KNOWLEDGE BASE Mobile Marketing In The UK
The information on this page was current at the time it was published. Regulations, trends, statistics, and other information are constantly changing. While we strive to update our Knowledge Base, we strongly suggest you use these pages as a general guide and be sure to verify any regulations, statistics, guidelines, or other information that are important to your efforts.
Brexit Update:
Since the UK officially left the European Union on January 31, 2020, the relationship between the two has evolved and continues to be shaped by the ongoing implementation of the withdrawal agreement.
Key Dates:
-
January 31, 2020: UK officially left the EU and entered a transition period that ended on December 31, 2020.
-
December 31, 2020: The transition period ended, and the UK fully exited the EU single market and customs union.
-
January 1, 2021: The UK-EU Trade and Cooperation Agreement came into effect, outlining the post-Brexit relationship between the two entities.
-
2023/2024 Current: The UK and EU are still navigating the ongoing implementation and potential revisions of their post-Brexit relationship.
It's crucial for businesses operating in either the UK or the EU to stay informed about the latest developments and adjust their operations accordingly.
Mobile Marketing In The UK
Phone Marketing Regulations
Privacy and Electronic Communications (EC Directive) Regulations
The Privacy and Electronic Communications (EC Directive) Regulations complements the UK General Data Protection Regulation (UK GDPR) by specifically addressing electronic communication channels like email, text messages, and cookies. PECR was derived from European law and continues to hold vital importance in regulating electronic communications, primarily focusing on marketing practices and user privacy online.While no major amendments have been introduced since 2011, evolving technologies and interpretations by the ICO continue to shape PECR application.
To whom and what do the Privacy and Electronics Communications Regulations apply?
Unlike the UK GDPR, which primarily focuses on personal data processing and identification, PECR applies regardless of whether you know the individual you're contacting. This broader reach ensures online privacy protections extend beyond targeted marketing.PECR applies if you:
-
market by phone, text, email, or fax;
-
use cookies or a similar technology on your website; or
-
compile a telephone (or similar public) directory.
What are the important terms to understand?
Electronic Communications: Although it is not defined in the PECR, electronic communications generally means any information sent between particular parties through a phone line or internet connection. This includes:
-
phone calls
-
text messages
-
video messages
-
faxes
-
emails
-
internet messages
Electronic communications does not include generally available information, such as the content of websites or broadcast programming.
Consent: In the context of the PECR, consent must be knowingly given, clear, and specific. It must be given to your particular company and to the manner in which you intend to market, i.e., email, phone call (live or automated), text, or fax.
The clearest way to obtain consent is to allow the receiver to click an “opt-in” box. You must always provide the receiver with the opportunity to withdraw consent, or “opt out.” An unticked “opt-in” box is more clear than a pre-ticked “opt-in” box or an “opt-out” box.
How do I comply with the PECR?
PECR restricts unsolicited marketing by phone, text, email, fax, or other electronic message. Regulation 21 prohibits you from making live unsolicited (telemarketing) calls to anyone who:
-
has previously told you that he or she does not want to receive the marketing calls; or
-
has registered with the Telephone Preference Service or the Corporate Telephone Preference Service, unless the person has specifically consented to your calls, even if he or she is an existing customer.
You must always tell the subscriber who is calling and provide contact address or freephone number if asked.
When can I make telemarketing calls?
Based on the restrictions in Regulation 21, you can make telemarketing calls to any individual who has specifically consented to the calls (e.g., chosen to ‘opt-in’) and to any individual who has not consented as long as he or she is not listed on the TPS registry and has not previously objected to your calls.
In practice, this means you will have to check your list against the TPS registry and keep your own list of people who have previously objected or opted out.
Regulation 19 governs the use of automated systems when making marketing phone calls. Rules for automated phone calls are stricter in that they require that you always have the consent of the receiver to receive this type of call. General consent for marketing, even telemarketing, is not enough. All automated calls must include your name and either a contact address or a freephone number.
The Telephone Preference Service is central register of individuals who have opted out of receiving telemarketing phone calls. The Corporate Telephone Preference Service is a central register of corporations that have opted out of receiving telemarketing phone calls. Sole traders and some partnerships are considered individuals, and therefore may be registered in the TPS rather than the CTPS, so you should check your marketing lists against both registers.
The TPS registry only prohibits marketing calls, so you will still be able to make calls for purposes of genuine market research. Also, the TPS registry does allow people to register mobile telephone numbers, which will prevent you from making telemarketing calls to those numbers, but this does not prevent you from sending SMS messages. As good business practice, if you send marketing SMS messages, you should include an ‘opt-out’ request option.
Can I use marketing lists?
Navigating marketing lists in the UK: Compliance is key. Using marketing lists in the UK requires careful consideration of both the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR). These regulations ensure responsible marketing practices and individual privacy protection.
Bought-in marketing lists
While using bought-in marketing lists has some use cases in the UK, navigating the legal landscape requires significant caution and compliance with both the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR).
Important considerations:
-
Limited use: Bought-in lists are generally impractical for recorded call, text, and email marketing due to strict consent requirements under UK GDPR and PECR. Individuals must have given specific consent for receiving the specific type of marketing you're using (e.g., email opt-in for email campaigns).
-
Consent limitations: Generic consent for any third party is insufficient. Purchased lists should ideally contain evidence of individuals' specific and recent consent for the exact marketing channel you'll be using.
-
Data accuracy and source: Scrutinize the list's data accuracy and source. Avoid lists obtained through unfair means or containing inaccurate information. This helps ensure compliance with both regulations.
-
Screening lists: For live phone calls, screen the list against the Telephone Preference Service (TPS) and your own "do not call" list. Similarly, for B2B fax marketing, use the Fax Preference Service (FPS) and your "do not fax" list.
-
Transparency and opt-out: Clearly disclose your data source and provide easy unsubscribe mechanisms for recipients.
Building your own marketing lists in the UK: Navigating consent under UK GDPR and PECR
Compiling your own marketing lists in the UK offers valuable reach to potential customers, but proper consent management under the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR) is crucial.
Key considerations:
-
Explicit consent: Always acquire clear and informed consent from individuals for adding them to your list and specifying the marketing channels used (e.g., email, phone). Generic consent covering any third party is insufficient.
-
Opt-in mechanisms: Make opting in to your marketing effortless for users. Use dedicated opt-in boxes for each channel you plan to use.
-
Transparency: Be upfront about your data collection and usage practices. Explain how you'll use their data for marketing purposes in a clear and concise privacy policy.
-
Data accuracy and records: Maintain accurate and up-to-date records of when, how, and what type of marketing consent you received for each individual.
-
Individual vs. Company: Differentiate between individuals and companies on your list. B2B marketing has different rules compared to B2C. If unsure, treat the entity as an individual and follow stricter individual consent requirements.
-
Avoid pre-ticked boxes: Opt-in boxes should be unchecked by default. Individuals must actively choose to opt-in.
-
Provide unsubscribe options: Clearly display unsubscribe mechanisms in every marketing message you send.
-
Consider double opt-in: This practice sends a confirmation email upon initial opt-in, adding an extra layer of consent verification.
Sharing marketing lists in the UK: Navigating consent under UK GDPR and PECR
Sharing marketing lists with other companies or groups requires careful consideration under the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR). Both regulations emphasize individual control over their personal data.
Key points to remember:
-
Explicit consent: You must obtain clear and informed consent from individuals before sharing their data with any third party, including other companies or groups within your parent company. Generic consent for any third party is insufficient.
-
Transparency: Clearly explain in your privacy policy and during consent collection how their data may be shared with third parties. Avoid hiding this information in difficult-to-find clauses.
-
Opt-in mechanisms: Provide an easy and accessible way for individuals to opt-out of their data being shared. This could be through a dedicated checkbox during consent collection or clear unsubscribe options in your marketing communications.
-
Lawful basis: Identify the lawful basis for processing personal data under UK GDPR. Sharing data for marketing purposes generally requires explicit consent, but other lawful bases may apply depending on the specific scenario.
-
Data security: Implement appropriate safeguards to protect personal data from unauthorized access, loss, or misuse when sharing with third parties.
-
Consider using data minimization principles. Only share the minimum amount of personal data necessary for the intended purpose.
-
Document your consent processes and data sharing practices for audit purposes.
-
Consult legal professionals for specific advice on your data sharing practices and ensure compliance with relevant regulations.
Respecting Opt-Outs and Objections: Key Steps for UK Compliance
In the UK, respecting individual choices regarding marketing communications is crucial under the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR). Here's how to handle opt-outs and objections effectively:
Responding to Opt-Outs:
-
Immediate action: Upon receiving an opt-out request (e.g., unsubscribe), add the individual to your "do not contact" list immediately. This ensures they are not contacted again for any marketing purposes through any channels.
-
Confirmation message: Send a prompt confirmation email or message acknowledging their opt-out and detailing their removal from your marketing lists.
-
No further contact: Remember, any further contact, even for re-opt-in, constitutes a potential breach. Respect their decision to opt-out.
Responding to Objections:
-
Address concerns: If someone objects to your marketing practices, listen and address their concerns promptly and professionally.
-
Investigate and rectify: Investigate the reason for their objection and take appropriate action to rectify the situation, if necessary.
-
Comply with objection rights: If their objection pertains to their data processing, understand and comply with their right to object and restrict processing under UK GDPR.
Maintaining Data:
-
Do not delete: While not actively contacting individuals on your "do not contact" list, retain their information for a reasonable period to ensure they are not inadvertently included in future marketing campaigns. This is particularly important when using bought lists or when data merging occurs.
-
Secure storage: Implement appropriate safeguards to protect their data while it's stored on your "do not contact" list.
Enforcement and Penalties:
-
Information Commissioner's Office (ICO): The ICO enforces PECR and UK GDPR, with the power to impose significant fines of up to £20 million (updated from £500,000) for serious breaches.
-
Compliance is key: Prioritize compliance with data protection regulations to avoid potential penalties and reputational damage.
Fax Marketing Regulations
To whom and what do the Privacy and Electronic Communications Regulations apply in Fax Marketing?
Unlike the UK GDPR, which primarily focuses on personal data processing and identification, PECR applies regardless of whether you know the individual you're contacting. This broader reach ensures online privacy protections extend beyond targeted marketing.PECR applies if you:
-
market by phone, text, email, or fax;
-
use cookies or a similar technology on your website; or
-
compile a telephone (or similar public) directory.
What are the important terms to understand?
Electronic Communications: Although it is not defined in the PECR, electronic communications generally means any information sent between particular parties through a phone line or internet connection. This includes:
-
phone calls
-
text messages
-
video messages
-
faxes
-
emails
-
internet messages
Electronic communications does not include generally available information, such as the content of websites or broadcast programming.
Consent: In the context of the PECR, consent must be knowingly given, clear, and specific. It must be given to your particular company and to the manner in which you intend to market, i.e., email, phone call (live or automated), text, or fax.
The clearest way to obtain consent is to allow the receiver to click an “opt-in” box. You must always provide the receiver with the opportunity to withdraw consent, or “opt out.” An unticked “opt-in” box is more clear than a pre-ticked “opt-in” box or an “opt-out” box.
How do I comply with the PECR?
Regulation 20 prohibits you from sending faxes to:
-
individuals, sole traders, and some partnerships without their specific consent to receive such faxes;
-
corporations that have previously told you they do not want to received such faxes; and
-
any number registered in the Fax Preference Service, unless you have specific consent.
All marketing faxes must include the name of the sender and a contact address or freephone number.
Based on Regulation 20, you can send marketing faxes to individuals only if they have specifically consented to receiving marketing faxes from you. Sole traders and some partnerships are treated as individuals for purposes of fax marketing. You can send marketing faxes to any corporate body without consent if it is not listed on the FPS and it has not previously objected to your marketing faxes. This means you will need to screen your marketing list against the FPS and keep your own list of companies that have opted-out of your marketing faxes.
The Telephone Preference Service is a central register of individuals and companies who do not wish to receive marketing faxes. Although the TPS is primarily aimed at businesses, individuals who do not wish to receive marketing faxes can register as well.
Marketing & Bought-in marketing lists
Both bought-in and self-created marketing lists can be used, but compliance with data protection and privacy regulations is paramount. This is especially crucial for bought-in lists, which carry higher risks. Using bought-in lists for B2B fax marketing requires double screening: first against the Telephone Preference Service (TPS) and your "do not fax" list, and then for data accuracy and fair collection practices. Ensure the consent on the list is specific, recent, and verifiable, and that the data collection methods complied with relevant regulations.
Compiling your own marketing lists
Using the details of people who previously bought goods or services from you or who have registered through your website or made an enquiry is a great way to compile a marketing list. However, you cannot assume that because someone provided his contact details, he is happy to receiving marketing from you. You should make it clear upfront that you intend to use his details for marketing purposes. The easiest way to get clear consent is to use opt-in boxes for each type of marketing message you intend to send, e.g., text, email, phone. To ensure you are compiling an accurate and up to date list, record when, how, and what type of marketing consent you received. It is also important to note whether it is an individual or a company, as different rules apply to each. If you do not know whether it is an individual or a company, assume it is an individual and comply with the more strict rules.
Sharing marketing lists
If you intend to share your marketing lists with another company or group within your parent company, you must have each individual’s specific consent to do so. You cannot show consent by simply providing the notice in a hard to find, difficult to understand, and rarely read privacy policy.
Responding to objections or opt-outs
As soon as someone objects to or opts-out of your marketing messages, you should add him to your “do not contact” list. You can send an immediate reply confirming his unsubscribed status, but you may not contact him in the future even to ask if he would like to opt-in again. When someone objects or opts-out, you should not delete his information altogether, instead you should add him to your “do not contact” list, to ensure he will not be contacted in the future by mistake. This is particularly important if you buy new leads or marketing lists, as his details may be on a new list.
What are the risks of noncompliance?
The ICO enforces PECR and UK GDPR, with the power to impose significant fines of up to £20 million (updated from £500,000) for serious breaches.The ICO publishes quarterly updates on enforcement measures taken.
Phone marketing regulations
Privacy and Electronic Communications (EC Directive) Regulations
Information Commissioner's Office: Guide to the Privacy and Electronic Communications Regulations
Fax marketing regulations
Privacy and Electronic Communications (EC Directive) Regulations
Information Commissioner's Office: Guide to the Privacy and Electronic Communications Regulations
KNOWLEDGE BASE Mobile Marketing In The UK