CALL US TODAY: 0203 983 8278
Home // Do I need consent to send marketing emails and texts?

Emails, texts and other kinds of electronic communications are one of the most effective ways a company can:

  • Contact existing customers for repeat business; and
  • Generate leads for potential clients and new business

But direct, electronic marketing like this is tightly regulated by the Privacy and Electronic Communications Regulations (PECR). These regulations operate in tandem with GDPR.  Businesses need to be aware of these restrictions because – as we’ll see – the Information Commissioner (the ICO) has wide powers to investigate complaints about spam emails and nuisance calls and to impose heavy fines on companies that breach the rules. Here we consider from a data protection perspective the factors our clients need to bear in mind before embarking on any kind of electronic marketing campaign. And to illustrate the repercussions of getting it wrong we look at two cases where the ICO imposed fines of £330,000 on companies for sending unsolicited marketing material.

how do I ensure my marketing messages comply with PECR?

PECR and GDPR are all about enhancing privacy rights and giving individuals control over their personal information.  The penalties for sending electronic messages without appropriate consent can often be substantial.

The precise rule businesses need to follow when it comes to electronic communication with customers is Regulation 22 of PECR. It has the following effects:

  • Electronic marketing aimed at individuals should not be carried out without the individual specifically consenting to receiving electronic mail from you.
  • If the individual is an existing customer who had the opportunity to opt out of receiving electronic communications in previous interactions with you then you can continue to contact them electronically. But even then you must never disguise your identity and you must give customers a straightforward way to opt out or unsubscribe from your communications.

This last rule is sometimes known as the ‘soft opt-in’ rule. Remember it concerns existing customers and can’t be used to justify sending electronic messages to prospective customers.

What happens if I breach PECR? ICO fine for 2.7 million spam texts

In March 2021 the ICO fined two companies for sending nuisance texts – a clear demonstration of the need for businesses to scrupulously follow PECR. Briefly the cases involved:

  • Leads Works Ltd, a lead generating company that sent 2.6million text messages to customers about a possible sales job without obtaining a valid form of consent. The investigation followed a record number of complaints (10,000) from individuals. The ICO put this high level of complaints down to the way the messages appeared to target individuals in the middle of the Covid19 lockdown when they were at their most vulnerable. The company was fined £250,000.
  • Valca Vehicle Ltd, another lead generation company (this time promoting financial products). Following an investigation by the ICO Valca was found to have sent over 95,000 text messages without permission. Again the messages appeared to target people whose finances may have been adversely affected by the Cocid19 pandemic and subsequent lockdown.

To give you a flavour of the type of message revealed by these investigations, one – sent out by Valca – read:

“*firstname* Affected by Covid? Struggling with finances? lost job /furloughed? Were here to help! Gvnmnt backed support see if you qualify


Both these cases show how seriously the ICO takes the issue of illegal direct marketing. In the context of the global pandemic the nature of the marketing material in Valca and Leads Work was particularly egregious. In its decision notice the ICO was clear, stating that  ‘if businesses believe they can exploit the pandemic and misuse personal data, they should think again’.

A close reading of the ICO decision in the Leads Works case in particular shows the extent of the breach.  The website to which the offending text message directed individuals was, the ICO found, ‘vague and confusing’, and the consent statement and privacy statement were too lengthy. The ICO could find no mitigating factors in the information provided to it by Leads Work. In these circumstances any consent obtained could not have been freely given, specific or informed – as required by the rules.

From our client’s point of view it’s worth pointing out that the companies on which the large fines were imposed were not household names. They were relatively small entities and yet attracted thousands of complaints and large fines.

Compliance with PECR is not just something large organisations need to consider. If you:

  • Market by phone, email, text or fax; or
  • Use cookies or a similar technology on your website

then you need to regularly review the way you handle personal data and obtain the consent of all those clients you wish to contact electronically.

Contact Us

For more information on GDPR, PECR and electronic marketing protocols   contact our director Shubha Nath at Nath Solicitors on  0203 983 8278  or contact the firm online.


    I accept the privacy policy

    To prove you are not a robot, please answer the following question:


    Copyright. Nath Solicitors Limited. Registered in England and Wales. Company Number: 08724944. VAT number: 207490711. Office Located at: 35 Berkeley Square, London, W1J 5BF. Nath Solicitors Limited is authorised and regulated by the Solicitors Regulatory Authority. Registration number 608014. Terms Of Use. Privacy Policy. Cookies Policy. Complaints Procedure.