UK Law and Practice Contributed by: Huw Morris, Dominic Bray, Nick Swimer and Rebecca Coleman, Lee & Thompson LLP
ance, and brands cannot avoid liability by claiming that influencers/creators acted independently. 5.5.3 Consumer Reviews Consumer testimonials and endorsements in adver- tising are regulated under the DMCCA and the CAP Code. Ads must not feature testimonials without the author’s permission, and advertisers must disclose where an incentive has been given. Consumers should not be incentivised to provide positive reviews, and market - ers are prohibited from suppressing genuine negative reviews. The CMA has cracked down on businesses that manipulate online reviews, to ensure transpar - ency. Under the Codes, certain categories of products should not be endorsed by celebrities or health pro - fessionals (eg, medicines). Advertisers can be liable for misleading consumer reviews if the advertiser adopts, promotes, solicits or moderates that content (other than filtering out offensive/harmful content). Fake reviews are deemed automatically unfair and illegal under the DMCCA: advertisers must not falsely claim or imply that they are a consumer or outside of their profession.
• Opt-out: each marketing email must provide an easy way for recipients to unsubscribe from future emails and ensure they can withdraw consent at any time, usually provided by a simple unsubscribe link. • Identification: the sender’s identity must be clear, and contact information must be provided in each email, allowing recipients to know who is contact - ing them. B2B Marketing • Consent: generally, consent is not required for B2B emails, but emails should be relevant to the recipi - ent’s professional role. • Opt-out: as with B2C, businesses must provide a simple opt-out mechanism. • Identification: the sender must clearly identify themselves and provide contact details. In addition to compliance with PECR, the processing of personal data must comply with the UK GDPR: data controllers must have a “lawful basis” for processing the data, and must comply with approved mecha - nisms for transferring data outside the UK to countries that are not recognised as approved jurisdictions by the ICO. Breaches of the UK GDPR can result in fines of up to GBP17.5 million or 4% of global turnover. With effect from the implementation of the Data (Use and Access) Act in June 2025, the maximum penalties for a breach of PECR were increased from GBP500,000 to the greater of GBP17.5 million or 4% of global turn - over (ie, the same as under the UK GDPR). Repeated non-compliance can damage a company’s reputation and customer trust, and lead to further legal action or restrictions on communication activities. 6.2 Telemarketing Specific rules apply to inbound and outbound tele - marketing under PECR and the UK GDPR, including live and automated calls. Outbound Telemarketing (Live Calls) Live calls must not be made without consent to: • anyone who has opted out under PECR;
6. Privacy and Advertising 6.1 Email Marketing
There are specific rules for email marketing in the UK, mainly governed by the Privacy and Electronic Com - munications Regulations (PECR) and the UK GDPR. The rules differ depending on whether the communi - cation is business-to-consumer (B2C) or business-to-
business (B2B). B2C Marketing
• Consent: marketers must obtain explicit opt-in consent before sending emails, except where the so-called “soft opt-in” applies, which allows busi - nesses to email existing customers about similar products or services without new consent, as long as an easy opt-out (unsubscribe) option is provided in every communication, and customers were given the opportunity to opt-out when their details were first collected.
307 CHAMBERS.COM
Powered by FlippingBook