PECR are the Privacy and Electronic Communications
Regulations, which are derived from European law, and complement the General
Data Protection Regulation (GDPR).
The purpose of the these regulations is to set out
more-specific privacy rights on electronic communications, recognising the new
risks to individuals’ privacy, with more widespread access to digital mobile
networks and the internet.
In time, the EU will replace the e-privacy Directive with
a new e-privacy Regulation, modernised to work alongside the GDPR. However, the
new Regulation is not yet agreed and for the time being, PECR continues to
apply alongside the GDPR.
The PECR provide more specific rules on:
Marketing calls, emails, texts and faxes
Cookies (and similar technologies)
Keeping communications services secure
Customer privacy as regards traffic and location
data, itemised billing, line identification, and directory listings
Therefore, if your activities include any of the above,
then the PECR affect you.
What does this mean for email marketing?
There are two types of situations which arise here. Using
corporate email addresses, and personal corporate email addresses.
Firstly, if marketing emails are sent to a corporate
email address which does not personally identify anyone, then the GDPR says
that this is ok. For example, a email@example.com
address does not personally identify anyone. However, if you receive an opt
out-request from this email, it is good practice to record it.
Secondly, there are corporate personally identifiable
emails. These email addresses, although belonging to a business, do identify an
individual. An example of this would be firstname.lastname@example.org. The
GDPR & PECR stipulates that for this situation you would need consent to
send marketing emails. Also you are legally obliged to act on requests to
remove such email addresses from marketing lists.
For further information of the PECR, please visit the ICO