The General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR) are two sets of rules that govern data protection and electronic marketing communications in the UK.
PECR was introduced in 2003 and updated in 2011, while GDPR came into effect in 2018, replacing the Data Protection Act 1998.
Their full title of PECR is The Privacy and Electronic Communications (EC Directive) Regulations 2003 which is derived from European law. PECR implement European Directive 2002/58/EC, also known as ‘the e-privacy Directive’.
The Information Commissioner’s Office (ICO) publish a Guide to Privacy and Electronic Communications Regulations.
Consent and opt-in
One of the key principles of both GDPR and PECR is that marketers must obtain the consent of individuals before processing their personal data or sending them electronic marketing messages. This means that individuals must actively opt-in to receive marketing messages and must be given the opportunity to easily opt-out of receiving future messages. Examples of electronic marketing messages include emails, text messages, and direct messages on social media platforms.
Cookies and online tracking
There are two exemptions which apply where:
- the cookie is for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or
- the cookie is strictly necessary to provide an ‘information society service’ (eg a service over the internet) requested by the subscriber or user. Note that it must be essential to fulfil their request – cookies that are helpful or convenient but not essential, or that are only essential for your own purposes, will still require consent.
Direct marketing is a type of marketing that involves sending messages directly to individuals, such as through email or direct mail. GDPR and PECR require that individuals are given the opportunity to opt-out of receiving direct marketing messages, and that marketers must stop sending messages to individuals who have opted-out. The regulations also prohibit the use of pre-ticked boxes or other forms of consent that are automatically applied to individuals.
The concerns section of the ICO website contains more information on when and how individuals can report their concerns to the ICO.
If someone complains about your electronic marketing (eg spam calls or texts), cookies or other privacy issues regarding electronic communications, we will record and review their concerns, and we may investigate your compliance with PECR. If we decide it is likely you have failed to comply with PECR or other data protection legislation, we may ask you to take steps to remedy this and avoid similar complaints in future. If appropriate, we may decide to take enforcement action.Guide to PECR ICO
Enforcement and penalties
Both GDPR and PECR are enforced in the UK by the Information Commissioner’s Office (ICO). The ICO has the power to investigate and take enforcement action against organisations that breach the regulations, including imposing fines and other penalties.
GDPR and PECR are important sets of regulations that govern data protection and electronic marketing communications in the UK.
Failure to comply with GDPR and PECR can result in significant fines and other penalties, so it is essential for organizations to ensure they are following the regulations carefully.
We recommend you should always seek formal legal advice if required, from a qualified and reputable lawyer (solicitor or barrister).
Read our review of Gavin Howe Barrister
- Senior President of TribunalsThe Senior President of Tribunals is the independent and statutory leader of the tribunal judiciary. The office of the Senior… Read more: Senior President of Tribunals
- Solicitor GeneralThe Solicitor General is the second law officer of the Crown in the United Kingdom, after the Attorney General. The… Read more: Solicitor General
- R v Sussex Justices“It is not merely of some importance but is of fundamental importance that justice should not only be done, but… Read more: R v Sussex Justices
- What is Section 35 ABCP Act 2014 ?Section 35 of the Anti-Social Behaviour, Crime and Policing Act 2014 grants police officers the power to direct a person… Read more: What is Section 35 ABCP Act 2014 ?