Direct marketing

Disclaimer: While every effort has been made to ensure the accuracy of the information contained in the Pink Book, we regret that we cannot be responsible for any errors. The Pink Book contains general information about laws applicable to your business. The information is not advice and should not be treated as such. Read our full disclaimer.

The Privacy and Electronic Communications (EC Directive) Regulations 2003 were introduced to protect individuals, and in some cases businesses, against receiving direct marketing material by phone or electronic media (for example email or text messaging) without their prior approval.

Under the 2003 regulations you are not allowed, by law, to send unsolicited marketing material by email to an individual subscriber without previous consent, or send any marketing material by email (whether solicited or unsolicited) to any subscriber without revealing your full identity or a valid address to which the recipient can send an opt-out request.

The regulations are overseen and enforced by the Information Commissioner’s Office. This is an independent authority established by the Government.

Do the regulations apply to me?

Yes: if you make direct marketing calls, emails, texts or other electronic communications to individuals or businesses.

What do the regulations cover?

Direct marketing phone calls

As a business, you are not allowed to make a direct marketing call to any individual (including sole traders and, except in Scotland, partnerships), if they have told you that they do not want to receive such calls or they have registered with the Telephone Preference Service (TPS). If you do undertake marketing calls, you are required to ensure that your phone number is displayed on the customers’ phone (that is, you are not allowed to make calls using a private line).

The TPS is a service set up by the Direct Marketing Association (DMA). They maintain registers of all those who have stated that they do not want to receive direct marketing calls or faxes.

Emails and text messaging

The regulations define electronic mail as ‘any text, voice, sound, or image message sent over a public electronic communications network’ and this includes messages sent via social media.

The regulations require you to obtain individuals’ prior consent before sending unsolicited direct marketing via email or text messages. When undertaking any marketing you must also identify your business and provide a valid address to which the recipient can send an opt-out request.

Customers must opt-in

There used to be an exemption called the ‘soft opt-in’, whereby you were allowed to send electronic communications such as emails or texts for marketing purposes to previous customers who had not opted-out of receiving these communications (that is, the customer had not actively indicated that they did not want to receive them).

This is no longer the case. Customers now have to actively indicate that they want to receive marketing communications. This means that you must provide an empty tick-box on a paper or online booking form for them to fill in, rather than a ‘pre-ticked’ box where they have to remove the tick.

If customers agree to you sending them marketing communications, the material you send them must relate to the similar products and services only (for example, you cannot send them advertising material for someone else’s business). In addition, the material you send must also provide the opportunity for the person to opt-out of any subsequent communications.

How do I comply and what are the costs?

If you intend to make any ‘cold’ direct marketing calls (calls where permission has not been given to do so beforehand) to individuals, you need to check the numbers first against the TPS register. If you make regular cold calls, you must check the numbers every 28 days.

The cost of access to the TPS register varies, depending on the type and level of access you require. In order to ensure that you have the most appropriate package, call the TPS information pack line (see Further guidance below). There is also useful information on the TPS website. If you use a telemarketing company to run a telephone campaign for you, you do not need to subscribe.

Penalties for non-compliance

The Privacy and Electronic Communications (Amendment) Regulations were introduced in 2018 following reports from the Information Commissioner’s Office (ICO) that its penalty-imposing powers were not having the intended effect on unsolicited direct marketing. As a result, if a company cannot show that an individual did not ‘opt-in’ to receive direct marketing, and no other type of consent is obtained, it can be fined up to £500,000 by the ICO.

For information on other data protection regulations, see the Registration, Data Protection and Surveillance section.

Using premium rate numbers

Premium rate numbers generally begin with 070, 084, 087, 09 and 118 and also include five digit mobile text short code numbers. They are usually used to enter competitions, vote on TV shows, give to charities or for the provision of online services such as IT support.

By contrast, 0870 and 0845 numbers are usually free numbers for customer support departments.

Premium rate numbers are currently regulated by the Phone-paid Services Authority under an Ofcom-approved code of practice.

Pricing

Pricing information is to be clearly written wherever you display the number. It applies to electronic, website and print information.

Undue delay

There should not be an unfair delay before a caller can access the service required. Callers must be informed of the expected time it will take to have their call answered and, if applicable, of their position in any queuing system.

Prior permission licenses

Some services require prior permission from the Phone-paid Services Authority before they can operate on a premium-rate line, such as international dial-through services. A list of services exempt from prior permission can be found on the Phone-paid Services Authority website.

Customer care contact number

A number must be provided for customers with complaints or concerns to call. This number can be the same or an alternative 087 number.

For more information or to register a premium rate service, see the Phone-paid Services Authority website.

A ‘cookie’ is a piece of data stored by a website within a browser, and then subsequently sent back to the same website by the browser. Typically, a cookie remembers a user’s preferences or settings when they revisit the website. More recently, businesses have introduced ‘tracking cookies’ as a way to compile long-term records of an individual’s browsing history, so that products and offers can be targeted to specific customers, or so a picture can be developed of a customer’s buying patterns.

You are not allowed to use cookies or similar devices unless:

• Customers are provided with clear and comprehensive information about the purposes of the storage of, or access to, that information, and;
• Customers have given their consent.

The Regulations are not prescriptive about the sort of information that you should provide, but the text should be sufficiently comprehensive and intelligible to allow customers to clearly understand the potential consequences of allowing storage and access to the information collected by the cookie should they wish to do so.

Guidance on the use of cookies and other similar devices is provided on the Information Commissioner’s Office website. The ICO also produces a guidance publication, Guidance on the rules on use of cookies and similar technologies, which can be downloaded from the website.

In June 2014 the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 came into force, replacing the Consumer Protection (Distance Selling) Regulations 2000 and the Consumer Protection (Distance Selling) (Amendment) Regulations 2005. For small businesses, the new legislation does not provide any significant changes to the existing legislation.

These regulations apply to goods and services that are not sold in ‘face-to-face’ transactions. That is, items sold online, by phone or by mail order where the customer is not able to inspect the goods and services that they are purchasing.

The purpose of these regulations is to provide additional rights to consumers buying at a distance to encourage confidence in this method of transaction. The information that must be provided in these transactions includes details about:

• The business;
• The goods or services you are selling;
• Payment arrangements;
• Delivery arrangements;
• Consumers’ right to cancel their orders.

The regulations also require the business to provide those goods or services within 30 days.

However, it is important to note that the regulations do not apply to contracts to provide accommodation, transport, catering and leisure services where the contract provides for a specific date or period of performance (for example a concert or sports event that is only being staged on specific dates).

It should also be noted that the regulations do not apply to goods and services sold to other businesses (these are business-to-business contracts), and only apply to transactions that are normally undertaken at distance and where there are systems in place for trading in this way.

So even if you occasionally sell products and services other than the services listed as exempt above, the regulations only apply if this is your normal way of selling these products and services.