Glossary

PECR

PECR (the Privacy and Electronic Communications Regulations 2003) is the UK law governing electronic marketing messages, cookies, and similar technologies, requiring prior opt-in consent before a business sends marketing emails or texts to individuals - including contacts captured via guest WiFi.

PECR - the Privacy and Electronic Communications Regulations 2003 - is the UK law that governs electronic marketing messages, cookies and similar technologies. It derives from the EU ePrivacy Directive and sits alongside the UK GDPR: GDPR governs how you collect and handle personal data in general, while PECR governs the specific act of sending a marketing email, SMS or call. A venue capturing emails through guest WiFi must satisfy both.

The core rule for WiFi-captured contacts

For marketing to individuals, PECR requires prior opt-in consent: the guest must actively agree (an unticked box they choose to tick) before you send any marketing email or text, and every message must include a working opt-out. Consent language on the splash page should say who is sending, what kind of messages, and roughly how often - vague "receive communications" wording is weak consent.

The soft opt-in, and why it rarely applies to WiFi

PECR allows a "soft opt-in" exception: if contact details were collected in the course of a sale or negotiations for a sale, you may market similar products without explicit consent, provided an opt-out was offered at collection and in every message. A free WiFi sign-in is generally not a sale, so venues should not rely on soft opt-in for portal-captured addresses - explicit consent is the safe and standard basis, which is why compliant WiFi platforms build the opt-in checkbox into the sign-in flow.

Enforcement and practical steps

  • The Information Commissioner's Office (ICO) enforces PECR and can issue monetary penalties of up to £500,000 for unlawful marketing.
  • Keep per-contact consent records: when, where, and the exact wording shown - the audit trail described under GDPR & guest WiFi.
  • Honour opt-outs immediately and suppress rather than delete, so the address is not re-added later.

For the full picture see the GDPR-compliant WiFi guide and the guest WiFi GDPR compliance checklist.

Related

Related terms

Try CaptiFi free for 30 days

Capture guest emails, run automated email/SMS campaigns, and grow Google reviews - all from your existing WiFi.