
upheld the Information Commissioner’s enforcement notice requiring Optical
Express (Westfield) Limited (Optical Express) to stop sending unsolicited
marketing texts, in contravention of section 22(2) of the Privacy Regulations 2003
(as amended), to individuals whose details were obtained under data supplier
agreements.
Case: Optical Express used
personal data provided by a number of suppliers, including Thomas Cook, to send
text messages marketing its laser eye surgery. The Information Commissioner
received 7506 complaints from individuals about this. Optical Express argued,
among other things, that if their suppliers agreed in their contracts to only
supply "consented data" that should be sufficient proof of consent.
Brian Kennedy QC disagreed, " ... when consent was obtained by Thomas Cook
or whomever, it was not stipulated (or at least it has not been shown to have
been stipulated) that the personal data would be processed by OE. Neither was
the marketing of specific types of products stipulated ... This falls under the
"to guarantee fair processing" category. If the data subject doesn't
know what other products might be marketed then how can he exercise his right
to object to some of them whilst being happy to receive others?" In failing
to obtain "proper, fully informed and specific consent", Optical
Express had not met the requirements of regulation 22(2)