WTF is PECR?
An acronym that has resurfaced lately, typically when a data protection regulator mentions the General Data Protection Regulation, is PECR.
For media and marketing businesses that have had their heads buried in GDPR compliance (or the sand depending on their strategy) over the last year or so, the sudden re-emergence of references to PECR within GDPR compliance documents, is causing confusion.
Today — Jul. 3 — the U.K. data protection authority the ICO has released further guidance on the restrictions around cookie use under PECR. For any business that does email marketing, understanding PECR is a must, and given the regulators have begun to step up their policing of GDPR within the media and advertising markets, it’s worth being able to distinguish the two laws.
Here’s a primer.
What is PECR?
How does this sit with GDPR?
GDPR introduced new requirements around the need for businesses to obtain consumer consent in order to use their personal data for their own purposes, such as targeted advertising. In order to keep the separate laws from conflicting, that meant PECR’s rules on consent also had to change to coincide with GDPR’s. In a nutshell, consent under PECR must now be opt-in, not opt-out, or as sometimes referred to as: “soft” opt-in. Direct marketers need to be able to show consent was knowingly and freely given.
Are fines for PECR as high as GDPR?
Nowhere near as high. PECR fines only go up to a maximum £500,000 ($630,000) for breaches, similar to those that were used under the former Data Protection Act (GDPR’s predecessor.) Under GDPR law, the European Commission has given EU regulators the power to fine up to €20 million ($23 million) or 4% of global revenue, whichever is higher. That’s why GDPR has been a far more high-profile, and feared, law. A business running direct marketing can also use the legitimate interest clause, but under the GDPR’s definition.
Sounds like PECR enforcement is quite lax?
In a way, yes. Although, prior to GDPR’s enforcement the ICO did fine two companies, albeit softly. Airline Flybe was fined £70,000 ($88,000) for sending more than 3.3 million emails to people who had already unsubscribed from its email marketing. Honda received no more than a £13,000 ($16,000) wrist slap for sending 289,790 emails to clarify certain customers’ choices for receiving marketing. While Honda believed it was ensuring its data protection compliance was water-tight by rechecking details, which it classed as customer service — rather than marketing — emails, the ICO didn’t agree. Honda couldn’t provide evidence that the customers had ever given consent to receive that kind of email in the first place — a no-no under PECR.
Wait, didn’t hundreds of companies do just that ahead of GDPR enforcement?
Absolutely. Consumers were hit with an avalanche of emails ahead of GDPR’s enforcement in which they were asked to resubscribe. In doing so, businesses hoped to avoid any risk of a GDPR fine. In reality, that merely drew attention to the fact those companies may have been in breach of PECR for years. They’ve likely most escaped any kind of penalty because the ICO had its hands full with GDPR. Plus, there would have been a grace period allowed for companies attempting to do the right thing, and any inevitable chaos stemming from an early misunderstanding of a new law.
Did they need to send those emails?
Probably not. But the fear of the more eye-watering GDPR fines would have been motivation to do so. That, plus a healthy dose of misunderstanding and the industry’s pretty broad interpretation of GDPR would have contributed to the panicked email stampede.
‘Influencer deals are being paused’: As Facebook boycott begins in earnest, influencer marketing feels a sting
The latest move to pause influencer marketing comes as marketers are not only reconsidering where their ads appear and the kind of content they appear next to, but as they work to figure out how they can better support Black creators and Black-owned businesses following the Black Lives Matter (BLM) protests.
As Facebook boycott continues, here’s a look at what major marketers were spending on Facebook and Instagram
To get a sense of how much advertisers are pulling back from Facebook, Digiday reached out to ad-tracking firm Pathmatics. The company provided estimates for how much advertisers spent on the platform during July 2019 as well as from July 2019 to 2020.
Member Exclusive‘Performative posting’: As agencies share their equality values online, staffers say they have to do much more for Black employees than post
Agency employees and execs say agencies need to do more than make statements to be better for Black employees.
SponsoredFour ways to adapt to the changing publisher ecosystem in 2020
By Neal Sinno, general manager Americas at GeoEdge For marketers, 2020 started out with so much promise — but this changed rapidly as the industry faced a global epidemic head-on. Not only did our own daily routines come to a screeching halt, for many of us our professional lives did as well. Almost as quickly […]
‘Don’t want to piss off customers’: With manufacturing and exporting snarled, some DTC brands are adapting their advertising
Media buyers say that supply chain hiccups have caused them to pause or significantly reduce media spending anywhere from two weeks to five weeks for some DTC brands low on product inventory.
Beyond remote work: Bringing serendipity back to the office
This article is part of the Future of Work briefing, a weekly email with stories, interviews, trends and links about how work, workplaces and workforces are changing. Sign up here. Kai Micah Mills had been working in a different state from his work partner for years. More recently, though, his partner, Ben Adamsky, made the move […]