pecr pdf

PECR | Seers Article

PECR stands for Privacy and Electronic Communications Regulations. Its complete title is “The Privacy and Electronic Communications (EC Directive) Regulations 2003.

It was promulgated by the UK Parliament; they implement European Directive 2002/58/EC, which is also known as “the e-privacy Directive”.

More-specific privacy rights on electronic communications are settled by the e-privacy Directive. It also complements the General Data Protection Regulation.

It has been observed that broad access to digital mobile networks and the internet have brought umpteen possibilities and opportunities for business and users.

At the same time, it has also enlarged the privacy risk and cybercrime.

Alterations and Clarifications

PECR has altered been many times in the previous years. In 2018, it changed to ban cold-calling of claims management services and to halt the violation of marketing rules.

In 2019, the sole purpose of alteration in e-Privacy was to ban cold-calling of pension schemes in certain circumstances. The latest version of PECR launched on 9 January 2019, to cover up the flaws made by GDPR on 25 May 2018.

The current status of PECR is, EU is endeavouring to generate a new-e-privacy regulation to replace the old one to sit alongside the GDPR. But the new Regulation is not yet agreed.

Please find the link to overlook the amendments that took place in 2004, 2011, 2015, 2016, 2019 and 2019 on the ‘what we do’ section of our website.

Areas which PECR covers

PECR encourages marketing through an electronic mechanism such as calls, texts, emails, and faxes. E-privacy also sheaths technologies like cookies and the use of cookies.

These technologies track information who have the approach and accessing an electronic service or a website. Public electronic communications services’ security also comes under the PECR.

Customers’ privacy by using communication networks or services known as traffic and location data, itemised billing, line identification services, and directory listings.

There are certain rules of PECR which are applied to specific organisations, especially to those who provide electronic communications network or service. But the terms and conditions get changed if you are not a network.

  • Market by phone, email, text or fax;
  • use cookies or similar technology on your website;
  • compile a telephone directory (or a similar public directory)

PECRHow PECR fits with GDPR

They both perform their functions; however, there is no way PECR gets replaced by GDPR, but it changes the underlying definition of consent. The rules which exist within PECR are being applied but by the GDPR’s standard of approval.

It indicates that if you send any use of cookies, electronic marketing or similar technologies from 25 May 2018 onwards, you must comply with both PCR and the GDPR.

They both work for the same means, which is to protect the privacy of a person. If your standards are meeting with GDPR then they must meet standards of PECR. Nevertheless, there are specific differences that need to be followed by both of them.

No matter you are processing your data, PECR will still apply to this. For example, companies get protected by multiple rules so as individuals. Whereas, marketing rules apply no matter you identify the person (you are in contact) with or not.

Being a service or a network provider, you should know the rules and regulations associated with GDPR and PECR. Article 95 of the GDPR expounds, that GDPR does not apply where the PECR regime already exists.

It is to shun duplication/replication, and further indicates that being a service or network provider you have to adhere to PECR rules. These rules will apply on, Security and security breaches, traffic data, location data, itemised billing, and line identification services.

The question that arises here is, are there any exemptions that exist? Some of the rules have built-in exemptions, so yes.

Moreover, some other general exemptions can be applied to national security, law enforcement or compliance with other law.

PECR Privacy refers to the privacy laws and regulations under the PECR. 

Whereby, the PECR itself stands for the Privacy and Electronic Communications Regulations. The Privacy and Electronic Communications Regulations are the short forms to the Privacy and Electronic Communications (EC Directive) Regulations 2003.

They are derived from European law. They implement European Directive 2002/58/EC, which is also known as the ‘ e-privacy Directive’.

The PECR Privacy entails privacy provisions for data subjects and the organisations collecting data to enhance the privacy of individuals online through the use of better cookie policies, web banners and more. Privacy and Electronic Communications Regulations include:

  • Policies regarding marketing communication
  • Use of information for market research 
  • Guidelines for the providers of electronic communication services
  • Ensuring customer privacy online wherever possible
Pros Cons
Allows a better assurance of the privacy of the individuals. Does not apply to individuals outside of the EU’s jurisdiction
Helps in the provision for a basic guideline to marketers and businesses on what can and can not be done under the law Needs understanding and policy enforcement in each organisation
Limits the scope of unwanted communication
Allows restriction of communication that an individual chooses not to adhere to

Does compliance audit help?

If you are facilitating your customers with a service whether it is telecom or internet, conduct an inspection of your current security measures.

This conduction of audit will remove doubts within you and your security policies by examining your effective policies and procedures and to what extent you are pursuing them.

The audit refers to a general view, plays a vital role for many organisations and lastly enhances their understanding and meets their obligations. Inspections are needed when the level of risk increases. As a service provider, if a company selects you and sends you an invitation for audit.

Your immediate response will create a good impression. But if you will not retort or any tardiness will encourage them to have an enforced mandatory examination. And then they will have an off-site inspection of your security procedures, policies, and practices.

Later on, you will be given a comprehensive report and executive summary. You will be allowed to ask any questions regarding the audit. If in case you find any incomprehensible action of the team or their recommendation.

PECR and ICO’s (information commissioner’s office) action of enforcement

When anyone tries to breach PECR, ICO immediately takes effect and rescues PECR from an unauthorised person. Those actions include criminal prosecution, non-criminal enforcement, and audit.

For example, anybody gets caught, in that case, the Information Commissioner will issue a monetary penalty notice. It means enforcing a fine of £500,000, which can be issued against an organisation or its directors.

Electric Communications

PECR does not define “electronic communications”; however, with the help of specific concepts and definitions rules are being applied in different ways.

There are rules for everyone and everything, whether it is marketing messages, service providers and at last, communication providers. Every law on each aspect is applied and hence working accordingly.

Although, the single concept of electronic communications strengthens the regulation.

In other words, it can be said that the sharing of information between particular parties by using a phone line or internet connection, including phone calls, faxes, text messages, video messages, emails, and internet messaging.

The general information like the content of web pages or broadcast programming is excluded from this.

Public Electronic communications network

The idea of a public electronic communications network first discussed in the section of 151 of the communication Act 2003.

It was defined as “an electronic communications network provided wholly or mainly to make electronic communications services available to members of the public”.

Whereas, in section 32, it was referred in several points,

  • “a transmission system for the conveyance, by the use of electrical, magnetic or electromagnetic energy, of signals of any description; and”
  • Much of the following as are used, by the person providing the system and in association with it, for the conveyance of the signals—
  • Apparatus comprised in the system;
  • Apparatus used for the switching or routing of the signals;
  • Software and stored data; and
  • (Except for sections 125 to 127) other resources, including network elements which are not active.”

Direct marketing?

In section 122(5) of the Data Protection Act 2018, Direct Marketing refers to, “the communication (by whatever means) of advertising or marketing material which is directed to particular individuals”.

Direct marketing deals with all the aspects of marketing or promotional material, plus it also promotes the aims of non-profit organisations, such as supporting or funding a political party campaigning or charities.

Genuine Marketing research cannot be regarded as direct marketing. But here is a condition, if the survey accumulates the details for future marketing campaigns or any promotional material, then this will be called direct marketing with all rules applied.

Kinds of Electronic Marketing

Phone, fax, email, or electronic mail of any kind, comes under the category of PECR marketing. On the contrary, there are different rules of live calls, automated calls, faxes, and electronic mail.

PECR marketing provisions are not applied to other sorts of marketing, named as mailshots or online advertising.

It is crucial for you to meet your standards with the Data Protection Act and GDPR. For instance, you are using cookies or other technologies relevant to that, for advertisement, cookies’ provisions can apply.