What is PECR and why you should care?

What is PECR?

The Privacy and Electronic Communications Regulation (PECR), known as 'E -privacy directive,' is a law in the United Kingdom that emphasizes electronic marketing channels (call, text, emails, cookies, etc.), giving people certain rights to protect their personal data.

Need for PECR

- Privacy: With the upcoming era of Technology, many apps capture customers' personal data that can be used in the wrong ways by different people.PECR protects customer's data giving them privacy to work freely.

- Rules: PECR gives rules ( regarding access to customer details ) to the business organizations set up in the UK and EU, and these rules also apply to the business which is currently operating in the UK. Even if the company is not in the UK or EU, then it has to abide by data protection set out under article 3 of GDPR.


PECR is UK specific data protection law while GDPR is related to European data protection law. GDPR focuses on the collection and processing of personal data while PECR set rules for the same. However, PECR is not part of GDPR, but they both complement each other as the organizations need to follow both the laws.

PECR Violations

Under PECR, the information commissioner's office can issue admonishment and penalty. If the organization violates PECR, then it can also be count as a criminal offence. The actions of breaking the law can cost up to £500,000.

Email marketing and PECR

There are specific rules set under PECR which states that : -

  • without prior permission, you can't send emails. However, in some specific conditions, you can send emails to your existing customers without consent.

  • while sending marketing emails, you can't hide your email address.

  • the customers must be able to unsubscribe if they do not wish to receive emails.

  • you must not support anyone to send emails that violate the law.

The same rules apply to instant messaging and SMS.

PECR and Cookies

PECR also set rules for the use of cookies as it tells the behavior of customers visiting the website and spending how much time on the specific product. By capturing this information, the organizations can misuse the data, so it becomes necessary to have certain limits on the usage of cookies. The organizations must give the right information on their website or apps regarding the usage of cookies, and what data they will collect and the purpose behind collecting the cookies should be clear. The customer must permit them to use their cookies only; then, the organizations can have access to the cookies. However, some cookies do not require permission for usage like input cookies, multimedia content player cookies, authentication cookies, centric security cookies, etc.

PECR Compliance

To comply with the PECR regulations, the organizations must make some changes in their website as mentioned below:-

- please clean up your website: The organizations must clean unnecessary cookies from their website, which includes only that data which is required to run the website.

- dealing with third party suppliers: The organization needs to change the third party suppliers if they are not ready to make necessary changes in the website.

- the proper information to the customers regarding all cookies: The customer needs to know what cookies the organization use, and why are they necessary? Hence, the organization needs to give details about all the cookies they will collect, and the customer must permit them to use the cookies.

- developing an alternative tracking option: The customers who do not permit cookies also need to be tracked for some relevant information by using an alternative tracking option.

Latest Articles


What are the best email verification and validation tools?


Creating interactive email newsletters with AMP emails


A step-by-step Domain Warm-up Guide