I believe direct marketing is one of the most popular topics within data privacy field (of course not counting AI). Often, businesses and professionals focus primarily on the GDPR, particularly Recital 47, which allows direct marketing based on “legitimate interest”. This reliance on a broad interpretation of GDPR overlooks the reality that each EU Member State has its own specific regulations and requirements, particularly for consent and consumer privacy protections in direct marketing practices.