SMS Marketing: An Essential Guide to PECR
You have probably heard the acronym or full name at some point but do you really know what it means and how it affects you and your business? It is more important than you might realise as it applies to all businesses marketing through SMS text messages (and all other electronic channels). In this article we will explain the basics of the regulations to help you understand the legal responsibilities and best practice to use in your text messaging marketing campaigns.
The PECR is better known as the Privacy and Electronics Communications (EC Directive) Regulations 2003. It exists to safeguard the privacy and use of personal information when used for direct marketing through electronic means. Parts of it crossover with the Data Protection Act 1998 (DPA) and where it does so, both pieces of legislation should be complied with. Unlike the DPA, the PECR is obligatory whether or not you process personal data in the course of your business.
What are the PECR?
The PECR are the UK implementation of an EU Directive or law and enforced by the Information Commissioner’s Office (ICO), same as the Data Protection Act 1998. It sets out rules on how marketing should be conducted through electronic means such as telephone, fax, email, messaging by text, picture or video, automated phone calls as well as other issues such as cookies, telephone directories, traffic and location data and breaches of security. They specifically address how the personal information of individuals should be protected when marketing through these channels. The regulations have been amended four times since it first came in force to keep up with fast paced technological changes.
Who Does the PECR Apply to?
The regulations state that the definition of direct marketing is the same as set out under the DPA: ‘’The communication of any advertising and marketing material which is directed to particular individuals’’. Individuals means consumers, sole traders and some partnerships as well as named individual employees of businesses. Direct marketing to limited companies and other corporations is not covered under the PECR, but best practice is to maintain a ‘do not contact’ list of businesses who have advised they do not wish to be contacted. All businesses involved in direct marketing must follow the rules as well as not-for-profit organisations, like charities or political parties.
PECR rules apply to ‘unsolicited marketing’ when individuals have not requested or specifically agreed to the contact. Where individuals have requested information from an organisation (solicited marketing) this is allowed and the PECR does not apply. However, you need to be aware that if you have had solicited contact with a customer, they have consented to further marketing material (like ticking an opt-in box online agreeing to other offers) and you then send them further marketing at a later date, this could still be considered ‘unsolicited marketing’ under the PECR.
What is Consent?
A central part of the regulations, organisations must get the individual’s consent before sending any direct marketing. Consent is defined by the EU Data Protection Directive as ‘’Any freely given specific and informed indication of his wishes that the data subject signifies his agreement to personal data relating to him being processed’’.
The PECR makes the definition of consent even tighter: “the [recipient] has previously notified the [caller or sender] that he consents for the time being to such communications being sent by, or at the instigation of, the [caller or sender]”. What that means to the average business is that the consent must be given directly to their organisation (reliance on a third party to pass on consent originally given to them might not be acceptable). The time span (or implied time span) of consent is also important – consent for a one-off or short time context will not be considered ongoing consent for further marketing. The individual must also agree to the specific type of communications, if they have agreed to phone calls, that does not cover being able to text or email them.
All organisations are at risk of enforcement action if they cannot demonstrate when required (for example when an individual complains) that they obtained proper consent. Therefore clear records should always be kept of date and method of consent, who obtained it and what information was provided.
SMS Marketing – Obtaining Consent
There should be some form of positive action that the individual needs to take to consent to marketing, such as an opt-in box to tick online, sending an email or an oral agreement (for best practice ensure the results of all methods of consent are recorded on your systems). Invitations to make consent must be accompanied by clear and prominent statements so that the individual understands exactly what they are agreeing to; who you are, content, products and services, method of contact, terms and conditions. Reliance on such statements being included in your privacy policies or terms and conditions is not acceptable as they are not prominent enough.
As far as a time span for consent goes, consent is not valid forever, so you cannot include a clause in your statements that might indicate otherwise. The PECR state that consent is ‘for the time being’. This would basically mean while the marketing content is still relevant and relative to what was originally consented to. The longer time passes, the harder it is to rely on the original consent. The ICO is likely to view that any changes, such as in your marketing direction or relation with the customer will end the original consent.
To ensure the consent is freely given, best practice is for organisations to provide a simple, clear opt-out or refusal option as well. You cannot send emails or texts asking for consent – that in itself is direct marketing defined under the regulations. The ICO advises the use of ‘opt-in’ boxes instead of ‘opt-out’ or pre-ticked boxes (where the user has to untick to consent). Opt-out or pre-ticked boxes are not automatically considered consent as the individual can easily miss or ignore them. If consent is expressly withdrawn by the customer opting out or unsubscribing then you must discontinue sending all forms of marketing immediately. It is advisable not to simply delete all their details from your systems as you should retain proof and have a way of ensuring their details are screened from campaigns.
Marketing Texts and Emails
Marketing texts are included as ‘electronic mail’ for the purposes of the regulations. This is defined in the PECR as: “any text, voice, sound or image message sent over a public electronic communications network which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient and includes messages sent using a short message service”.
The first rule is: Always Obtain Consent. All the consent rules laid out above apply, even to viral marketing because if you are ‘instigating’ other people to send a message, the initiator is still responsible for gaining proper consent. Organisations must give their true identity in text messages, not try and hide or disguise it and they must give a clear and simple step to opt-out of receiving further marketing. Best practice with text messages is to allow customers to directly text back to opt-out, a well-known version of this is the phrase ‘STOP’ issued with a number to text.
You must obtain proper consent from all new customers and prospects, but there is a modified rule for existing customers called soft opt-in. This means you can send marketing texts to them if you satisfy three points; that you have obtained their contact details during the course of a sale or sales negotiation with them, you are only marketing your own products and services similar to the initial sale and you have given the person the ability to opt out at the beginning and during every message sent after.
If your business buys in marketing lists or uses third parties to collect contact information and consent then there are further specific and detailed rules under the PECR that should be checked for correct compliance.
At Fastsms, our award winning team of experts are available 24/7 to help your business to make the most of SMS Marketing, one of the most effective and efficient forms of marketing currently available. Call us now on o800 954 5305 to discuss your needs and find out what solutions we can offer, or sign up now for a free trial including 100 messages and give it a go yourself. No payment details or subscription required.
Disclaimer – This article is intended only as general information. It is not intended to be comprehensive or to constitute legal advice. If you need help on a specific issue please seek advice from a qualified legal representative.
Further information and reading:
When conducting an SMS marketing campaign, there are a number of compliance regulations you should be aware of, to ensure that your communications are as effective as possible, without being potentially damaging to your campaign or your business. If you're marketing to a UK market, the UK Privacy and Electronic Communications Regulations (PECR) gives clear guidelines on what falls within the rules. Here we've highlighted some key tips to ensure your next campaign is compliant, based on common questions that arise.
"UK B2C data for SMS marketing" - That was the search result headline I found while researching online. Interesting I thought. It must be relating to SMS marketing statistics for B2C (business to consumer) sales. Since I was searching for some updated information and studies about SMS I decided to click and read.
Executed properly, SMS direct marketing is a hugely effective and successful means of building customer loyalty and improving sales. But even genuine and honest marketing companies can suffer huge damage to reputation or even break the law through simply lacking knowledge or not double-checking before releasing campaigns. Read this article to learn more about the definitions of spamming and harassment, current UK law and how to avoid simple but costly mistakes.
Enterprises are large companies. Sometimes that means they think they should be able to do everything themselves. But when it comes to SMS messaging, building an in-house gateway is more difficult than you might think. Read why finding a good SMS service provider is a better option.
Late last month reports surfaced that the Trump US presidential campaign had sent unsolicited SMS messages to voters in the Chicago area. One man, Joshua Thorne, and his lawyers have filed a class-action lawsuit alleging the Trump Campaign violated the Telephone Consumer Protection Act (TCPA, the US equivalent of the PECR).
The Information Commissioner’s Office (ICO) issued seven monetary penalties against companies this year. We’ve read through them all – so you don’t have to – and discovered two lessons every company should learn about SMS marketing if they want to be successful.
Four years ago, reputable commentators in The Guardian were wondering if SMS - short message service or text messaging - had peaked in performance after a two-decade exponential rise. Here we look at the evidence which shows that SMS is not only going strong, but continuing to stand out as an essential marketing channel for many businesses.
Any UK business that collects, stores and uses other people’s personal data for purposes such as marketing and selling is subject to the rules of the Data Protection Act, and those using SMS marketing are no exception. Having a basic understanding of the DPA legislation and its main requirements is useful to maintain best practice in direct marketing such as SMS marketing and also helps to uphold your hard won customer trust - as well as avoid the potentially costly consequences of falling foul of the law. Read this article to learn how to avoid the simple pitfalls and get your SMS marketing campaign off to the right start.