We have reported previously that the new ePrivacy Regulation (to replace the ePrivacy Directive behind PECR) was working its way through the European legislative process. It had been intended to introduce it at the same time as GDPR but it was only published in January 2018 so that timetable was far too ambitious.
Nevertheless we have watched the draft work its way through the various stages of amendment and approval towards a final decision by the EU parliament. Earlier this year progress was being made and commentators were expecting the final version to be approved early in 2020 for implementation after a period of grace.
However there was a knockout blow in October 2019 as a committee rejected the draft ePrivacy Regulation. Commentators are now saying that it will require a major rewrite and will probably start the whole process again. The reason it was rejected is that there is no agreement across EU Member States about how we notify users about cookies, how the marketing consents should work etc.
PECR also rules that marketing by text or email is only permissible if:
• They have given positive or opt-in, time-limited, consent that can be evidenced or
• They are corporate subscribers, meaning that a company pays the broadband or mobile fees to receive the communication or
• They have bought or almost completed a purchase of the same or largely similar goods from the marketer previously (the “soft opt-in”).
These are the rules that currently apply in the UK. Note that other EU Member States will have implementd the ePrivacy Directive differently and so different rules will apply. If your business is using email to market internationally it will need to be up to date with current ePrivacy rules in each jurisdiction it trades with.
Direct marketing code of practice – Draft
The draft ePrivacy Regulation was rejected in the Autumn and will need a significant rewrite before it can be represented in the EU. As such it will not be binding on the UK as we will no longer be part of the EU. However it is likely to continue to influence our national direct marketing law.
The ePrivacy Directive is behind the Privacy and Electronic Communications Regulations 2003 (amended) which impacts on cookie notices and cookie consents and the rules around direct marketing by electronic means.
In the absence of an update from the EU, the Information Commissioner is reviewing the Code of Direct Marketing and has published a document for public consultation here https://ico.org.uk/about-the-ico/ico-and-stakeholder-consultations/ico-consultation-on-the-draft-direct-marketing-code-of-practice/
Businesses are encouraged to provide feedback.
If you would like help understanding how personal data can be used for marketing, get in touch.