Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR 2003)
The European Directive on which the Regulations are based was revised in 2011. As a result the existing Regulations in the UK were amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.
Many of the 2003 Regulations have stayed the same, but some important changes were made, which included:
- rules for websites using cookies and similar technologies (see section 9 of the Code of Practice);
- new powers for the UK Information Commissioner (ICO) to serve a monetary penalty on an organisation when very serious breaches of the Regulations occur; and
- new powers for the ICO to investigate breaches of the Regulations by obtaining information from certain third party organisations.
Most of the rules on marketing by live phone call, automated phone call, fax, email and text message stayed the same.
'Direct marketing' means 'the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals' (s.11 DPA 1998). The ICO considers "'direct marketing' as covering a wide range of activities which will apply not just to the offer for sale of goods or services, but also to the promotion of an organisation's aims and ideals."
Where the University wishes to communicate via electronic means with individuals, such as prospective students (e.g.
marketing the University) or alumni (e.g. fundraising) they must comply with the following rules in order to use these media for marketing communications to individual subscribers:
- automated calling systems: the University must have prior consent. Prior consent means that the individual has given some positive indication of intention. This does not necessarily require a tick box "opt-in" e.g. if the individual has clearly indicated their consent to the purposes and to the receipt of marketing communications in some other fashion i.e. clicking on an "Accept" button at the end of a marketing notice
- faxes: the University must have prior consent, and check with the Fax Preference Service on a regular basis, unless the individual has notified the University that such communications can be sent "for the time being"
- live voice telephone calls: the University must honour individuals' "Do not Call" requests, and check with the Telephone Preference Service on a regular basis, unless the individual has notified the University that such communications can be sent 'for the time being'
The ICO has published this updated ‘plain language’ guidance on PECRs.
Enforcement of PECRs
The Privacy and Electronic Communications Regulations are enforced by the ICO, who may impose a civil monetary penalty of up to a maximum of £500K if a business is found to have committed a very serious breach of the Regulations. In other cases an Information Notice requesting further information or an Enforcement Notice will be issued and a fine may be imposed for breach of an Enforcement Notice.