What is PECR?
The Privacy and Electronic Communications Regulations (PECR) sits alongside the Data Protection Act as well as the GDPR which everyone should know about. PECR has been around for several years, first coming into effect back in 2002 and since been updated a number of times, most recently in 2015. More information about this can be found at: http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32002L0058
Currently, the EU is in the process of updating the e-privacy regulation to fully fall in line with the GDPR. When it comes to personal information and e-privacy, both the GDPR and PECR should be considered and thought about at the same time.
These e-privacy regulations give people specific privacy rights when it comes to electric communication.
What does PECR cover?
Specifically, PECR applies to the following types of communication types:
- Marketing through such electronic means as marketing telephone calls, emails, texts and faxes are all in scope, more information can be found here.
- The use of Website Cookies (and similar technologies) which are used to track information about people visiting a website. More information about this can be found here.
- Ensuring the security of communication services is covered to ensure that data breaches are reduced. More information about this can be found here.
- The privacy of customers which are using communication networks and/or services includes traffic and location data, itemised billing, line identification and directory listings. More information about this can be found here.
How does this affect me?
As with the GDPR and the Data Protection Act 2018, you may find that you are under scope even if you think you aren’t. Even if you are not a communications provider or do not provide services to customers in the means of communications.
As mentioned above, in the what does PECR cover section, if you contact customers (business or individuals) via any of the methods listed (and they haven’t already consented) then PECR will apply to you.
You should start now thinking about how you contact customers and how PECR will apply to your business moving forward.
How does this fit with the DPA 2018 and the GDPR?
It is important to note, that PECR will apply even if you are not processing personal data, this means that the marketing rules for PECR apply, even if you cannot identify the person you are contacting.