Skip to content 
The UK Information Commissioner’s Office (ICO) has recently fined telecoms company EE Limited £100,000 for sending millions of unsolicited marketing messages to customers. While the ICO’s recent announcement of its intention to fine BA and Marriott record breaking amounts for breaches of the GDPR has grabbed the headlines, it is important for businesses not to lose sight of their obligations under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) and importantly the obligation not to send unsolicited electronic marketing messages without the appropriate consents. These obligations have been around for a number of years but both their application and the fines that the ICO can levy for breaches have both been considerably stiffened as a result of the GDPR.
Under Regulation 22 of PECR, consent must be obtained prior to sending unsolicited electronic marketing communications (for example emails) unless specific criteria are fulfilled. PECR only applies to messages sent to certain people (for example individuals, sole traders and partnerships) and does not apply to messages sent to companies and LLPs.
EE argued that the messages were sent as service messages and were not marketing communications. However due to the inclusion of direct marketing within these messages, the ICO held that the electronic marketing rules applied. Andy White, Director of Investigations for the ICO, stated that EE were only fined a fifth of the maximum £500,000 fine, largely due to their belief that EE did not intentionally break the electronic marketing rules.
Organisations must, under the GDPR, be able to show that the consent was freely and knowingly given and are advised to keep records of what the individuals have consented to, as well as when and how this consent was acquired. This can then be used to support their case should a complaint be received by the ICO. Indirect consent (i.e. consent given to a third party) is unlikely to be sufficient unless it is specific enough to clearly apply to the organization carrying out the marketing.
To learn more about methods of obtaining consent, an exception to the rule of obtaining specific consent, definitions of ‘direct marketing’, and the potential effects of Brexit on PECR in the UK,
click here to read the full blogpost by Nick Phillips of Ally Law member Edwin Coe LLP.
