PECR stands for Privacy and Electronic Communications Regulations. Its complete title is “The Privacy and Electronic Communications (EC Directive) Regulations 2003. It was promulgated by the UK Parliament; they implement European Directive 2002/58/EC, which is also known as “the e-privacy Directive”. More-specific privacy rights on electronic communications are settled by e-privacy Directive. It also complements the General Data Protection Regulation.
It has been observed that broad access to digital mobile networks and the internet have brought umpteen possibilities and opportunities for business and users. On the same time, it has also enlarged the privacy risk and cybercrimes.
PECR has altered been many times in the previous years. In 2018, it changed to ban cold-calling of claims management services and to halt the violation of marketing rules. In 2019, the sole purpose of alteration in e-Privacy was to ban cold-calling of pension schemes in certain circumstances. The latest version of PECR launched on 9 January 2019, to cover up the flaws made by GDPR on 25 May 2018. The current status of PECR is, EU is endeavouring to generate a new-e-privacy regulation to replace the old one to sit alongside the GDPR. But the new Regulation is not yet agreed. Please find the link to overlook the amendments took place in 2004, 2011, 2015, 2016, 2019 and 2019 on the ‘what we do’ section of our website.
PECR encourages marketing through an electronic mechanism such as calls, texts, emails and faxes. E-privacy also sheaths technologies like cookies and the use of cookies. These technologies track information who have the approach and accessing an electronic service or a website. Public electronic communications services’ security also comes under the PECR. Customers’ privacy by using communication networks or services known as traffic and location data, itemised billing, line identification services, and directory listings.
There are certain rules of PECR which are applied to specific organisations, especially to those who provide electronic communications network or service. But the terms and conditions get changed if you are not a network.
They both perform their functions; however, there is no way PECR gets replaced by GDPR, but it changes the underlying definition of consent. The rules which exist within PECR are being applied but by the GDPR’s standard of approval. It indicates that if you send any use of cookies, electronic marketing or similar technologies from 25 May 2018 onwards, you must comply with both PCR and the GDPR.
They both work for the same means, which is to protect the privacy of a person. If your standards are meeting with GDPR then they must meet standards of PECR. Nevertheless, there are specific differences which need to be followed with both of them. No matter you are processing your data, PECR will still apply to this. For example, companies get protected by multiple rules so as individuals. Whereas, marketing rules apply no matter you identify the person (you are in contact) with or not. Being a service or a network provider, you should know the rules and regulations associated with GDPR and PECR. Article 95 of the GDPR expounds, that GDPR does not apply where the PECR regime already exists. It is to shun duplication/replication, and further indicates that being a service or network provider you have to adhere with PECR rules. These rules will apply on, Security and security breaches, traffic data, location data, itemised billing and line identification services.
The question that arises here is, are there any exemptions exist? Some of the rules have built-in exemptions, so yes. Moreover, some other general exemptions can be applied to national security, law enforcement or compliance with other law.
Does compliance audit help?
If you are facilitating your customers with a service whether it is telecom or internet, conduct an inspection of your current security measures. This conduction of audit will remove doubts within you and your security policies by examining your effective policies and procedures and to what extent you are pursuing them. The audit refers to a general view, plays a vital role for many organisations and lastly enhances their understanding and meets their obligations. Inspections are needed when the level of risk increases. As a service provider, if a company selects you and sends you an invitation for audit. Your immediate response will create a good impression. But if you will not retort or any tardiness will encourage them to have an enforced mandatory examination. And then they will have an off-site inspection of your security procedures, policies and practices. Later on, you will be given a comprehensive report and executive summary. You will be allowed to ask any question regarding the audit. If in case you find any incomprehensible action of the team or their recommendation.
When anyone tries to breach PECR, ICO immediately takes effect and rescues PECR from an unauthorised person. Those actions include criminal prosecution, non-criminal enforcement and audit. For example, anybody gets caught, in that case, the Information Commissioner will issue a monetary penalty notice. It means enforcing a fine of £500,000, which can be issued against an organisation or its directors.
PECR does not define “electronic communications”; however, by the help of specific concepts and definitions rules are being applied in different ways. There are rules for everyone and everything, whether it is marketing messages, service providers and at last, communication providers. Every law on each aspect is applied and hence working accordingly. Although, the single concept of electronic communications strengthen the regulation. In other words, it can be said that the sharing of information between particular parties by using a phone line or internet connection, including phone calls, faxes, text messages, video messages, emails and internet messaging. The general information like the content of web pages or broadcast programming are excluded from this.
The idea of Public electronic communications network first discussed in the section of 151 of communication Act 2003. It was defined as “an electronic communications network provided wholly or mainly to make electronic communications services available to members of the public”. Whereas, in section 32, it was referred in several points,
In section 122(5) of the Data Protection Act 2018, Direct Marketing refers to, “the communication (by whatever means) of advertising or marketing material which is directed to particular individuals”. Direct marketing deals with all the aspects of marketing or promotional material, plus it also promotes the aims of non-profit organisations, such as supporting or funding a political party campaigning or charities. Genuine Marketing research cannot be regarded as direct marketing. But here is a condition, if the survey accumulates the details for future marketing campaigns or any promotional material, then this will be called direct marketing with all rules applied.
Phone, fax, email, or electronic mail of any kind, comes under the category of PECR marketing. On the contrary, there are different rules of live calls, automated calls, faxes and electronic mail. PECR marketing provisions are not applied to other sorts of marketing, named as mailshots or online advertising. It is crucial for you to meet your standards with the Data Protection Act and GDPR. For instance, you are using cookies or other technologies relevant to that, for advertisement, cookies’ provisions can apply.
Several rules of PECR are only exercised with unsolicited marketing messages; however, solicited marketing is not restricted. Solicited messages are highly requested; if a person requires some information, you can pass that information to that individual without fretting about PECR. But you have to inquire that individual, by asking for his identity, contact number or contact address. Unlike solicited messages, unsolicited messages are those who are not requested. Conditionally, if a customer yearns to receive marketing from you, it will be regarded as unsolicited marketing. If a Customer chooses “opt-in”, that reflects he is agreed to the future messages not as he is asking for a piece of information. As long as PECR is being complied, unsolicited messages can be sent, that is not unlawful.
Staying alert and responsible is imperative, so no matter someone sends information on your behalf, you both are responsible for complying with PECR. You are accountable in this act because those calls or messages are instigating by you. In case of any adversity, you will be taken into enforcement action, along with a specialist subcontractor for deliberately ignoring the rules. Consequently, there should be a written contract representing your contractor’s responsibilities, which you can exhibit in time of need. And your contractor will reimburse you for your lose in PECR breaches. Breaching of PECR means a great deal, for instance, despite being innocent your contractor puts you in enforcement action, through this contract you will be able to seek legal advice regarding such an unethical act. Repayment will not help because this will put your name in danger. Having a written contract with your contractor ties in with your contractual obligations under the GDPR.
Business-to-business marketing contains different rules. Individual marketing including sole traders and partnerships and company marketing encompasses different rules and regulations. However, marketing with companies is not that strict. For international marketing campaigns, you should know that many European countries’ laws are mostly like ours, based on PECR directives.
On the other hand, if you are messaging countries located outskirts of the UK, then you must adhere to their laws. Some companies have robust regulations in terms of marketing. For further guidance, you have to look forward to some legal advice if you desire to expand marketing campaign globally.
You must avoid making unsolicited calls, regulations of 21; 21A and 21B have all the stipulations of live marketing calls. Do not call to less interested customers, or who is reluctant to attend your requests. Don’t go for any registered number with TPS or CTPS, until and unless an individual has sanctioned to your calls specifically. TPS (Telephone Preference Service) carries those named individuals who are willing to receive live marketing calls. Similarly, CTPS is corporate TPS, which works for companies and other corporate bodies.
When it comes to pension schemes, the condition demands you to be a trustee, manager of a pension scheme or a firm authorised by the financial conduct authority. And the person should be agreed with your call. The regulation number 19 says all about rules on automated calls. It forbids automated marketing calls, mainly created by automated dialling system having a recorded message in it. Consented General marketing must cover automated calls.
Regulation 20 states everything about Fax Marketing; according to it, one must not send faxes to individuals, sole traders and some partnerships without their permission. Faxes should not be sent to even a company, a corporate body and a number registered with the FPS if they sound reluctant. Make sure your name, complete contact address and number are mentioned in the faxes. FPS refers to Fax Preference Service, provided only too keen customers. Faxes should just be sent to those who manifest some interest. In spite of the fact, you are permitted to send a fax to corporate bodies, but here, the condition demands that particular corporate body’s number should not be registered on the FPS or your faxes haven’t been objected by them in the past. Display B2B fax lists against the FPS. And do not forget, you have your list of “do not fax” of any businesses, especially those who are not agreed or opt-out and also to screen it against FPS.
Electronic mail marketing regime applies when messaging directly via social media for marketing purpose. PECR sets no separate rules for display or banner ads marketing. On the contrary, Cookies have some specific rules, implemented to profile users and target behavioural advertising. You need to comply with the Data Protection Act and the GDPR if using your data. Moreover, PECR does not promote marketing by post, but in case you are targeting individuals, the Data Protection Act and GDPR should comply.
Other than marketing with electronic means, PECR contains the privacy of communications networks’ or services customers but also the provisions related to the security of public electronic communications services. A few rules are applied to service providers. However, others involve more widely. Such as, the directories provision implement only those organisations that desire to compile a telephone, fax or an email directory.
Tags: communication regulations, communications act 2003 summary, data protection act email marketing, data protection act marketing, data protection and marketing, dcms pecr consultation, direct marketing data protection, direct marketing definition pecr, direct marketing guidelines, direct marketing ico, direct marketing laws, direct marketing rules, direct marketing uk, directive on privacy and electronic communications, do you want to see my pecr site youtube.com, dpa mail, electronic communications regulations pecr, email marketing rules uk, email opt in laws uk, email privacy laws uk, european directive 2002 58 ec, gdpr and pecr, gdpr direct marketing, gdpr pecr cookies, gdpr postal marketing, guide laws uk, how much pecr, ico direct marketing pecr, ico guide to direct marketing, ico guide to pecr, ico pecr, ico pecr cookies, ico pecr direct marketing checklist, marketing gdpr and pecr, marketing gdpr pecr, pecr, pecr 2018, pecr 2019, pecr and gdpr email marketing, PECR Assessment, PECR Assessment cost, PECR Assessment program, PECR Audit, PECR Audit cost, PECR Audit program, pecr b2b, pecr b2b email marketing, pecr business to business, pecr changes, pecr cookies, pecr cookies section, pecr corporate subscriber, pecr direct marketing, pecr fines, pecr ireland, pecr legislation, pecr pdf, pecr push notifications, pecr regulates the use of cookies and other online identifiers, pecr regulation 22, pecr regulations, pecr soft opt in, pecr telephone marketing, pecr text, pecr uk, pecr wiki, pecr tracking, privacy and electronic communications, privacy and electronic communications act, privacy and electronic communications ec directive regulations pecr 2003, privacy and electronic communications regulations, privacy and electronic communications regulations 2003, privacy and electronic communications regulations 2003 pecr, privacy and electronic communications regulations pecr, privacy and electronic communications regulations pecr act 2011, privacy directive, privacy legislation uk, regulated by pecr, regulation e wiki, soft opt in pecr, soft opt in under pecr, soft opt out pecr, text message privacy laws uk, uk electronic communication act, what is pecr, honda and pecr, 80 pecr, pecr gene, pecr c elegans, pecr amendments, pecr acronym, hotel pecr, dpa rules, electronic communications regulations, pecr and gdpr, privacy act uk, privacy laws uk