Privacy and Electronic Communications Regulations (PECR)

The Privacy and Electronic Communications Regulations 2003 (PECR) sits alongside GDPR and Data Protection Act 2018 and places constraints on the use of personal data for electronic marketing purposes.

PECR applies to all businesses which market by phone, email, text or fax or which use cookies or a similar technology on their website. PECR also contains specific rules which apply to organisations that provide a public electronic communications network or service.

PECR compliance is overseen by the ICO and sanctions for non-compliance include criminal prosecution, non-criminal enforcement and audit. The Information Commissioner can also serve a monetary penalty notice imposing a fine of up to £500,000.

It was originally intended that PECR would be replaced by a new ePrivacy Regulation alongside GDPR in May 2018 but the ePrivacy Regulation is still in draft form. This Regulation is intended to complement the general obligations under the GDPR with specific rules applicable to electronic communications. Although it is still in draft form, it is clear that it will include provisions on cookies, online marketing, Wi-Fi / device location tracking and the use of content and metadata.

For more information on the current law under PECR and the proposed changes under the ePrivacy Regulation, see: