PECR are the Privacy and Electronic Communications Regulations, which are derived from European law, and complement the General Data Protection Regulation (GDPR).
The purpose of the these regulations is to set out more-specific privacy rights on electronic communications, recognising the new risks to individuals’ privacy, with more widespread access to digital mobile networks and the internet.
In time, the EU will replace the e-privacy Directive with a new e-privacy Regulation, modernised to work alongside the GDPR. However, the new Regulation is not yet agreed and for the time being, PECR continues to apply alongside the GDPR.
The PECR provide more specific rules on:
- Marketing calls, emails, texts and faxes
- Cookies (and similar technologies)
- Keeping communications services secure
- Customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings
Therefore, if your activities include any of the above, then the PECR affect you.
What does this mean for email marketing?
There are two types of situations which arise here. Using corporate email addresses, and personal corporate email addresses.
Firstly, if marketing emails are sent to a corporate email address which does not personally identify anyone, then the GDPR says that this is ok. For example, a firstname.lastname@example.org address does not personally identify anyone. However, if you receive an opt out-request from this email, it is good practice to record it.
Secondly, there are corporate personally identifiable emails. These email addresses, although belonging to a business, do identify an individual. An example of this would be email@example.com. The GDPR & PECR stipulates that for this situation you would need consent to send marketing emails. Also you are legally obliged to act on requests to remove such email addresses from marketing lists.
For further information of the PECR, please visit the ICO website.