Including marketing material in a newsletter without consent can breach PECR
The recent decision in Leave.EU Group and Eldon Insurance Services Ltd v ICO provided some much-needed clarity on whether the inclusion of unsolicited communications for the purposes of direct marketing in consented-for communications breached the UK’s Privacy and Electronic Communications Regulations (PECR). The Upper Tribunal Administrative Appeals Chamber (Upper Tribunal) ruled that organisations must gain adequate consent or have sufficient grounds for a soft opt-in for any direct marketing communications contained within consented for communications, e.g. a newsletter.
What is the PECR?
Derived from EU law, the PECR sits alongside the UK GDPR and the Data Protection Act 2018. Amended several times, the latest version of the PECR came into effect on 29 March 2019. It covers:
- Marketing, e.g. marketing emails, calls, texts, and WhatsApp.
- The security of public electronic communications services.
- The privacy of customers using public electronic communication services,
One of the key differences between the PECR and the UK GDPR is that the former applies even if you are not processing personal data. Its rules apply even if you do not know the person who is receiving your marketing communications.
Leave.EU Group and Eldon Insurance Services Ltd v ICO
The case of Leave.EU Group and Eldon Insurance Services Ltd v ICO related to 21 newsletters sent by Leave.EU to its 51,000 subscribers who had provided consent to receive the publications. Each of the 21 newsletters contained marketing promotions for Eldon Insurance Services Ltd. No consent had been provided in relation to the marketing material.
The ICO issued monetary penalty notices to Leave.EU and Eldon Insurance Ltd on the grounds they have breached regulation 22 of PECR.
Regulation 22 of the PECR states if contact details of certain consumers have been acquired by an organisation during the sales or negotiation process for a product or service, that organisation may send or instigate the sending of emails for the purposes of direct marketing as long as:
- The content of the direct marketing material is related to similar products and services that have been purchased or are in the process of being purchased; and
- the recipient has been provided with a way of declining the use of their contact details for the purposes of direct marketing at the time the details were first collected, or if consent was initially given, at the time of each subsequent communication.
Leave.EU and Eldon Insurance Ltd argued that PECR was not intended “to cover content in a newsletter which a subscriber had signed up for but which happened to contain some marketing material”; rather, they sought to regulate “indiscriminate, automated industrial-scale spamming”. This was rejected by the Upper Tribunal, who declared that this was an “unduly narrow reading” of the regulations.
“The tenor of the legislation is that it is an intrusion on an individual’s privacy if they receive direct marketing to which they did not consent,”
The Appellants also argued they had received consent from the Leave.EU newsletter subscribers, and this covered the direct marketing information which was included. This assertion was rejected by the Upper Tribunal, who declared subscribers had not supplied “freely given, informed, and specific” consent to receiving direct marketing material, only to the receipt of a newsletter.
Regarding whether or not the marketing material constituted “unsolicited communication” under the PECR, the Upper Tribunal held it was not the sending of the emails that resulted in the breach. Rather, it was the inclusion of the unconsented-for marketing material that triggered the regulatory provisions.
The appeal was dismissed.
Before the decision in Leave.EU Group and Eldon Insurance Services Ltd v ICO, little case law existed concerning the PECR. The Upper Tribunals decision is welcome clarification on when the Regulations apply and a timely reminder that adequate consent must be obtained for any direct marketing material, even if it is included in a communication that the recipient has consented to.
To find out how we can advise you on all matters relating to privacy and data protection law, please get in touch with Ann-Maree Blake.
Please note – this article does not constitute legal advice.