PLEASE NOTE: Information in this article is correct at the time of publication, please contact DFA Law for current advice on older articles.
The Privacy and Electronic Communications Regulations 2003 (PECR) sit alongside the Data Protection Act and give people specific privacy rights in relation to electronic communications. There are specific rules covering:
- marketing calls, emails, texts and faxes;
- cookies (and similar technologies);
- keeping communications services secure; and
- customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.
Where organisations are found to be acting outside the law, the Information Commissioner’s Office (ICO) will take action and encourages members of the public to report infringements. A recent case, which was brought to the ICO’s attention in just this way, illustrates that a breach of the PECR does not have to be deliberate for the perpetrator to be punished.
British Telecommunications plc (BT) has been fined £77,000 for sending nearly five million emails to customers without first gaining the necessary consent. Sending direct marketing emails without the customer’s agreement was a breach of the law.
The emails were sent between December 2015 and November 2016 promoting three charity initiatives – the BT ‘My Donate’ platform, Giving Tuesday and Stand up to Cancer.
Whilst BT accepted that emails for Giving Tuesday and Stand up to Cancer were unlawful, it disputed the ICO’s assessment that My Donate emails constituted direct marketing.
The ICO acknowledged that BT had not deliberately broken the rules but it should have known the risks and had failed to take reasonable steps to prevent them. In the ICO’s view, all of the emails sent constituted marketing and were not simply service messages. They had been delivered to recipients who had not given the necessary consent and were therefore sent in breach of Regulation 22 of the PECR.