Skip to content

What Are the Privacy and Electronic Communications Regulations?

Table of Contents

Whilst most businesses understand what the UK General Data Protection Regulation (the data protection law regime) is, many are not aware of the Privacy And Electronic Communications Regulations (PECR) and its rules. However, these rules are mandatory, and the consequences of breaching this law are severe. This article will explain what the Privacy and Electronic Communications Regulations are. 

Overview of the PECR

Most organisations know and have some understanding of the rules under the UK GDPR, which regulates the processing of personal data about living individuals. The UK GDPR sets out mandatory rules for you to follow when you process personal information about individuals. 

However, there needs to be more knowledge about the rules under the Privacy and Electronic Communications Regulations PECR. These rules set out various binding regulations to safeguard privacy rights regarding electronic communications and sit beside the UK GDPR rules. 

Compliance with PECR is mandatory. The rules cover various key issues, including rules on:

  • marketing texts, emails, faxes, and phone calls;
  • how organisations can use cookies and other similar technologies; and
  • keeping communications services secure and customer privacy regarding traffic and location data, itemised billing, line identification and directory listings. 

Organisations caught by these rules will need to comply with the PECR regime. 

Which PECR Rules Apply to Most Organisations?

PECR covers a range of rules. However, the following rules apply to most businesses:

1. Rules Around Direct Marketing Activities 

PECR sets out various rules about using electronic communications for direct marketing. Direct marketing means the targeting of advertising to specific individuals. PECR applies strict rules around using emails, texts and phone calls for direct marketing.

Compliance with PECR is mandatory. You will need to comply with the PECR rules if your business:

  • sends marketing emails or texts (e.g. emails about promotional offers); or
  • conducts telephone marketing calls (e.g. calls to individuals to promote your products or services).

Email marketing is an extremely popular tool for most businesses. PECR sets out different rules when sending marketing emails to:

  • Consumers, sole traders and non-LLP partnerships. Generally, you will need consent to send marketing communications to these individuals (unless the ‘soft-opt in’ exception applies, which allows you to send marketing emails to previous or existing customers who have not opted out of receiving those communications). 
  • Corporate recipients of emails. Under the PECR rules, you can send emails to ‘corporate subscribers’, i.e. companies and LLPs, without consent. The individual receiving the email at the corporate organisation should always have the right to unsubscribe.

You must also document the lawful basis for processing personal data under the UK GDPR. Also, you will need to have a valid, lawful reason to use the names and contact details of individuals for email marketing purposes. Therefore, you should note that there is some interplay between the UK GDPR and PECR rules. 

In practice, businesses often struggle to navigate the PECR rules around direct marketing. If your business sends email marketing to various types of customers (for example, both consumers and companies), understanding what you need to do to comply with the rules can be difficult. 

2. Rules Around the Use of Cookies 

PECR also sets out detailed rules around the use of cookies, for example:

  • PECR includes rules around businesses needing to obtain user consent to place cookies on their devices and offer clear and comprehensive information about using cookies. 
  • Under PECR (unless exceptional circumstances apply), you must tell individuals that you are using cookies and get their consent to use various types of cookies. In any event, the UK ICO (the data protection regulator) recommends providing cookie information to users as good practice. 
  • To comply with the PECR rules, organisations often publish a cookie policy. A cookie policy is a document that provides detailed information about cookies. The policy needs to explain various details about the different types of cookies a business uses and allow users to control and change their preferences around using cookies. It is vital that the information you provide to users is clear and comprehensive. 
  • It is important for your business to carry out a cookie audit to understand what cookies it uses and how they work. This can be a technical exercise, so it is common to involve website developers to assist with this process. 

Many businesses operate websites that use cookies, so an understanding of the PECR rules is crucial. 

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

What Are the Consequences of Breaching the PECR?

Breaching PECR is extremely serious, with fines for non-compliance of up to £500,000. Non-compliance sanctions also include criminal prosecution, enforcement action and audit powers. As such, you should ensure that you understand these rules and comply with them. 

Front page of publication
GDPR Essentials Factsheet

This factsheet sets out how your business can become GDPR compliant.

Download Now

Key Takeaways

PECR is an important and mandatory law that gives individuals certain privacy rights regarding electronic communications. Many businesses engage in direct marketing and use cookies and these activities are heavily regulated by this set of regulations. As such, it is vital to understand the legal rules under PECR and comply with them. 

If you need legal advice on your business’s compliance with the PECR, contact our experienced regulatory and compliance lawyers as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.  

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Sej Lamba

Sej Lamba

Read all articles by Sej

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards