The Privacy and Electronic Communications Regulations

Any company or individual that uses direct marketing and advertising in the UK must abide by the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the amendments that were made in 2004 and 2011. This law makes it illegal to send unsolicited advertising materials via any electronic means, including telephone call, email, SMS or fax, unless the sender has previously been granted permission by the receiver via an opt-in agreement.

How is direct marketing defined?

Direct marketing is defined by the Data Protection Act of 1998 as the communication of advertising or material directed to particular individuals. This not only includes the offer of goods and services, but covers charity fund-raising and political appeals for support.

Where do the regulations apply?

The Privacy and Electronic Communications (EC Directive) Regulations 2003 apply in all countries that are members of the European Union. In the UK, the regulations are to be used in conjunction with the Data Protection Act when processing any personal data, such as the name of the person receiving the message. If marketing messages are being sent without personal data, such as to a list of telephone numbers, the Data Protection Act does not comply but the Privacy and Electronic Communications Regulations do still apply and must be complied with.

Marketing using electronic mail

Electronic mail includes emails, texts, pictures and videos, including WAP messages. The regulations forbid the transmission of unsolicited advertising or marketing by electronic mail to anyone who has not first consented to receiving it. Any marketing material must provide a valid address to allow the recipient that an opt-out request can be sent to and must not have the sender's identity disguised or concealed. In the case of SMS advertising, the valid address can consist of a short code, as long as it does not incur a premium-rate charge and is valid. The sender must also clearly identify themselves in the SMS message. The regulations do have specific criteria that allow for what is sometimes called a 'soft opt-in.' This is laid out in Regulation 22(3) and states that you can send unsolicited electronic marketing messages if the details of the recipient were obtained during the course of a sale or negotiations for a sale, but only if the direct marketing relates to similar products or services. The recipient must still be given a means of refusing that their details can be used this way when the details are first collected, and this must be free of charge.

Telephone marketing

A subscriber can register any number, mobile or landline, to the Telephone Preference Service (TPS). This blocks unsolicited marketing calls on that number. There is a special Corporate Telephone Preference Service (CTPS) for corporate subscribers. It is illegal to make or instigate an unsolicited telesales call to any number listed on the TPS or CTPS register. The only exceptions are during the 28 days that TPS registration takes to come into force, or if the subscriber has informed you they do not object to receiving calls from you. Anyone making a live telesales call must identify themselves and provide a valid business address or Freephone number if asked. If a subcontractor is making the telesales call, they must identify the organisation that is instigating the call.

Who is not covered by the regulations?

The law on the sending of electronic messages only applies to individuals and not to corporate subscribers. The sender must still provide contact details and identify themselves truthfully in the message, but the regulations do not prevent unsolicited marketing emails being sent to an individual's work email address and do not provide an enforceable opt-out. If personal data, such as the name of the recipient, is being used, they will be covered by the Data Protection Act and can ask to stop receiving marketing materials. The regulations do apply to live phone calls made to business numbers as well as individual numbers, so marketers and advertisers cannot contact an individual business subscriber who asks them to stop and must check first to see if they are listed on the CTPS register.

How are the regulations enforced?

The body in the UK which is responsible for policing the Privacy and Electronic Communication Regulations is the Information Commissioners Office. It can take action by auditing, issuing enforcement notices and even instigating criminal prosecution, with the power to issue monetary penalty notices of up to £500,000 for serious breaches of the Privacy and Electronic Communications Regulations.

When setting up an online business and using electronic methods of communication you may find it useful to engage the services of software developers and website designers, along with digital marketing specialists, to help you get the most out of your business endeavour.