E-marketing under British data protection law

The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) (ENG) contain provisions on E-marketing.

If personal data is processed, then the provisions of the Data Protection Act (DPA) 1998 (ENG) also apply.

Both laws must be complied with. It is important to note, however, that the PECR also applies for e-marketing activities, which do not involve the processing of personal data.

Furthermore, the UK Electronic Commerce (EC Directive) Regulations 2002 (ENG) contains the provisions for unsolicited commercial email (i.e. spam).

The provisions of the PECR apply to organisation sending electronic marketing messages, which, is described as any kind of information sent between certain parties via electronic communications services (e.g. telephone or Internet). This includes telephone calls, faxes, text messages, video messages, e-mails and web-based message services. However, generally accessible information, such as website contents or television and radio programmes, are not covered.

The Information Commissioner’s Office (ICO), www.ico.org.uk is responsible for monitoring the PECR. The ICO has drawn up several relevant guides on E-marketing:

In addition to his, the Direct Marketing Association (DMA) has published a Direct Marketing Code of Practice. The Code sets standards for ethical conduct and best practices in direct marketing. Compliance with the Code is obligatory for members of the DMA. However, the ICO also encourages non-members to comply with the Code in order to ensure the highest level of ethical conduct and to promote consumer confidence. The Code is published by the Direct Marketing Commission.

General rule: only with consent

Under UK law, organisations may only send electronic marketing messages to individuals if that person has specifically consented to receiving them. This rule does not apply to legal persons providing the messages are sent to the company’s e-mail address. However, if employees of organisations are contacted, the general rule applies.

In this regard, the ban is concerned with making contact with specifically identifiable recipients. The ban does not cover blogs or banner ads on social media sites as these are not directed at specifically identifiable recipients. Entries of sites of this nature on the user’s site are, however, covered by the advertising ban.

According to Article 23 PECR, organisations must not disguise or conceal their identity in any marketing texts or emails, and must provide a valid contact address for individuals to opt out or unsubscribe (which would mean consent was withdrawn).


Article 22 (2) and (3) of the PECR contain exceptions to the above-mentioned rule.

Organisations can send marketing messages if

  • they have obtained the contact details in the course of a sale (or negotiations for a sale) of a product or service to that person;
  • they are only marketing their own similar products or services; and
  • they gave the person a simple opportunity to refuse or opt out of the marketing, both when first collecting the details and in every message after that.

Information requirements

Article 24 of the PECR requires that organisations sending electronic marketing messages must make the following information available:

  • the name of the organisation;
  • the physical address where the organisation is registered;
  • where necessary, a telephone number where the organisation can be reached free of charge.

Consequences of infringements

The ICO can take implementation measures if the provisions are not complied with. Infringements against the DPA or the PECR can lead to an enforcement order, which obliges the sender to take measures for remedying the infringements. Non-observance is an administrative offence.

Serious violations can lead to a fine of up to £ 500,000.

Additional requirements

In accordance with Article 7 of the UK E-Commerce Act, marketing mails must meet the following conditions.

  • Marketing messages must be clearly recognisable as such;
  • If the sending of marketing messages is send on behalf of an organisation, the sender must be clearly identifiable;

if the marketing messages includes promotional material, such as discounts, allowances and gifts, they must be clearly identifiable as such and the organisation must comply with DPA and PECR direct marketing rules.