Privacy and Electronic Communications Regulations Crib Sheet

What is PECR?

  • Stands for Privacy and Electronic Communications Regulations.
  • A UK law that governs electronic communications, including marketing (emails, texts, calls), cookies, and privacy.
  • Works alongside UK GDPR to protect people's data and privacy in electronic communications.

What Does PECR Cover?

  1. Marketing Communications:

    • Consent is key: You must have explicit consent before sending marketing emails, texts, or making automated calls.
    • Soft opt-in allowed: For existing customers, you can send marketing if they’ve bought from you recently, but you must give them an easy way to opt out.
  2. Cookies & Tracking Technologies:

    • Websites must inform users if they use cookies or similar technologies.
    • You need to get consent from users before placing cookies, except for those strictly necessary for the site to function.
  3. Live Marketing Calls:

    • You can make marketing calls if people haven't opted out, but you must respect the Telephone Preference Service (TPS) list.
  4. Automated Calls & Texts:

    • You need consent before sending automated calls or texts (e.g., pre-recorded marketing messages).
  5. Electronic Privacy:

    • Protects against unwanted communications and applies to location data and traffic data in telecoms, making sure they’re handled securely.

Key Rules for Consent

  • Consent must be freely given, specific, informed, and unambiguous.
  • Users must actively opt in (e.g., ticking a box) and be able to withdraw their consent easily.

Who Does PECR Apply To?

  • Businesses doing any form of electronic marketing (emails, calls, texts).
  • Website operators using cookies or tracking technologies.
  • Telecom companies processing communication data.

Enforcement & Penalties

  • The ICO (Information Commissioner’s Office) enforces PECR.
  • Fines for non-compliance can go up to £500,000.
  • ICO can also issue warnings or require corrective actions for less serious breaches.

How PECR and UK GDPR Work Together

  • PECR specifically covers electronic communications (marketing, cookies).
  • UK GDPR handles broader personal data issues (processing, storage, rights).
  • If you comply with PECR, you're usually in good shape with GDPR for electronic communications, but both must be followed.

Practical Tips

  • Get clear consent for marketing and cookies.
  • Provide an opt-out option for all marketing communications.
  • Audit your website for cookie use and ensure you inform users properly.
  • Check the TPS before making marketing calls.