Privacy and Electronic Communications Regulations Crib Sheet
What is PECR?
- Stands for Privacy and Electronic Communications Regulations.
- A UK law that governs electronic communications, including marketing (emails, texts, calls), cookies, and privacy.
- Works alongside UK GDPR to protect people's data and privacy in electronic communications.
What Does PECR Cover?
Marketing Communications:
- Consent is key: You must have explicit consent before sending marketing emails, texts, or making automated calls.
- Soft opt-in allowed: For existing customers, you can send marketing if they’ve bought from you recently, but you must give them an easy way to opt out.
Cookies & Tracking Technologies:
- Websites must inform users if they use cookies or similar technologies.
- You need to get consent from users before placing cookies, except for those strictly necessary for the site to function.
Live Marketing Calls:
- You can make marketing calls if people haven't opted out, but you must respect the Telephone Preference Service (TPS) list.
Automated Calls & Texts:
- You need consent before sending automated calls or texts (e.g., pre-recorded marketing messages).
Electronic Privacy:
- Protects against unwanted communications and applies to location data and traffic data in telecoms, making sure they’re handled securely.
Key Rules for Consent
- Consent must be freely given, specific, informed, and unambiguous.
- Users must actively opt in (e.g., ticking a box) and be able to withdraw their consent easily.
Who Does PECR Apply To?
- Businesses doing any form of electronic marketing (emails, calls, texts).
- Website operators using cookies or tracking technologies.
- Telecom companies processing communication data.
Enforcement & Penalties
- The ICO (Information Commissioner’s Office) enforces PECR.
- Fines for non-compliance can go up to £500,000.
- ICO can also issue warnings or require corrective actions for less serious breaches.
How PECR and UK GDPR Work Together
- PECR specifically covers electronic communications (marketing, cookies).
- UK GDPR handles broader personal data issues (processing, storage, rights).
- If you comply with PECR, you're usually in good shape with GDPR for electronic communications, but both must be followed.
Practical Tips
- Get clear consent for marketing and cookies.
- Provide an opt-out option for all marketing communications.
- Audit your website for cookie use and ensure you inform users properly.
- Check the TPS before making marketing calls.