Quastels
  • Expertise
    • Corporate & Commercial
    • Commercial Real Estate
    • Residential Real Estate
    • Digital Assets & Blockchain
    • Data Protection & Privacy
    • Employment
    • Dispute Resolution
    • Sports
    • Private Client
    • Immigration & Recruitment
  • Team
  • News
  • Careers
  • Contact
Menu
Quastels
  • Home
  • Expertise
  • Team
  • Careers
  • Fees
  • News
  • Contact
Quastels

Including marketing material in a newsletter without consent can breach PECR

  • Home
  • News
  • News
  • Including marketing material in a newsletter without consent can breach PECR
  • 15 April 202125 November 2021
  • Well Studio

Ann-Maree Blake, Data Protection and Corporate Partner

Including marketing material in a newsletter without consent can breach PECR

The recent decision in Leave.EU Group and Eldon Insurance Services Ltd v ICO provided some much-needed clarity on whether the inclusion of unsolicited communications for the purposes of direct marketing in consented-for communications breached the UK’s Privacy and Electronic Communications Regulations (PECR).  The Upper Tribunal Administrative Appeals Chamber (Upper Tribunal) ruled that organisations must gain adequate consent or have sufficient grounds for a soft opt-in for any direct marketing communications contained within consented for communications, e.g. a newsletter.

What is the PECR?

Derived from EU law, the PECR sits alongside the UK GDPR and the Data Protection Act 2018.  Amended several times, the latest version of the PECR came into effect on 29 March 2019.  It covers:

  • Marketing, e.g. marketing emails, calls, texts, and WhatsApp.
  • The use of cookies and other tracking software.
  • The security of public electronic communications services.
  • The privacy of customers using public electronic communication services,

If you engage in email marketing, marketing through other instant messaging products, and/or use cookies on your website, you need to comply with the PECR as well as the UK GDPR and Data Protection Act 2018.

One of the key differences between the PECR and the UK GDPR is that the former applies even if you are not processing personal data.  Its rules apply even if you do not know the person who is receiving your marketing communications.

Leave.EU Group and Eldon Insurance Services Ltd v ICO

The case of Leave.EU Group and Eldon Insurance Services Ltd v ICO related to 21 newsletters sent by Leave.EU to its 51,000 subscribers who had provided consent to receive the publications.  Each of the 21 newsletters contained marketing promotions for Eldon Insurance Services Ltd.  No consent had been provided in relation to the marketing material.

The ICO issued monetary penalty notices to Leave.EU and Eldon Insurance Ltd on the grounds they have breached regulation 22 of PECR.

Regulation 22 of the PECR states if contact details of certain consumers have been acquired by an organisation during the sales or negotiation process for a product or service, that organisation may send or instigate the sending of emails for the purposes of direct marketing as long as:

  1. The content of the direct marketing material is related to similar products and services that have been purchased or are in the process of being purchased; and
  2. the recipient has been provided with a way of declining the use of their contact details for the purposes of direct marketing at the time the details were first collected, or if consent was initially given, at the time of each subsequent communication.

Leave.EU and Eldon Insurance Ltd argued that PECR was not intended “to cover content in a newsletter which a subscriber had signed up for but which happened to contain some marketing material”; rather, they sought to regulate “indiscriminate, automated industrial-scale spamming”.  This was rejected by the Upper Tribunal, who declared that this was an “unduly narrow reading” of the regulations.

“The tenor of the legislation is that it is an intrusion on an individual’s privacy if they receive direct marketing to which they did not consent,”

The Appellants also argued they had received consent from the Leave.EU newsletter subscribers, and this covered the direct marketing information which was included.   This assertion was rejected by the Upper Tribunal, who declared subscribers had not supplied “freely given, informed, and specific” consent to receiving direct marketing material, only to the receipt of a newsletter.

“There was no indication that subscribers were doing anything other than signing up for a Brexit newsletter.  … agreeing to the very loosely drafted privacy policy amounted to signing a blank cheque. In sum [sic], Leave.EU’s approach frustrated the ability of its subscribers to consent to receive a political newsletter and nothing else. Accordingly, the FTT was entitled to find on the facts that subscribers did not “consent”, as that term is properly understood, to receiving direct marketing about Eldon’s insurance products.”

Regarding whether or not the marketing material constituted “unsolicited communication” under the PECR, the Upper Tribunal held it was not the sending of the emails that resulted in the breach.  Rather, it was the inclusion of the unconsented-for marketing material that triggered the regulatory provisions.

The appeal was dismissed.

Comment

Before the decision in Leave.EU Group and Eldon Insurance Services Ltd v ICO, little case law existed concerning the PECR.  The Upper Tribunals decision is welcome clarification on when the Regulations apply and a timely reminder that adequate consent must be obtained for any direct marketing material, even if it is included in a communication that the recipient has consented to.

To find out how we can advise you on all matters relating to privacy and data protection law, please get in touch with Ann-Maree Blake.

Please note – this article does not constitute legal advice.

Posted in News
© All right reserved
  • +44 (0)20 7908 2525
  • enquiries@quastels.com
  • Quastels LLP, Watson House, 54 Baker Street, London W1U 7BU

We are using cookies to give you the best experience on our website. Find out more in our Cookie Policy and Website Privacy Policy

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Find out more in our Cookie Policy, Client Privacy Policy and Website Privacy Policy

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Enabling this cookie enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!