SMS Marketing: An Essential Guide to PECR
You have probably heard the acronym or full name at some point but do you really know what it means and how it affects you and your business? It is more important than you might realise as it applies to all businesses marketing through SMS text messages (and all other electronic channels). In this article we will explain the basics of the regulations to help you understand the legal responsibilities and best practice to use in your text messaging marketing campaigns.
The PECR is better known as the Privacy and Electronics Communications (EC Directive) Regulations 2003. It exists to safeguard the privacy and use of personal information when used for direct marketing through electronic means. Parts of it crossover with the Data Protection Act 1998 (DPA) and where it does so, both pieces of legislation should be complied with. Unlike the DPA, the PECR is obligatory whether or not you process personal data in the course of your business.
What are the PECR?
The PECR are the UK implementation of an EU Directive or law and enforced by the Information Commissioner’s Office (ICO), same as the Data Protection Act 1998. It sets out rules on how marketing should be conducted through electronic means such as telephone, fax, email, messaging by text, picture or video, automated phone calls as well as other issues such as cookies, telephone directories, traffic and location data and breaches of security. They specifically address how the personal information of individuals should be protected when marketing through these channels. The regulations have been amended four times since it first came in force to keep up with fast paced technological changes.
Who Does the PECR Apply to?
The regulations state that the definition of direct marketing is the same as set out under the DPA: ‘’The communication of any advertising and marketing material which is directed to particular individuals’’. Individuals means consumers, sole traders and some partnerships as well as named individual employees of businesses. Direct marketing to limited companies and other corporations is not covered under the PECR, but best practice is to maintain a ‘do not contact’ list of businesses who have advised they do not wish to be contacted. All businesses involved in direct marketing must follow the rules as well as not-for-profit organisations, like charities or political parties.
PECR rules apply to ‘unsolicited marketing’ when individuals have not requested or specifically agreed to the contact. Where individuals have requested information from an organisation (solicited marketing) this is allowed and the PECR does not apply. However, you need to be aware that if you have had solicited contact with a customer, they have consented to further marketing material (like ticking an opt-in box online agreeing to other offers) and you then send them further marketing at a later date, this could still be considered ‘unsolicited marketing’ under the PECR.
What is Consent?
A central part of the regulations, organisations must get the individual’s consent before sending any direct marketing. Consent is defined by the EU Data Protection Directive as ‘’Any freely given specific and informed indication of his wishes that the data subject signifies his agreement to personal data relating to him being processed’’.
The PECR makes the definition of consent even tighter: “the [recipient] has previously notified the [caller or sender] that he consents for the time being to such communications being sent by, or at the instigation of, the [caller or sender]”. What that means to the average business is that the consent must be given directly to their organisation (reliance on a third party to pass on consent originally given to them might not be acceptable). The time span (or implied time span) of consent is also important – consent for a one-off or short time context will not be considered ongoing consent for further marketing. The individual must also agree to the specific type of communications, if they have agreed to phone calls, that does not cover being able to text or email them.
All organisations are at risk of enforcement action if they cannot demonstrate when required (for example when an individual complains) that they obtained proper consent. Therefore clear records should always be kept of date and method of consent, who obtained it and what information was provided.
SMS Marketing – Obtaining Consent
There should be some form of positive action that the individual needs to take to consent to marketing, such as an opt-in box to tick online, sending an email or an oral agreement (for best practice ensure the results of all methods of consent are recorded on your systems). Invitations to make consent must be accompanied by clear and prominent statements so that the individual understands exactly what they are agreeing to; who you are, content, products and services, method of contact, terms and conditions. Reliance on such statements being included in your privacy policies or terms and conditions is not acceptable as they are not prominent enough.
As far as a time span for consent goes, consent is not valid forever, so you cannot include a clause in your statements that might indicate otherwise. The PECR state that consent is ‘for the time being’. This would basically mean while the marketing content is still relevant and relative to what was originally consented to. The longer time passes, the harder it is to rely on the original consent. The ICO is likely to view that any changes, such as in your marketing direction or relation with the customer will end the original consent.
To ensure the consent is freely given, best practice is for organisations to provide a simple, clear opt-out or refusal option as well. You cannot send emails or texts asking for consent – that in itself is direct marketing defined under the regulations. The ICO advises the use of ‘opt-in’ boxes instead of ‘opt-out’ or pre-ticked boxes (where the user has to untick to consent). Opt-out or pre-ticked boxes are not automatically considered consent as the individual can easily miss or ignore them. If consent is expressly withdrawn by the customer opting out or unsubscribing then you must discontinue sending all forms of marketing immediately. It is advisable not to simply delete all their details from your systems as you should retain proof and have a way of ensuring their details are screened from campaigns.
Marketing Texts and Emails
Marketing texts are included as ‘electronic mail’ for the purposes of the regulations. This is defined in the PECR as: “any text, voice, sound or image message sent over a public electronic communications network which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient and includes messages sent using a short message service”.
The first rule is: Always Obtain Consent. All the consent rules laid out above apply, even to viral marketing because if you are ‘instigating’ other people to send a message, the initiator is still responsible for gaining proper consent. Organisations must give their true identity in text messages, not try and hide or disguise it and they must give a clear and simple step to opt-out of receiving further marketing. Best practice with text messages is to allow customers to directly text back to opt-out, a well-known version of this is the phrase ‘STOP’ issued with a number to text.
You must obtain proper consent from all new customers and prospects, but there is a modified rule for existing customers called soft opt-in. This means you can send marketing texts to them if you satisfy three points; that you have obtained their contact details during the course of a sale or sales negotiation with them, you are only marketing your own products and services similar to the initial sale and you have given the person the ability to opt out at the beginning and during every message sent after.
If your business buys in marketing lists or uses third parties to collect contact information and consent then there are further specific and detailed rules under the PECR that should be checked for correct compliance.
At Fastsms, our award winning team of experts are available 24/7 to help your business to make the most of SMS Marketing, one of the most effective and efficient forms of marketing currently available. Call us now on o800 954 5305 to discuss your needs and find out what solutions we can offer, or sign up now for a free trial including 100 messages and give it a go yourself. No payment details or subscription required.
Disclaimer – This article is intended only as general information. It is not intended to be comprehensive or to constitute legal advice. If you need help on a specific issue please seek advice from a qualified legal representative.
Further information and reading:
https://ico.org.uk/media/for-organisations/documents/1555/direct-marketing-guidance.pdf
Related Articles
How are companies sending all those SMS messages illegally?
A review of the EC directive for SMS marketing
Why You Need a Blacklist and What It Can Teach You
One of the major metrics in SMS marketing is how many people opt in to receive your messages. But there’s a flip side to that metric: how many people opt out. In the ideal world, no one would ever leave your list and instead continue to make purchases or support your organisation for as long as you decide to message them.
Why Brits are Lucky When it Comes to SMS Spam
SMS spam is a problem worldwide. But in the UK, we’re less likely to get it than many other countries. Find out why that is, see some examples, and how you can do your part to keep your SMS messages free of spam.
SMS and the Future of Sales and Marketing
Four years ago, reputable commentators in The Guardian were wondering if SMS - short message service or text messaging - had peaked in performance after a two-decade exponential rise. Here we look at the evidence which shows that SMS is not only going strong, but continuing to stand out as an essential marketing channel for many businesses.
SMS Marketing: An Essential Guide to PECR
The PECR Regulations, better known as the Privacy and Electronics Communications (EC Directive) Regulations 2003 are one of the most important pieces of legislation affecting those involved in SMS Marketing. They exist to safeguard the privacy and use of personal information when used for direct marketing through electronic means, including communications by SMS. Parts of it crossover with the Data Protection Act 1998 (DPA) and where it does so, both pieces of legislation should be complied with. Unlike the DPA, the PECR is obligatory whether or not you process personal data in the course of your business. Read this essential guide to PECR for SMS Marketing to ensure you know everything you need to know.
A Demonstration on How Not to Build Your SMS List
Over the last month or so I've signed up for quite a lot of webinars. I'm always trying to learn more about technology, marketing, best practices – you get the idea. So I've been excited to see many organisations offering SMS reminders for webinars. But there is one experience I had with an SMS reminder for a webinar that I simply had to share.
Can You Use SMS for “Cold Calling”?
Does the thought of cold calling fill you with dread? You might think it would be easier to use SMS messaging instead. And though it’s legal to do so in some circumstances, you might want to rethink using it that way. Read the full blog to find out why.
3 Important SMS Marketing Concepts You Need to Know
If you are looking to get going with SMS marketing it's worth learning a bit about the "tricks of the trade" so you avoid the common pitfalls and get off on the right foot. Read about three important marketing concepts that will maximise your success in this venture.