An acronym that has resurfaced lately, typically when a data protection regulator mentions the General Data Protection Regulation, is PECR.
For media and marketing businesses that have had their heads buried in GDPR compliance (or the sand depending on their strategy) over the last year or so, the sudden re-emergence of references to PECR within GDPR compliance documents, is causing confusion.
Today — Jul. 3 — the U.K. data protection authority the ICO has released further guidance on the restrictions around cookie use under PECR. For any business that does email marketing, understanding PECR is a must, and given the regulators have begun to step up their policing of GDPR within the media and advertising markets, it’s worth being able to distinguish the two laws.
Here’s a primer.
What is PECR?
How does this sit with GDPR?
GDPR introduced new requirements around the need for businesses to obtain consumer consent in order to use their personal data for their own purposes, such as targeted advertising. In order to keep the separate laws from conflicting, that meant PECR’s rules on consent also had to change to coincide with GDPR’s. In a nutshell, consent under PECR must now be opt-in, not opt-out, or as sometimes referred to as: “soft” opt-in. Direct marketers need to be able to show consent was knowingly and freely given.
Are fines for PECR as high as GDPR?
Nowhere near as high. PECR fines only go up to a maximum £500,000 ($630,000) for breaches, similar to those that were used under the former Data Protection Act (GDPR’s predecessor.) Under GDPR law, the European Commission has given EU regulators the power to fine up to €20 million ($23 million) or 4% of global revenue, whichever is higher. That’s why GDPR has been a far more high-profile, and feared, law. A business running direct marketing can also use the legitimate interest clause, but under the GDPR’s definition.
Sounds like PECR enforcement is quite lax?
In a way, yes. Although, prior to GDPR’s enforcement the ICO did fine two companies, albeit softly. Airline Flybe was fined £70,000 ($88,000) for sending more than 3.3 million emails to people who had already unsubscribed from its email marketing. Honda received no more than a £13,000 ($16,000) wrist slap for sending 289,790 emails to clarify certain customers’ choices for receiving marketing. While Honda believed it was ensuring its data protection compliance was water-tight by rechecking details, which it classed as customer service — rather than marketing — emails, the ICO didn’t agree. Honda couldn’t provide evidence that the customers had ever given consent to receive that kind of email in the first place — a no-no under PECR.
Wait, didn’t hundreds of companies do just that ahead of GDPR enforcement?
Absolutely. Consumers were hit with an avalanche of emails ahead of GDPR’s enforcement in which they were asked to resubscribe. In doing so, businesses hoped to avoid any risk of a GDPR fine. In reality, that merely drew attention to the fact those companies may have been in breach of PECR for years. They’ve likely most escaped any kind of penalty because the ICO had its hands full with GDPR. Plus, there would have been a grace period allowed for companies attempting to do the right thing, and any inevitable chaos stemming from an early misunderstanding of a new law.
Did they need to send those emails?
Probably not. But the fear of the more eye-watering GDPR fines would have been motivation to do so. That, plus a healthy dose of misunderstanding and the industry’s pretty broad interpretation of GDPR would have contributed to the panicked email stampede.
Member ExclusiveMedia Briefing: A timeline of media unions’ actions this quarter
Media unions are working to get contracts signed by the end of the year, and are using strikes, pickets and rallies to try and accomplish those goals.
BuzzFeed, Hearst, other publishers, replace lavish holiday parties with more subdued celebrations
BDG, BuzzFeed, Hearst and The Washington Post will host in-person holiday parties this year, though they will not be the stereotypical soirées.
Member ExclusiveMedia Buying Briefing: The latest media agency estimates for 2023 revenue are out and they remain, well, upbeat
Two holding company media agency analysts continue to hold a more positive, if slightly tempered outlook on 2023 given strong results for 2022.
SponsoredHow Comscore is simplifying pre- and post-campaign measurement for advertisers
Produced in partnership with Marketecture The following article provides highlights from an interview between Greg Dale, Comscore’s general manager of digital, and Mike Shields, co-founder of Marketecture. Register for free to watch more of the discussion and learn how advanced advertising measurement is providing advertisers access to the deep data they need across all platforms. […]
The case for and against publishers continuing holiday-specific commerce coverage post-Black Friday weekend
Black Friday is over but publishers are up in the air about whether or not to continue covering holiday sales in the lead up to the holidays.
Why PMG’s Nike win doesn’t seem all that unusual for the indie media agency
The Texas-based independent agency continues to grow its roster of clients after landing Nike's media AOR business for North America.