Spammers And Cold Callers Face £500,000 Fine

The Information Commissioner will be cracking down on unwanted email and phone marketing from 25 May

Organisations that make unwarranted marketing phone calls or send unwanted marketing emails to consumers could face fines of up to £500,000, after amendments to the UK’s Privacy and Electronic Communications Regulations (PECR) come into force on 25 May.

The amendments to the PECR will extend the regulatory powers of the Information Commissioner’s Office (ICO), which is already able to administer fines of up to £500,000 for data-protection offences.

“The ICO has been calling for increased powers to regulate breaches of PECR for some time,” said Information Commissioner, Christopher Graham. “The changes to the Regulations will grant us the right to impose significant monetary penalties for the most serious breaches of the rules and give us improved powers to investigate companies that make nuisance marketing calls.”

Not so toothless any more

As well as increased monetary penalty powers, the ICO will also be given greater investigatory powers, enabling the Information Commissioner to demand information from telecommunications companies and Internet service providers to help with investigations into breaches of the regulations.

The Information Commissioner hopes that the new powers will prove to data controllers that the ICO is not toothless, and remind them that inadequate security policies can cause significant reputational damage. “Data controllers should realise, if they let consumers down, a fine from the ICO will be the Mark of Cain,” said Graham (pictured) at a Westminster eForum on 22 March.

The legislation is being implemented in line with the new EU Electronic Communications Framework, which also includes an e-Privacy directive requiring website owners to obtain prior consent before installing tracking technologies, such as cookies, on a visitor’s computer.

Cookies are small sections of code that carry information about users, enabling e-commerce and social networking operators to find their customers based on shopping tastes and behaviour. They are used primarily to enable websites to remember users’ preferences, but can also be used for tracking consumers’ browsing behaviour for targeted advertising purposes.

The technology has been treated with some hostility since the Phorm controversy in 2006 and 2007, when BT was discovered to be secretly trialling the behavioural advertising technology. Phorm uses tracking cookies to build a profile of users’ habits and interests based on the websites they visit and then assign targeted ads.

Delayed enforcement

The government said on 15 April that it would adopt the full text of the EU amendments regarding the cookie issue, but said it did not expect the ICO to begin enforcement right away. The delay in enforcement will give time for technical systems to be developed that could, for example, allow users to set up their browsers to automatically “consent” to cookies on an ongoing basis, rather than having to agree each time they visit a website.

“We recognise that work on the technical solutions for cookie use will not be complete by the implementation deadline. It will take time for meaningful solutions to be developed, evaluated and rolled out,” said culture minister Ed Vaizey in a statement. “Therefore we do not expect the ICO to take enforcement action in the short term against businesses and organisations as they work out how to address their use of cookies.”

Last week, a Freedom of Information Act request by hardware encryption specialist ViaSat UK revealed that the ICO has acted on less than one percent of the data breaches reported to it. The firm found that 2,565 incidents had been reported, while the ICO has disclosed actions in 36 cases, including only four fines.