Privacy and Electronic Communications Regulations 2003 meaning

In this issue: Probate Trusts Elderly and vulnerable clients UK taxes for Private Client HMRC Manuals updates Tax avoidance, evasion and non-compliance Regulatory compliance for Private Client Budgets and Finance Bills Charity and philanthropy Scotland, Wales and Northern Ireland International Question of the week Additional Private Client updates this week Daily and weekly news alerts LexTalk®Private Client: a Lexis+® community New and updated content Dates for your diary Trackers Useful information Probate Bereaved Partner’s Paternity Leave Regulations 2026 (SI 2026/237): these Regulations create a new statutory entitlement for an employee to take time off to care for a child during the first year following birth, placement for adoption, or arrival in Great Britain for an overseas adoption, where the child’s primary carer has died (bereaved partner’s paternity leave). They take effect on 6 April 2026. See: LNB News 15/01/2026 18. Trusts Representation orders...

In this issue: Data protection Information technology New technologies Internet Advertising, marketing and sponsorship Telecommunications LexTalk®TMT: a Lexis®Nexis community Daily and weekly news alerts New and updated content Dates for your diary Trackers Latest Q&A Useful information Data protection Data (Use and Access) Act 2025 (Commencement No 2) Regulations 2025 SI 2025/982: Section 124 of the Data (Use and Access) Act 2025, on retention of information by internet service providers following the death of a child, takes effect on 30 September 2025. See LNB News 05/09/2025 23. Balancing data protection and online safety—the ICO’s new guidance on profiling tools Information Law analysis: Jose Saras, partner, and Xavier Prida, associate, at Preiskel LLP, review the Information Commissioner’s Office (ICO) guidance on profiling tools for online safety and how it aligns with the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR), and the Privacy and Electronic Communications...

In this issue: Advertising, marketing and sponsorship Brexit Confidential information Consumer protection Contracts International Sale and supply of goods Supplier management Daily and weekly news alerts New and updated content Dates for your diary Trackers Advertising, marketing and sponsorship PECR—a serious but non-deliberate breach still warrants a substantial penalty (Monetise Media Ltd v Information Commissioner) In a full-merits reassessment of a monetary penalty notice (MPN), the First-Tier Tribunal (FTT) heard Monetise Media Ltd’s (MML) appeal against the Commissioner’s decision to impose a £125,000 MPN for breach of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR). The FTT replaced that sum with a reduced penalty of £85,000, finding that: (i) MML had “instigated” the dispatch of unsolicited marketing messages by third-party affiliates; (ii) MML acted negligently rather than deliberately; and (iii) the Commissioner erred by adopting too high a starting point and according undue weight to aggravating factors. Authored by Edward...

STOP PRESS: On 19 June 2025, the Data (Use and Access) Bill secured Royal Assent, transforming into the Data (Use and Access) Act 2025 (DUAA 2025) and taking partial effect on that same date. Provisions of DUAA 2025 dealing with issues such as handling data subject access requests, and granting the power to make further regulations, commenced immediately on 19 June 2025. Other elements, relating to notices issued by the Information Commissioner and certain facets of law enforcement processing, began to apply on 19 August 2025 (being two months from the date of Royal Assent). The bulk of DUAA 2025’s measures will only commence once additional regulations, by way of statutory instruments, are made and brought into force. Parts 5 and 6 of DUAA 2025 operate to revise and update areas of UK data protection and ePrivacy law within the UK, including the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations...

This Practice Note This Practice Note offers a high-level overview of the data protection framework relevant to direct marketing, particularly how such activities may give rise to compliance obligations under the Assimilated Regulation (EU) 2016/679, the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR 2003), SI 2003/2426. It is aimed at commercial organisations in the UK, with further, scenario-specific guidance signposted. The main difficulty in direct marketing is determining what the UK GDPR and PECR 2003 permit and whether consent is needed, which will differ according to the activity undertaken and the audience targeted. This Practice Note reflects the following ICO guidance: Direct marketing guidance Direct marketing using live calls Making live marketing calls about claims management services Making live marketing calls about pension schemes Direct marketing using electronic mail Guide to PECR, cookies and similar technologies Guide to PECR, what counts...

STOP PRESS: On 19 June 2025, Royal Assent was granted to the Data (Use and Access) Bill, which accordingly became the Data (Use and Access) Act 2025 (DUAA 2025), and coming partly into force on the same day. Selected elements of DUAA 2025—covering topics such as replies to data subject access requests, among matters, and the delegation of authority to create additional regulations—took effect straightaway on 19 June 2025, upon the Act’s passage. Further sections, addressing Information Commissioner notices and certain facets of law enforcement processing, commenced on 19 August 2025 (being two months from the date of Royal Assent). Most of DUAA 2025’s measures will not start until further regulations, in the form of statutory instruments, are made, before they can be brought into operation. Parts 5 and 6 modify components of UK data protection and ePrivacy law, notably the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI...

1 Definitions and interpretation 1.1 [ Include the following additional definitions in the definitions clause of the Asset purchase agreement (if required) ] Accounts Date • [ specify day and month ] 20[ specify year ]; Business • the undertaking of [ provide a description of the business being acquired ] carried on by the Seller, together with all other activities, including those ancillary, incidental to, or connected with that undertaking, as conducted by the Seller; Buyer • [ provide details ]; Completion • the finalisation of the sale and purchase of the Business through the Parties performing their respective obligations in accordance with clause [ x ]; Completion Date • [ the day on which Completion occurs OR a date no later than the [ third ] Business Day after the date on which the last of the Conditions is satisfied or waived, or the date to which Completion is deferred ] pursuant to clause [ x ]; Data Protection...

Letter notifying data subject of data breach under the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426 [ Data subject’s name and address ] [ Date ] Dear [ insert name ], Notification of data breach On [ insert date ] we identified that [ what has occurred, ie a personal data breach (including whether an unauthorised third party was involved) ]. [ We believe that the OR The ] incident is understood to have taken place on [ insert date ]. Our enquiries [ to date ] indicate that the data [ was accessed by an unauthorised person OR was disclosed without authorisation OR was stolen OR was lost OR was destroyed OR was altered ] [ may have ] comprised personal information, for example [ describe the data and, if possible, confirm whether you consider the recipient’s data to have been affected, eg the names and addresses ]...

STOP PRESS: On 19 June 2025, the Data (Use and Access) Bill secured Royal Assent, transforming into the Data (Use and Access) Act 2025 (DUAA 2025), with partial commencement on that very same day. A number of DUAA 2025 provisions, covering areas like handling data subject access requests and granting powers to make additional regulations, took effect immediately on 19 June 2025. Other related provisions, relating to Information Commissioner notices and certain aspects of law enforcement processing, commenced on 19 August 2025 (being two months from the date of Royal Assent). The majority of DUAA 2025’s measures still require further regulations, in the form of statutory instruments, to be made in order to bring them fully into force. Parts 5 and 6 of DUAA 2025 serve to amend several facets of data protection and ePrivacy law in the UK, including the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI...

The organisation must ensure it fully complies with the TPS Assured (Call Centre) Handbook 2016, which specifies that a call centre must disclose its own organisation’s identity whenever requested by a recipient. Regulation 24 of the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) provides the following below: 24 Information to be provided for the purposes of regulations 19, 20 and 21 (1) Where a public electronic communications service is used to transmit a communication for direct marketing, the person using, or causing the use of, that service shall make sure the following information is supplied with that communication— in relation to a communication to which regulations 19 (automated calling systems) and 20 (facsimile machines) apply, the particulars mentioned in paragraph (2)(a) and (b); in relation to a communication to which regulation 21 (telephone calls) applies, the particulars mentioned in paragraph (2)(a) and, if the recipient of the call so requests, those mentioned in paragraph (2)(b)...