If you’ve ever wondered why you get some marketing emails but not others—or why websites always ask for cookie consent—you can thank PECR for that.
But what is PECR, and why does it matter? Let’s break it down in plain English.
What Is PECR?
PECR stands for Privacy and Electronic Communications Regulations. It’s a UK law designed to protect people from unwanted marketing emails, texts, calls, and cookies.
Basically, it says businesses can’t send you marketing messages unless you’ve given permission. It also controls how websites use tracking cookies to collect data about you.
Think of PECR as a set of privacy rules that work alongside GDPR (General Data Protection Regulation) to keep your inbox and online activity safe from spam and misuse.
Why Was PECR Created?
Imagine getting non-stop spam calls, texts, and emails from companies you’ve never heard of. Annoying, right?
PECR was introduced to stop businesses from misusing people's personal data for marketing. Before this law, companies could send promotional emails and messages without asking for permission.
Now, businesses must follow strict rules to respect people’s privacy when using electronic marketing channels.
Key Rules Under PECR
Here’s a quick rundown of what PECR covers:
1. Marketing Emails & Texts
- Businesses must have your permission before sending marketing emails or texts.
- There’s one exception: if you’re an existing customer, they can send promotional emails—but only for similar products/services and with an easy way to opt-out.
2. Marketing Calls
- Automated marketing calls (pre-recorded messages) are banned unless you’ve opted in.
- Live marketing calls are allowed unless you’ve opted out (like joining the Telephone Preference Service (TPS)).
3. Website Cookies
- Websites must get your consent before using cookies that track you.
- They must explain what data they collect and why.
- Some essential cookies (like security and login cookies) don’t require permission.
4. Hiding Caller ID in Marketing Calls
- Businesses can’t hide their phone number when making marketing calls.
5. Selling & Using Marketing Lists
- Companies can’t buy or use email lists from third parties unless the original data collection met PECR requirements.
How Is PECR Different From GDPR?
PECR and GDPR work together, but they’re not the same.
- GDPR covers how businesses collect, store, and process personal data.
- PECR focuses on how businesses contact people using electronic marketing (emails, texts, calls, and cookies).
Even if a company follows GDPR, it still needs to comply with PECR when sending marketing messages or using cookies.
What Happens If You Break PECR Rules?
If a company violates PECR, the Information Commissioner’s Office (ICO) can:
- Issue fines of up to £500,000.
- Take legal action.
- Order companies to stop illegal marketing practices.
For example, several companies have been fined in the past for sending millions of spam emails and texts without permission.
How to Stay PECR-Compliant
If you run a business, here’s how you can follow PECR rules and avoid trouble:
✅ For Email & SMS Marketing:
✔ Get clear consent before sending marketing messages.
✔ Include an easy unsubscribe option in every message.
✔ Don’t buy or use third-party email lists unless legally collected.
✅ For Website Cookies:
✔ Show a cookie consent banner explaining what data you collect.
✔ Let visitors accept or reject cookies.
✔ Use only necessary cookies without permission (like security or login cookies).
✅ For Marketing Calls:
✔ Don’t make automated calls unless the person opted in.
✔ Check the TPS list before calling someone.
✔ Never hide your caller ID.
Conclusion
PECR helps protect people from spam, unwanted calls, and sneaky tracking cookies.
For businesses, following PECR isn’t just about avoiding fines—it’s about building trust with customers. When people know their privacy is respected, they’re more likely to engage with your emails and marketing efforts.
So, whether you’re a business owner or just someone who hates spam, PECR is a win for everyone.
Want to ensure your email marketing is PECR-compliant? Start by using opt-in forms, keeping clear records of consent, and always giving people the choice to unsubscribe.
