The Privacy and Electronic Communications (EC Directive) Regulations of 2003 complement existing laws on consumer data protection. It discussed rules on how organizations should use digital communications for their purposes but ensure protection of consumer privacy rights. Also known as the E-Privacy Directive (derived from European laws), the PECR serve as a basis for taking actions against those who obstinately violate people’s privacy rights. Further advancement in communications technology has expanded trade opportunities but made privacy rights vulnerable to breaches in marketing regulations.
The PECR 4th Edition, which took effect in 16 May 2106, contains more comprehensive rules to uphold privacy rights. It includes emergency texts channels for consumer complaints and the obligation of organizations to display contact numbers used in sales and marketing communications.
The regulations cover usage of communications technologies used in obtaining personal information:
- Electronic marketing – Use of phone calling, text messaging, and electronic mail for marketing purposes
- Internet technology used in tracking personal data during website access (example: cookies)
- Security of public electronic communications services. (i.e. traffic, line identification services, directory listings, location information)
The PECR applies to providers of public electronic communications networks or services and organizations who use these technologies in marketing and in processing personal data. Exemptions to these regulations include national security and compliance with other laws.
The Role of ICO in Enforcement
Providers of electronic communications services will have to undergo audit by the Information Commissioner’s Office (ICO). This is to assess whether the security measures set by the concerned provider are being observed. The audit helps organizations comply with their obligations. The ICO has the authority to implement certain measures to reprimand anybody who breaches the PECR. Other than compulsory audit, prosecution and monetary penalties can be imposed.
Key Points in PECR Related to Telemarketing
- Marketing calls should only be conducted with numbers that are not on the Telephone Preference Service (TPS) or Corporate TPS (CTPS). The party calling must allow their numbers to be displayed on the respondent’s screen.
- Regulation 21 of PECR provides details on making live marketing calls
- Regulation 19 states strict rules on automated calls. Marketing calls that play recorded messages on automated dialing systems should not be done unless parties being called have given consent of receiving such calls. Such calls must provide all necessary info such as the name of the caller. It also must display their contact and alternative contact numbers.
- Create your own Do-Not-Call-List as there are people not listed on the TPS but do not want to receive unsolicited marketing calls.
Rules for marketing calls to businesses (B2B) are the same as those for individuals. Businesses may call other firms that have consented to receiving calls – establishments NOT listed on TPS or CTPS or have objected to previous marketing calls. Note that some are listed on TPS while others are on the CTPS. Always check these lists as well as one’s DNC records.