Category: Compliance & AML · Reviewed by Jake Leat, Associate Director · Last reviewed June 2026
The UK regulations governing electronic direct marketing, the use of cookies and similar technologies, communications confidentiality, and security of electronic communications services — operating alongside UK GDPR but with their own consent-based regime.
The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) govern specified forms of electronic communications activity in the UK. They regulate electronic marketing (calls, emails, texts), the use of cookies and similar tracking technologies, and rules on communications confidentiality and traffic data. PECR operates alongside UK GDPR — but its consent rules are stricter in many respects.
The Privacy and Electronic Communications (EC Directive) Regulations 2003 (S.I. 2003/2426), as amended. Originally implementing the ePrivacy Directive (Directive 2002/58/EC), retained and adapted in UK law post-Brexit. Substantial PECR amendments are pending under the data protection reform programme.
For electronic direct marketing emails / texts to individuals, PECR requires either consent (the “PECR consent” — which uses the UK GDPR consent standard) or the “soft opt-in” (where the contact details were obtained in the course of a sale or negotiations for sale, for the marketing of similar products / services, with a clear right to object at every contact). For B2B marketing to corporate entities (limited companies, plcs), PECR is more permissive but the UK GDPR still applies to any personal data involved. Cookies and similar technologies require informed consent (with limited strictly-necessary and certain analytics exemptions).
The ICO’s January 2025 guidance on personalised advertising emphasised stricter implementation of cookie consent. The Live Calls Direct Marketing Rules under PECR require consent for unsolicited live calls to individuals registered with TPS. PECR fines have been levied at up to £500,000 historically under section 55A DPA 1998; following DPA 2018 changes, similar PECR fines remain at that level until further legislation increases them.
Apex’s website cookie banner provides PECR-compliant consent for non-strictly-necessary cookies, with granular controls. Marketing emails are sent only to consenting recipients or under the soft opt-in for similar products, with an unsubscribe link in every message.
Privacy and Electronic Communications (EC Directive) Regulations 2003 (S.I. 2003/2426), as amended. ePrivacy Directive (Directive 2002/58/EC) as retained in UK law. ICO PECR guidance (current edition).
By Matt Bartlett, Director, on 2026-06-11.
This entry is part of the Apex Insurance Wiki. Last reviewed by Matt Bartlett on 2026-06-11. Apex Insurance Brokers Limited, FCA FRN 724952, Companies House 07014570. Not regulated advice — consult your broker on your specific position.
Apex Insurance Brokers serves UK professional services firms and commercial businesses. Call 0117 325 0027, email hello@apexinsurancebrokers.co.uk, or request a quotation.
Get a quote