SMS Marketing: An Essential Guide to PECR
You have probably heard the acronym or full name at some point but do you really know what it means and how it affects you and your business? It is more important than you might realise as it applies to all businesses marketing through SMS text messages (and all other electronic channels). In this article we will explain the basics of the regulations to help you understand the legal responsibilities and best practice to use in your text messaging marketing campaigns.
The PECR is better known as the Privacy and Electronics Communications (EC Directive) Regulations 2003. It exists to safeguard the privacy and use of personal information when used for direct marketing through electronic means. Parts of it crossover with the Data Protection Act 1998 (DPA) and where it does so, both pieces of legislation should be complied with. Unlike the DPA, the PECR is obligatory whether or not you process personal data in the course of your business.
What are the PECR?
The PECR are the UK implementation of an EU Directive or law and enforced by the Information Commissioner’s Office (ICO), same as the Data Protection Act 1998. It sets out rules on how marketing should be conducted through electronic means such as telephone, fax, email, messaging by text, picture or video, automated phone calls as well as other issues such as cookies, telephone directories, traffic and location data and breaches of security. They specifically address how the personal information of individuals should be protected when marketing through these channels. The regulations have been amended four times since it first came in force to keep up with fast paced technological changes.
Who Does the PECR Apply to?
The regulations state that the definition of direct marketing is the same as set out under the DPA: ‘’The communication of any advertising and marketing material which is directed to particular individuals’’. Individuals means consumers, sole traders and some partnerships as well as named individual employees of businesses. Direct marketing to limited companies and other corporations is not covered under the PECR, but best practice is to maintain a ‘do not contact’ list of businesses who have advised they do not wish to be contacted. All businesses involved in direct marketing must follow the rules as well as not-for-profit organisations, like charities or political parties.
PECR rules apply to ‘unsolicited marketing’ when individuals have not requested or specifically agreed to the contact. Where individuals have requested information from an organisation (solicited marketing) this is allowed and the PECR does not apply. However, you need to be aware that if you have had solicited contact with a customer, they have consented to further marketing material (like ticking an opt-in box online agreeing to other offers) and you then send them further marketing at a later date, this could still be considered ‘unsolicited marketing’ under the PECR.
What is Consent?
A central part of the regulations, organisations must get the individual’s consent before sending any direct marketing. Consent is defined by the EU Data Protection Directive as ‘’Any freely given specific and informed indication of his wishes that the data subject signifies his agreement to personal data relating to him being processed’’.
The PECR makes the definition of consent even tighter: “the [recipient] has previously notified the [caller or sender] that he consents for the time being to such communications being sent by, or at the instigation of, the [caller or sender]”. What that means to the average business is that the consent must be given directly to their organisation (reliance on a third party to pass on consent originally given to them might not be acceptable). The time span (or implied time span) of consent is also important – consent for a one-off or short time context will not be considered ongoing consent for further marketing. The individual must also agree to the specific type of communications, if they have agreed to phone calls, that does not cover being able to text or email them.
All organisations are at risk of enforcement action if they cannot demonstrate when required (for example when an individual complains) that they obtained proper consent. Therefore clear records should always be kept of date and method of consent, who obtained it and what information was provided.
SMS Marketing – Obtaining Consent
There should be some form of positive action that the individual needs to take to consent to marketing, such as an opt-in box to tick online, sending an email or an oral agreement (for best practice ensure the results of all methods of consent are recorded on your systems). Invitations to make consent must be accompanied by clear and prominent statements so that the individual understands exactly what they are agreeing to; who you are, content, products and services, method of contact, terms and conditions. Reliance on such statements being included in your privacy policies or terms and conditions is not acceptable as they are not prominent enough.
As far as a time span for consent goes, consent is not valid forever, so you cannot include a clause in your statements that might indicate otherwise. The PECR state that consent is ‘for the time being’. This would basically mean while the marketing content is still relevant and relative to what was originally consented to. The longer time passes, the harder it is to rely on the original consent. The ICO is likely to view that any changes, such as in your marketing direction or relation with the customer will end the original consent.
To ensure the consent is freely given, best practice is for organisations to provide a simple, clear opt-out or refusal option as well. You cannot send emails or texts asking for consent – that in itself is direct marketing defined under the regulations. The ICO advises the use of ‘opt-in’ boxes instead of ‘opt-out’ or pre-ticked boxes (where the user has to untick to consent). Opt-out or pre-ticked boxes are not automatically considered consent as the individual can easily miss or ignore them. If consent is expressly withdrawn by the customer opting out or unsubscribing then you must discontinue sending all forms of marketing immediately. It is advisable not to simply delete all their details from your systems as you should retain proof and have a way of ensuring their details are screened from campaigns.
Marketing Texts and Emails
Marketing texts are included as ‘electronic mail’ for the purposes of the regulations. This is defined in the PECR as: “any text, voice, sound or image message sent over a public electronic communications network which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient and includes messages sent using a short message service”.
The first rule is: Always Obtain Consent. All the consent rules laid out above apply, even to viral marketing because if you are ‘instigating’ other people to send a message, the initiator is still responsible for gaining proper consent. Organisations must give their true identity in text messages, not try and hide or disguise it and they must give a clear and simple step to opt-out of receiving further marketing. Best practice with text messages is to allow customers to directly text back to opt-out, a well-known version of this is the phrase ‘STOP’ issued with a number to text.
You must obtain proper consent from all new customers and prospects, but there is a modified rule for existing customers called soft opt-in. This means you can send marketing texts to them if you satisfy three points; that you have obtained their contact details during the course of a sale or sales negotiation with them, you are only marketing your own products and services similar to the initial sale and you have given the person the ability to opt out at the beginning and during every message sent after.
If your business buys in marketing lists or uses third parties to collect contact information and consent then there are further specific and detailed rules under the PECR that should be checked for correct compliance.
At Fastsms, our award winning team of experts are available 24/7 to help your business to make the most of SMS Marketing, one of the most effective and efficient forms of marketing currently available. Call us now on o800 954 5305 to discuss your needs and find out what solutions we can offer, or sign up now for a free trial including 100 messages and give it a go yourself. No payment details or subscription required.
Disclaimer – This article is intended only as general information. It is not intended to be comprehensive or to constitute legal advice. If you need help on a specific issue please seek advice from a qualified legal representative.
Further information and reading:
Does the thought of cold calling fill you with dread? You might think it would be easier to use SMS messaging instead. And though it’s legal to do so in some circumstances, you might want to rethink using it that way. Read the full blog to find out why.
In last week’s blog I covered how the Trump campaign sent unsolicited SMS messages to voters. This week I’m stuck on the same topic, but from a totally different angle: what we can learn from that failure. Because honestly, their biggest issue might not be violating the law. It might be the people they have writing their SMS messages. It’s time to dissect the message that spawned the law suit, and learn what we can from it.
The UK may be leaving the EU, but the GDPR is still coming. Find out what it means for your business, and your SMS messaging, in our post that looks ahead and reviews the ICO guidance to prepare for the new rules.
The first thing to remember is that legally, you must give the customer the chance to both opt-in and opt-out of your SMS campaign - but the good news is people are happy to opt-in - 49% of them according to a 2014 survey. So all you need to do is stay compliant and follow some basic guidelines to grow your list.
When you start using SMS marketing, one of the first decisions you need to make is whether or not you’ll need to get replies. If you do, then you’ll need to decide between shortcodes and a virtual mobile number (VMN, also called longcode). If you don’t, then that’s alright too.
You’d think a large, multinational company would have all the resources and planning it needed to run an SMS marketing campaign. But that isn’t always the case apparently. Find out the big mistake this one company made and how you can avoid doing the same thing in this blog.
As an entrepreneur, it is notoriously difficult to get your message out there. It's even harder to get seen and heard in a meaningful way that doesn't offend people. Email marketing has been the darling of entrepreneurs for years, but it's time for something new. Something that supersedes the email and circumvents the spam folder.