Out-Law News | 14 Nov 2013 | 2:38 pm | 3 min. read
Lord Gardiner of Kimble said that the measure could be used to address concerns about nuisance calls. He made the comments during a House of Lords reading of a draft new law that would, if introduced, require Ofcom to keep a register of people who have opted-in to receiving marketing communications. Currently an opt-out register exists.
"We are also actively considering the scope to legislate to lower the legal threshold the ICO needs to demonstrate before issuing a monetary penalty," Lord Gardiner said. "We are assessing the business case and the cost before we take action on this."
Under the Privacy and Electronic Communications Regulations (PECR) the ICO can fine businesses and other organisations up to £500,000 for serious breaches of the rules, which include in relation to the sending of unwanted marketing emails and texts or live and automated marketing phone calls to individuals. The rules generally prohibit organisations from transmitting or instigating the transmission of unsolicited communications to consumers for the purposes of direct marketing by means of electronic mail unless the person receiving the mail has notified prior consent for the messages to be sent.
In order for the ICO to be justified in serving monetary penalties under PECR, or for data protection breaches under the Data Protection Act (DPA), the watchdog must show that a number of legal tests have been satisfied. These include that the nature of the breach they propose to take action on was "serious" and was "of a kind likely to cause substantial damage or substantial distress". The threshold tests are set out under the DPA.
Last month the ICO lost a case brought before the Information Rights Tribunal by the owner of a company who had been found by the watchdog to have unlawfully sent spam messages. The Tribunal ruled that the ICO was wrong to fine Christopher Niebel £300,000 because it had failed to show that damage or distress caused by the breach was sufficient to merit the serving of a fine. The ICO has appealed that decision to the Upper Tribunal.
The ICO told Out-Law.com that it supports moves to lower the thresholds for serving fines under PECR. It said that it is currently seeing complaints about a large number of companies but that it has to wait to take action because the damage and distress caused by those companies does not, until the evidence accumulates, meet the 'substantial damage or substantial distress' threshold for serving fines.
“The public is clear that it wants to see a stop put to nuisance text messages. The fines we issue help to achieve that, and if we are prevented from issuing fines then it’s fair to expect that the public will receive more of these messages," an ICO spokesperson said.
Conservative peer Lord Selsdon has proposed that individuals should not, by default, receive marketing calls or texts from companies unless they actively opt-in to receive those communications. His plans are contained in the Unsolicited Telephone Communications Bill which received its second reading in the House of Lords on Friday last week.
There was broad support for action to improve the current framework around unsolicited marketing communications, but Lord Gardiner warned that the potential implications for businesses have to be considered before any new measures can be introduced.
"We are absolutely determined to take action on this issue," he said. "That is why the Minister for Culture, Communications and Creative Industries has initiated and led a serious of meetings over the past 18 months which have brought together the key interested parties to press for change. Unsolicited calls and texts are a problem, but we have to be careful that, in dealing with this issue, we do not harm the direct marketing industry, which is a legitimate industry that provides employment and opportunities in support of our economy."
"Direct marketing can be beneficial for consumers—for example, calls from telecoms or energy companies advising on better deals or tariffs potentially save consumers money. An opt-in register, as in the Bill, would severely constrain such activities. We must therefore consider the matter carefully. Tackling nuisance calls would be better addressed by focusing on improving enforcement rather than changing the nature of the register; legislation of this nature is unlikely to be the answer," he added.
The ICO's spokesperson said that whilst it hopes for changes to the legal tests under the PECR framework it does not anticipate changes being made to the corresponding rules applying to the thresholds for serving fines for data breaches under the DPA.
In August, in a case mirroring its subsequent ruling to overturn the ICO's decision to fine Niebel under the PECR regime, the Information Rights Tribunal overturned the watchdog's decision to fine a Scottish council £250,000 for a breach of the DPA. The Tribunal ruled that the thresholds for justifying the serving of a fine in the case had not been met because "whilst it was serious, [the breach] was not of a kind likely to cause substantial damage or substantial distress".