Further Reading: Marketing and Privacy and Electronic Communications Regulations 2003 (PECR)

PECR applies to

  • Marketing
  • Cookies or similar technology on your website
  • Security of communications services
  • Customer privacy

Breach of PECR can result in a fine of up to £500,000

Europe is in the process of drafting an e-privacy directive – this is not yet in force

Direct marketing includes:

  • advertising goods or services
  • promotions of aims and ideals
  • by any method of communication
  • directed to particular individuals
  • including all processing that
    • lead up to
    • enable
    • support
    • and send direct marketing

Electronic communication includes:

  • Telephone
  • Text

— Table goes here

Cookies and similar technologies

A cookie is a small text file that downloads onto a computer or smartphone when the user accesses a website. It allows for communication between computer or smartphone and the website concerned: They are commonly used to:

  • Track browsing behaviour in order to target advertise
  • Analyse traffic to a website or part of a website
  • Help the user to log in
  • Record the contents of a shopping basket and pay for goods

Cookies may be:

  • Session or persistent
    • session cookies last the length of the browsing session concerned, whereas persistent cookies will record details for a future visit
  • First and third party cookies.
    • First party cookies relate to the website concerned, third party cookies relate to elements belonging to a third party on the website
  • Essential and non-essential.
    • Non-essential are those not required to run the website. Essential cookies are those that are either strictly necessary to run the website or assist in the actual communication across the electronic network

Users of websites must ensure that:

  • Users are provided with transparent, clear and comprehensive information concerning all cookies
  • Users must provide consent (to GDPR standard) to all non-essential cookies before cookies are BIT MISSING HERE FROM JANE’S DRAFT
  • If essential cookies process personal data, that processing must be GDPR compliant (ie principles, lawful basis of processing, rights etc)
  • If consent is denied or not given, the relevant cookies cannot be downloaded


  • PECR 2003 https://www.legislation.gov.uk/uksi/2003/2426/contents/made/data.htm
  • ICO guidance
    https://ico.org.uk/for-organisations/guide-to-pecr/electronic-and-telephone-marketing/using- marketing-lists/