Direct marketing during Covid-19? Remember the privacy regulations!


Our team: Ben Milloy


As companies scramble to adjust to the new reality of trading in a socially-distanced world, many have wanted to get the message out to their customers that it is “business as usual” (or as near-to as possible). In such unprecedented times (and encouraged by such consumer-targeted emails they may have received over recent days), businesses might be forgiven for thinking that such communications are necessary and justifiable in the circumstances.

In reality, unless such messages have some exclusively administrative or service-related purpose (such as to advise on a delay to delivery), general messages of this nature are most likely to be considered as “marketing”, and to therefore fall within The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

In the case of emails, PECR forbids the sending of “unsolicited” marketing messages, with an email being “unsolicited” where it has not been specifically requested. PECR does provide that certain unsolicited marketing emails will be lawful where they are the result of what is called the “soft opt-in”, but that is highly specific (namely, where the details have been obtained in the course of a sale, the marketing relates to those same products and the person had the ability to opt out at the time (and has done in every subsequent message)).

In terms of marketing telephone calls, broadly speaking, PECR allows organisations to make live unsolicited calls except where numbers have been registered with the Telephone Preference Service (often called the TPS).

Whilst the urge to reach out to customers is understandable, the cumulative effect of each business doing so can sometimes be irritation. With consumers increasingly stuck at home with time to kill, such irritation may lead to the penning of strongly worded letters to the Information Commissioner’s Office (ICO)! Forgive the catastrophizing here, but this could, in turn, mean ICO investigations, where all manner of data protection compliance skeletons (both GDPR and PECR-related) might be unearthed!

View by date:


View by author:


Would you like to hear more?