WTF is PECR?
An acronym that has resurfaced lately, typically when a data protection regulator mentions the General Data Protection Regulation, is PECR.
For media and marketing businesses that have had their heads buried in GDPR compliance (or the sand depending on their strategy) over the last year or so, the sudden re-emergence of references to PECR within GDPR compliance documents, is causing confusion.
Today — Jul. 3 — the U.K. data protection authority the ICO has released further guidance on the restrictions around cookie use under PECR. For any business that does email marketing, understanding PECR is a must, and given the regulators have begun to step up their policing of GDPR within the media and advertising markets, it’s worth being able to distinguish the two laws.
Here’s a primer.
What is PECR?
How does this sit with GDPR?
GDPR introduced new requirements around the need for businesses to obtain consumer consent in order to use their personal data for their own purposes, such as targeted advertising. In order to keep the separate laws from conflicting, that meant PECR’s rules on consent also had to change to coincide with GDPR’s. In a nutshell, consent under PECR must now be opt-in, not opt-out, or as sometimes referred to as: “soft” opt-in. Direct marketers need to be able to show consent was knowingly and freely given.
Are fines for PECR as high as GDPR?
Nowhere near as high. PECR fines only go up to a maximum £500,000 ($630,000) for breaches, similar to those that were used under the former Data Protection Act (GDPR’s predecessor.) Under GDPR law, the European Commission has given EU regulators the power to fine up to €20 million ($23 million) or 4% of global revenue, whichever is higher. That’s why GDPR has been a far more high-profile, and feared, law. A business running direct marketing can also use the legitimate interest clause, but under the GDPR’s definition.
Sounds like PECR enforcement is quite lax?
In a way, yes. Although, prior to GDPR’s enforcement the ICO did fine two companies, albeit softly. Airline Flybe was fined £70,000 ($88,000) for sending more than 3.3 million emails to people who had already unsubscribed from its email marketing. Honda received no more than a £13,000 ($16,000) wrist slap for sending 289,790 emails to clarify certain customers’ choices for receiving marketing. While Honda believed it was ensuring its data protection compliance was water-tight by rechecking details, which it classed as customer service — rather than marketing — emails, the ICO didn’t agree. Honda couldn’t provide evidence that the customers had ever given consent to receive that kind of email in the first place — a no-no under PECR.
Wait, didn’t hundreds of companies do just that ahead of GDPR enforcement?
Absolutely. Consumers were hit with an avalanche of emails ahead of GDPR’s enforcement in which they were asked to resubscribe. In doing so, businesses hoped to avoid any risk of a GDPR fine. In reality, that merely drew attention to the fact those companies may have been in breach of PECR for years. They’ve likely most escaped any kind of penalty because the ICO had its hands full with GDPR. Plus, there would have been a grace period allowed for companies attempting to do the right thing, and any inevitable chaos stemming from an early misunderstanding of a new law.
Did they need to send those emails?
Probably not. But the fear of the more eye-watering GDPR fines would have been motivation to do so. That, plus a healthy dose of misunderstanding and the industry’s pretty broad interpretation of GDPR would have contributed to the panicked email stampede.
Cheat Sheet: Nielsen studies show ‘light’ listeners make up nearly half of podcast audience
Nielsen's latest studies show the number of podcast listeners who tune in one to three times a month has grown 10% since 2018.
Member ExclusiveDigiday Research: Publishers have checked out on platforms
As platform audiences continue to swell, their ad products mature and advertisers continue to pour money into them, publishers today consider most platforms neither a valuable source of revenue nor an important channel for brand-building, new Digiday Research reveals.
Member ExclusiveMedia Buying Briefing: Agency holding companies are busy trying to advance DE&I efforts, but take divergent paths to get there
Agency holding companies continue to push DE&I initiatives, but are taking different pathways to achieve their goals.
SponsoredIdentity solution fatigue is setting in: How to keep moving
By Kristina Prokop, CEO and co-founder, Eyeota As we move deeper into 2021, the desperate search for identity solutions that can smooth marketing organizations’ transitions to a cookieless world is reaching a fever pitch. There’s no shortage of new identifiers and identity technologies vying for attention — and that’s a big part of the problem. […]
How GNI Startups Boot Camp is giving journalists the tools for media entrepreneurialism
In its second iteration, GNI Startups Boot Camp lead Phillip Smith is hoping the program will help journalists become media founders and quench the news deserts in North America.
How publishers are handling the Juneteenth holiday this year
A number of publishers are observing Juneteenth this year, but not in the same way, with some making it an official holiday and others encouraging employees to use their PTO to take the day off.