Out-Law News | 14 Aug 2014 | 12:56 pm | 3 min. read
The watchdog's head of enforcement, Steve Eckersley, said that the ICO can only be an "effective regulator" if it has "effective powers" at its disposal.
In a blog, Eckersley explained the challenges the ICO faces in justifying fining companies found to have made nuisance calls or sent spam email or text messages as a result of the wording of rules that apply under the UK's Privacy and Electronic Communications Regulations (PECR).
"We have to meet a tough legal threshold before we can issue a fine," Eckersley said. "Under the Privacy and Electronic Communication Regulations we have to show that the contravention has or was likely to cause ‘substantial damage or substantial distress’."
Eckersley said that proving nuisance calls cause 'substantial damage or substantial distress' is easier than it is to show that the sending of spam text messages have such an effect. He said a ruling last October, confirmed by a further judgment in June this year, has had the effect of "largely rendering our power to issue fines for breaches of PECR involving spam texts redundant".
In November 2012 the ICO fined Christopher Niebel £300,000 following an investigation into the marketing activities of the company Niebel partly owned, Tetrus Telecoms. The ICO also fined Gary McNeish, who part-owned the business with Niebel, £140,000.
At the time the ICO said that its investigation had uncovered evidence that Tetrus used unregistered pay-as-you-go SIM cards to send up to 840,000 spam texts every day from offices in Stockport and Birmingham, raising income of between £7,000 and £8,000 each day. It said that it made the money by passing on the numbers of those who responded to the texts, even if just to seek to opt out of receiving further messages, to others.
However, Niebel challenged the fine and in October last year a first-tier information rights tribunal overturned the penalty after finding that the legal threshold for fines under PECR had not been met.
The first-tier tribunal found that it would be "most unlikely" for the "nature and scale" of Niebel's breach "to cause substantial damage" and that it was also "highly unlikely" that individuals would be disturbed by being reminded about previous accidents as a result of receiving the spam texts or that they would be distressed by the raising of "false expectations of compensation". Instead, the tribunal judge said that the effect of Niebel's breach of PECR was "likely to be widespread irritation but not widespread distress".
In June, an upper information rights tribunal upheld the earlier tribunal's judgment. In his ruling, upper tribunal judge Nicholas Wikeley said that the outcome of the case against Niebel may have been different if a different threshold test had applied for serving a penalty.
Following the initial tribunal ruling in October 2013, the ICO asked the government to consider changing the 'substantial damage or substantial distress' threshold for serving fines under PECR. In March the government announced that it would consult on the issue later this year.
"Obviously an unworkable law is a bad one, which is why we are currently arguing for lowering the legal threshold we have to prove before issuing a fine from substantial distress to one of nuisance or simply removing the threshold altogether," Eckersley said. "Last year we submitted our argument to the government and we are pleased there will be a consultation later this year. But the law moves slowly and we simply cannot wait for legislative changes."
"We are doing all we can to fight the problem, for example educating people about the TPS register that can help prevent unwanted calls, but ultimately we need a full spectrum of powers to fulfil our job. The hundreds of thousands of people who have contacted us with their concerns over these calls and texts expect nothing less," he said.
Under PECR, organisations are generally prohibited from transmitting or instigating the transmission of unsolicited electronic communications to consumers for the purposes of direct marketing unless the person receiving those communications has provided prior consent for the messages to be sent. The marketing companies also must not disguise or conceal their identity in the messages or use invalid addresses where recipients of the messages would send responses to ask for the messages to stop being sent.
Companies can send direct marketing via electronic mail to consumers if they have "obtained the contact details of the recipient of that electronic mail in the course of the sale or negotiations for the sale of a product or service to that recipient", where the marketing is for "similar products and services only" and providing the recipient has a "simple means" to refuse the use of their contact details for that marketing "at the time of each subsequent communication."