top of page

What is 'PECR'?

Quite simply, ‘PECR’ is the abbreviation for the Privacy and Electronic Communications (EC Directive) Regulations 2003.

The regulations are derived from the European ‘e-privacy Directive’, which complements our data protection regime and sets out more specific privacy rights on electronic communications.

PECR set out specific rules on:

  • direct marketing calls, emails and text messages;

  • cookies;

  • maintaining secure communications services; and

  • customer privacy.

Focusing on direct marketing, PECR really are the go-to rules when it comes to using electronic methods, such as telephone calls, SMS and email.

They are enforced by the Information Commissioner’s Office (ICO) and are the main source of financial penalty when it comes to breaching the rules.

With regard to telesales marketing, PECR dictate that you cannot call somebody that has registered their number with the Telephone Preference Service (TPS), unless they have subsequently given you consent to do so. The TPS is essentially a blocking service for unwanted marketing calls.

Most companies making such calls will screen their databases against the TPS Register and thereby remove any ‘blocked’ numbers, which should ensure they do not breach the rules. However, things do go wrong, such as registered numbers not matching the database and therefore not being removed by the screening process. Sometimes, companies will use overriding consent when people unwittingly give it via websites without reading the privacy policy.

Let’s face it, not many people do read such policies, but will click to say they agree to the contents. This potentially allows the marketing call to be made to them, even though they believe the calls are TPS blocked. This can cause complaints and the ICO to come knocking at the company’s door.

In terms of emails and text messages, this is probably the largest area of concern for the ICO and which creates the most enforcement action, particularly texts. PECR are very clear that you cannot send direct marketing messages by such means, which includes automated calls, unless you have consent to do so. ‘Consent’ being to the GDPR standard, that is an affirmative action or statement of agreement to process personal data, which is freely given, specific, informed and unambiguous. A high threshold to reach.

Text message direct marketing also has the dangers of the 7726 Spam Reporting Service, which is often suggested as a means of blocking unwanted spam messages, but in reality is simply a reporting service to say that spam has been received. Such reports are considered by the ICO on a regular basis and may cause them to mobilise their enforcement teams if large numbers of spam reports are being received relating to a particular sender. The ICO will sometimes monitor the data over a period of months before contacting the sender, who may be blissfully unaware that their marketing is causing such an issue. Once the knock at the door comes, it is time to hope that proper consent has been obtained to send the messages or a large fine may follow.

It is imperative therefore that if you are engaging in outbound direct marketing you have a full and proper understanding of PECR before you embark upon doing so, otherwise the consequences may be dire.

Solicitor Andrew Swan commented: “I advise a lot of companies on compliance with PECR, as it is imperative that they get their direct marketing communications right from the outset. It can be confusing as to what you can and can’t do with different types of communication, but generally they are all achievable if the correct steps are taken. I also defend many companies when they have got it wrong and fallen foul of the ICO.

Sometimes they have a defence to what is alleged, but on occasions it can simply be a matter of putting forward the best possible mitigation.”

For more information, please contact Andrew at or on tel: 07907 308773.


bottom of page