PECR for charities

The Information Commissioner’s Office (ICO) has been cracking down on incorrect marketing practices under the Privacy and Electronic Communications Regulations (PECR). In early 2024, they fined LADH £50,000 for sending unsolicited SMS messages promoting financial services. This is just one example of several fines issued in recent months, totalling £440,000. These actions highlight the ICO’s focus on protecting individuals from unwanted marketing communications.

PECR is in place to protect individuals from unsolicited marketing communications. Breaches of these regulations can have serious consequences for charities, including fines and damage to their reputation.
What are PECR Violations?

PECR outlines how organisations can approach electronic marketing, including emails, text messages, and phone calls. Here are some common ways charities might violate PECR:

  • Failing to obtain consent: PECR requires explicit consent from individuals before sending them marketing messages. Pre-ticked opt-in boxes is not sufficient.
  • Not providing clear opt-out options: Every marketing message must include a clear and straightforward way for individuals to opt-out of receiving further communications.
  • Purchasing or obtaining contact details illegally: Charities must ensure to obtain contact information that can be lawfully processed.
  • Continuing to contact someone who has opted-out: Once someone opts out, all marketing communications must cease.
Why Should Charities Care?

The consequences of PECR violations can be significant:

  • Financial penalties: The Information Commissioner’s Office (ICO), the UK’s data protection regulator, has the authority to issue substantial fines for serious breaches.
  • Reputational damage: Public trust is crucial for charities. News of PECR violations can damage a charity’s reputation, making it harder to attract donations and volunteers.
  • Reduced effectiveness of marketing: Marketing messages sent to those who haven’t opted-in are unlikely to be well-received and can harm the charity’s image.
How Can Charities Avoid PECR Violations?

Charities can take steps to ensure their marketing practices comply with PECR:

  • Obtain clear and unambiguous consent: Ask for explicit consent before adding individuals to marketing lists.
  • Provide a user-friendly opt-out option: Include a clear and easy-to-find opt-out option in all marketing messages.
  • Only contact those who have opted-in: Ensure all recipients have opted-in to receive communications.
Cookies and PECR Compliance

In addition to traditional marketing methods, charities also need to consider how they use cookies on their websites. Cookies are small pieces of data that websites store on a user’s device. They can be used for a variety of purposes, including:

  • Remembering user preferences: Cookies can store information about a user’s preferences, such as their preferred language or font size. This can improve the user experience by making the website more user-friendly.
  • Tracking website usage: Cookies can be used to track how visitors navigate a website. This information can be used to improve the website’s design and functionality.
  • Targeted advertising: Third-party cookies can be used to track a user’s browsing activity across different websites. This information can then be used to target the user with advertising that is relevant to their interests.

While cookies can be a valuable tool, their use must comply with PECR. Here’s how:

  • Transparency: Charities must be transparent about how they use cookies on their website. This should be explained in a clear and concise cookie policy that is easily accessible to users.
  • Consent: For cookies that are not essential for the website to function (such as those used for targeted advertising), charities must obtain consent from users before placing them on their device. This can be done through a cookie banner that appears when a user first visits the website.

By following these guidelines, charities can ensure their use of cookies is compliant with PECR and protects user privacy.

Changes Ahead: new opportunities for your fundraising activities

Currently, the soft opt-in, which assumes consent based on a transaction, does not extend to donations. This means that charities cannot presume an individual’s consent solely from a donation they have made. However, there’s exciting news on the horizon! The new data protection bill, which is expected to pass this year, may change the rules. The changes will empower charities to utilise the soft opt-in provision when individuals have demonstrated interest in the organisation, with a donation serving as a clear indicator. Charities may therefore gain the ability to send marketing and fundraising materials without necessitating explicit consent from donors. We’ll keep you informed about the latest developments on this significant matter, as it could be a game changer for your fundraising efforts! Stay tuned.

For any queries on PECR compliance, please reach out to Hope and May.

Get in touch