SMS Marketing: An Essential Guide to PECR
You have probably heard the acronym or full name at some point but do you really know what it means and how it affects you and your business? It is more important than you might realise as it applies to all businesses marketing through SMS text messages (and all other electronic channels). In this article we will explain the basics of the regulations to help you understand the legal responsibilities and best practice to use in your text messaging marketing campaigns.
The PECR is better known as the Privacy and Electronics Communications (EC Directive) Regulations 2003. It exists to safeguard the privacy and use of personal information when used for direct marketing through electronic means. Parts of it crossover with the Data Protection Act 1998 (DPA) and where it does so, both pieces of legislation should be complied with. Unlike the DPA, the PECR is obligatory whether or not you process personal data in the course of your business.
What are the PECR?
The PECR are the UK implementation of an EU Directive or law and enforced by the Information Commissioner’s Office (ICO), same as the Data Protection Act 1998. It sets out rules on how marketing should be conducted through electronic means such as telephone, fax, email, messaging by text, picture or video, automated phone calls as well as other issues such as cookies, telephone directories, traffic and location data and breaches of security. They specifically address how the personal information of individuals should be protected when marketing through these channels. The regulations have been amended four times since it first came in force to keep up with fast paced technological changes.
Who Does the PECR Apply to?
The regulations state that the definition of direct marketing is the same as set out under the DPA: ‘’The communication of any advertising and marketing material which is directed to particular individuals’’. Individuals means consumers, sole traders and some partnerships as well as named individual employees of businesses. Direct marketing to limited companies and other corporations is not covered under the PECR, but best practice is to maintain a ‘do not contact’ list of businesses who have advised they do not wish to be contacted. All businesses involved in direct marketing must follow the rules as well as not-for-profit organisations, like charities or political parties.
PECR rules apply to ‘unsolicited marketing’ when individuals have not requested or specifically agreed to the contact. Where individuals have requested information from an organisation (solicited marketing) this is allowed and the PECR does not apply. However, you need to be aware that if you have had solicited contact with a customer, they have consented to further marketing material (like ticking an opt-in box online agreeing to other offers) and you then send them further marketing at a later date, this could still be considered ‘unsolicited marketing’ under the PECR.
What is Consent?
A central part of the regulations, organisations must get the individual’s consent before sending any direct marketing. Consent is defined by the EU Data Protection Directive as ‘’Any freely given specific and informed indication of his wishes that the data subject signifies his agreement to personal data relating to him being processed’’.
The PECR makes the definition of consent even tighter: “the [recipient] has previously notified the [caller or sender] that he consents for the time being to such communications being sent by, or at the instigation of, the [caller or sender]”. What that means to the average business is that the consent must be given directly to their organisation (reliance on a third party to pass on consent originally given to them might not be acceptable). The time span (or implied time span) of consent is also important – consent for a one-off or short time context will not be considered ongoing consent for further marketing. The individual must also agree to the specific type of communications, if they have agreed to phone calls, that does not cover being able to text or email them.
All organisations are at risk of enforcement action if they cannot demonstrate when required (for example when an individual complains) that they obtained proper consent. Therefore clear records should always be kept of date and method of consent, who obtained it and what information was provided.
SMS Marketing – Obtaining Consent
There should be some form of positive action that the individual needs to take to consent to marketing, such as an opt-in box to tick online, sending an email or an oral agreement (for best practice ensure the results of all methods of consent are recorded on your systems). Invitations to make consent must be accompanied by clear and prominent statements so that the individual understands exactly what they are agreeing to; who you are, content, products and services, method of contact, terms and conditions. Reliance on such statements being included in your privacy policies or terms and conditions is not acceptable as they are not prominent enough.
As far as a time span for consent goes, consent is not valid forever, so you cannot include a clause in your statements that might indicate otherwise. The PECR state that consent is ‘for the time being’. This would basically mean while the marketing content is still relevant and relative to what was originally consented to. The longer time passes, the harder it is to rely on the original consent. The ICO is likely to view that any changes, such as in your marketing direction or relation with the customer will end the original consent.
To ensure the consent is freely given, best practice is for organisations to provide a simple, clear opt-out or refusal option as well. You cannot send emails or texts asking for consent – that in itself is direct marketing defined under the regulations. The ICO advises the use of ‘opt-in’ boxes instead of ‘opt-out’ or pre-ticked boxes (where the user has to untick to consent). Opt-out or pre-ticked boxes are not automatically considered consent as the individual can easily miss or ignore them. If consent is expressly withdrawn by the customer opting out or unsubscribing then you must discontinue sending all forms of marketing immediately. It is advisable not to simply delete all their details from your systems as you should retain proof and have a way of ensuring their details are screened from campaigns.
Marketing Texts and Emails
Marketing texts are included as ‘electronic mail’ for the purposes of the regulations. This is defined in the PECR as: “any text, voice, sound or image message sent over a public electronic communications network which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient and includes messages sent using a short message service”.
The first rule is: Always Obtain Consent. All the consent rules laid out above apply, even to viral marketing because if you are ‘instigating’ other people to send a message, the initiator is still responsible for gaining proper consent. Organisations must give their true identity in text messages, not try and hide or disguise it and they must give a clear and simple step to opt-out of receiving further marketing. Best practice with text messages is to allow customers to directly text back to opt-out, a well-known version of this is the phrase ‘STOP’ issued with a number to text.
You must obtain proper consent from all new customers and prospects, but there is a modified rule for existing customers called soft opt-in. This means you can send marketing texts to them if you satisfy three points; that you have obtained their contact details during the course of a sale or sales negotiation with them, you are only marketing your own products and services similar to the initial sale and you have given the person the ability to opt out at the beginning and during every message sent after.
If your business buys in marketing lists or uses third parties to collect contact information and consent then there are further specific and detailed rules under the PECR that should be checked for correct compliance.
At Fastsms, our award winning team of experts are available 24/7 to help your business to make the most of SMS Marketing, one of the most effective and efficient forms of marketing currently available. Call us now on o800 954 5305 to discuss your needs and find out what solutions we can offer, or sign up now for a free trial including 100 messages and give it a go yourself. No payment details or subscription required.
Disclaimer – This article is intended only as general information. It is not intended to be comprehensive or to constitute legal advice. If you need help on a specific issue please seek advice from a qualified legal representative.
Further information and reading:
https://ico.org.uk/media/for-organisations/documents/1555/direct-marketing-guidance.pdf
Related Articles
What You Can Learn About SMS Marketing from These 7 Companies
The Information Commissioner’s Office (ICO) issued seven monetary penalties against companies this year. We’ve read through them all – so you don’t have to – and discovered two lessons every company should learn about SMS marketing if they want to be successful.
How important is it to run an SMS opt in campaign?
ICO issues a huge fine for massive illegal SMS campaign
ICO, the Information Commissioner's Office, has recently imposed a huge fine on direct marketing company Help Direct UK for sending illegal SMS messages.
Why you want to keep your SMS marketing database clean
4 Simple Steps to Staying Compliant When Using SMS Messaging
Yet another company (Quigley and Carter Limited) have been fined by the ICO for not having permission to send SMS messages. In this case, they had outsourced their marketing to a third party who then sent messages on their behalf. So is staying compliant with the regulations regarding SMS messaging so difficult? It doesn’t have to be.
SMS Marketing – A Brief Guide to the Data Protection Act 1998
Any UK business that collects, stores and uses other people’s personal data for purposes such as marketing and selling is subject to the rules of the Data Protection Act, and those using SMS marketing are no exception. Having a basic understanding of the DPA legislation and its main requirements is useful to maintain best practice in direct marketing such as SMS marketing and also helps to uphold your hard won customer trust - as well as avoid the potentially costly consequences of falling foul of the law. Read this article to learn how to avoid the simple pitfalls and get your SMS marketing campaign off to the right start.
Unsolicited SMS Messages Lead to Trouble…Even for Trump
Late last month reports surfaced that the Trump US presidential campaign had sent unsolicited SMS messages to voters in the Chicago area. One man, Joshua Thorne, and his lawyers have filed a class-action lawsuit alleging the Trump Campaign violated the Telephone Consumer Protection Act (TCPA, the US equivalent of the PECR).
Small Businesses Can Succeed with SMS Marketing
Is SMS marketing a viable strategy for SMEs to grow their businesses? A recent article by a US SMS provider suggests not but we debunk that view. Read how and why Fastsms can help small businesses can succeed with SMS marketing without breaking the bank.
What Not to Do When the ICO Comes Calling
The regulations about SMS marketing are quite clear. But sometimes people, and companies, can make mistakes. Find out what happened to a company that reacted poorly to the ICO’s request for information, and how it made their situation so much worse.