Out-Law News | 07 Apr 2015 | 3:49 pm | 1 min. read
The ICO can fine companies up to £500,000 for breaches of the Privacy and Electronic Communication Regulations (PECR). Previously, it had to prove that the calls or texts caused "substantial damage or substantial distress" before it could issue a fine. Now, it need only prove that the company was committing a serious breach of the law.
"We've been pushing for this change for two years, and we're sure it will make a difference," said Christopher Graham, the information commissioner. "The change will help us to make more fines stick, and more fines should prove a real deterrent to the people making these calls."
"Previously, we've had to prove a company had caused 'substantial damage or substantial distress' by making their nuisance calls. That's not easy for us to do, no matter how many people have had their privacy disturbed by someone offering to sell them solar panels or promising compensation 'for that accident you had'. [The] change in the law will mean we just have to prove that the company was committing a serious breach of the regulations," he said.
The change will only apply to serious breaches of the PECR from 6 April, the date that the new rules came into force, said Graham. The breach must either have been deliberate, or the result of the person acting in breach knowing that their actions risked breaking the rules but failing to take reasonable steps to prevent the breach happening before the ICO can fine the business.
Under PECR, companies are generally prohibited from transmitting or instigating the transmission of unsolicited electronic communications to consumers for the purposes of direct marketing unless the person receiving those communications has given prior consent for the messages to be sent or the sender can demonstrate an existing commercial relationship with recipients. Companies are also prohibited from disguising or concealing their identity in the messages, or from providing an invalid address preventing recipients from opting out of the messages.
Companies may demonstrate an existing commercial relationship with a recipient and send direct marketing via electronic mail if they have "obtained the contact details of the recipient of that electronic mail in the course of the sale or negotiations for the sale of a product or service to that recipient", where the marketing is for "similar products and services only" under the PECR. They must include a "simple means" of opting out of marketing messages "at the time of each subsequent communication". Individuals can also opt out of marketing calls via the Telephone Preference Service (TPS).
The ICO received 175,330 reports of nuisance calls and texts in 2014, and issued civil monetary penalties for PECR breaches in the year to March 2015, according to its figures.