What is PECR?
The Privacy and Electronic Communications Regulation (PECR), known as 'E -privacy directive,' is a law in the United Kingdom that emphasizes electronic marketing channels (call, text, emails, cookies, etc.), giving people certain rights to protect their personal data.
Need for PECR
- Privacy: With the upcoming era of Technology, many apps capture customers' personal data that can be used in the wrong ways by different people.PECR protects customer's data giving them privacy to work freely.
- Rules: PECR gives rules ( regarding access to customer details ) to the business organizations set up in the UK and EU, and these rules also apply to the business which is currently operating in the UK. Even if the company is not in the UK or EU, then it has to abide by data protection set out under article 3 of GDPR.
PECR and GDPR
PECR is UK specific data protection law while GDPR is related to European data protection law. GDPR focuses on the collection and processing of personal data while PECR set rules for the same. However, PECR is not part of GDPR, but they both complement each other as the organizations need to follow both the laws.
Under PECR, the information commissioner's office can issue admonishment and penalty. If the organization violates PECR, then it can also be count as a criminal offence. The actions of breaking the law can cost up to £500,000.
Email marketing and PECR
There are specific rules set under PECR which states that : -
without prior permission, you can't send emails. However, in some specific conditions, you can send emails to your existing customers without consent.
while sending marketing emails, you can't hide your email address.
the customers must be able to unsubscribe if they do not wish to receive emails.
you must not support anyone to send emails that violate the law.
The same rules apply to instant messaging and SMS.
PECR and Cookies
To comply with the PECR regulations, the organizations must make some changes in their website as mentioned below:-
- please clean up your website: The organizations must clean unnecessary cookies from their website, which includes only that data which is required to run the website.
- dealing with third party suppliers: The organization needs to change the third party suppliers if they are not ready to make necessary changes in the website.
- the proper information to the customers regarding all cookies: The customer needs to know what cookies the organization use, and why are they necessary? Hence, the organization needs to give details about all the cookies they will collect, and the customer must permit them to use the cookies.
- developing an alternative tracking option: The customers who do not permit cookies also need to be tracked for some relevant information by using an alternative tracking option.