An acronym that has resurfaced lately, typically when a data protection regulator mentions the General Data Protection Regulation, is PECR.
For media and marketing businesses that have had their heads buried in GDPR compliance (or the sand depending on their strategy) over the last year or so, the sudden re-emergence of references to PECR within GDPR compliance documents, is causing confusion.
Today — Jul. 3 — the U.K. data protection authority the ICO has released further guidance on the restrictions around cookie use under PECR. For any business that does email marketing, understanding PECR is a must, and given the regulators have begun to step up their policing of GDPR within the media and advertising markets, it’s worth being able to distinguish the two laws.
Here’s a primer.
What is PECR?
How does this sit with GDPR?
GDPR introduced new requirements around the need for businesses to obtain consumer consent in order to use their personal data for their own purposes, such as targeted advertising. In order to keep the separate laws from conflicting, that meant PECR’s rules on consent also had to change to coincide with GDPR’s. In a nutshell, consent under PECR must now be opt-in, not opt-out, or as sometimes referred to as: “soft” opt-in. Direct marketers need to be able to show consent was knowingly and freely given.
Are fines for PECR as high as GDPR?
Nowhere near as high. PECR fines only go up to a maximum £500,000 ($630,000) for breaches, similar to those that were used under the former Data Protection Act (GDPR’s predecessor.) Under GDPR law, the European Commission has given EU regulators the power to fine up to €20 million ($23 million) or 4% of global revenue, whichever is higher. That’s why GDPR has been a far more high-profile, and feared, law. A business running direct marketing can also use the legitimate interest clause, but under the GDPR’s definition.
Sounds like PECR enforcement is quite lax?
In a way, yes. Although, prior to GDPR’s enforcement the ICO did fine two companies, albeit softly. Airline Flybe was fined £70,000 ($88,000) for sending more than 3.3 million emails to people who had already unsubscribed from its email marketing. Honda received no more than a £13,000 ($16,000) wrist slap for sending 289,790 emails to clarify certain customers’ choices for receiving marketing. While Honda believed it was ensuring its data protection compliance was water-tight by rechecking details, which it classed as customer service — rather than marketing — emails, the ICO didn’t agree. Honda couldn’t provide evidence that the customers had ever given consent to receive that kind of email in the first place — a no-no under PECR.
Wait, didn’t hundreds of companies do just that ahead of GDPR enforcement?
Absolutely. Consumers were hit with an avalanche of emails ahead of GDPR’s enforcement in which they were asked to resubscribe. In doing so, businesses hoped to avoid any risk of a GDPR fine. In reality, that merely drew attention to the fact those companies may have been in breach of PECR for years. They’ve likely most escaped any kind of penalty because the ICO had its hands full with GDPR. Plus, there would have been a grace period allowed for companies attempting to do the right thing, and any inevitable chaos stemming from an early misunderstanding of a new law.
Did they need to send those emails?
Probably not. But the fear of the more eye-watering GDPR fines would have been motivation to do so. That, plus a healthy dose of misunderstanding and the industry’s pretty broad interpretation of GDPR would have contributed to the panicked email stampede.
Dentsu’s latest ad report shows slowed growth, driven mostly by inflation
The good news in Dentsu's ad forecast is that there's still growth. The bad news: most of the growth is the result of inflation, while real ad pricing actually dropped a bit.
How chef influencer Tue Nguyen works with the BuzzFeed Creator Network
BuzzFeed's Creator Network has been valuable from an audience and production education standpoint, but Nguyen still drives most of her business on her own.
Dentsu’s new Web3 readiness tool shines light on the tech’s potential to complement AI
Dentsu's Innovation Initiative is launching a web3 readiness index next month — at a time when the industry is obsessed with AI. Could the two technologies actually make a good pair?
SponsoredHow enterprise-grade CDPs are enhancing data processes and improving customer experiences
Produced in partnership with Marketecture The following article highlights an interview between Martin Kihn, Salesforce’s senior vice president of Marketing Cloud, and Ari Paparo, founder and CEO of Marketecture Media. Register to watch more of the discussion and learn how brands are making the most of enterprise-grade CDP technologies. As brands expand across channels and […]
Digiday+ Research deep dive: Publishers large and small put their resources into first-party data
Eighty-two percent of publishers overall say they're already using first-party data to prepare for the end of the third-party cookie, and nearly half are requiring users to register and integrating first-party data segments into DSPs – indicating that first-party data is the clear path forward for publishers heading into the post-cookie world.
Media Briefing: Why publishers hope chatbots will be the latest retention tool
Publishers hope the chatbots they are developing will be the latest retention tool to keep readers onsite and to get them to consume more content.