December 9, 2021

Nuisance Messages in the spotlight

On 19 November 2021, the Department for Digital, Culture, Media & Sport’s (DCMS) consultation, ‘Data: a new direction’, closed.

What was the consultation about?

The consultation opened to the public on 10 September 2021 and was launched in anticipation of reforming the UK’s data protection regime. The newly envisioned regime is due to be ambitious, ‘pro-growth’, and innovation friendly following on from the 10 Tech Priorities of the National Data Strategy.

What is ‘nuisance messaging’?

One (of the many) ambitions of overhauling the UK’s data protection regime is to tighten up on ‘nuisance messaging’ and unsolicited marketing.

Under the Privacy and Electronic Communications Regulations 2003 (PECR), which sits alongside the Data Protection Act 2018 (DPA) and the UK GDPR, consumers have specific privacy rights in relation to receiving messages such as marketing calls, emails, texts, and faxes. Unless the recipient of marketing communications has consented to receive such information, the sender will be in breach of the legislation.

The Information Commissioner’s Office (ICO) is tasked with policing the UK’s data protection laws, and is able to bring criminal prosecution, non-criminal enforcement, and monetary penalty notices of up to £500,000 against organisations or its directors for breaches of PECR.

In September 2021 alone, the ICO issued fines to five companies for a total of £515,000 for breaching regulation 21 and 22 of the PECR. The fines were issued to the following household names:

  • We Buy Any Car Ltd, who received a £200,000 fine for sending 191.4 million marketing emails and 3.6 million marketing SMS messages;
  • Saga Services Ltd, who received a £150,000 fine for sending 128 million nuisance marketing emails;
  • Saga Personal Finance Ltd, who received a £75,000 fine for sending 28 million nuisance marketing emails;
  • Sportsdirect.com Retail Ltd, who received a £70,000 fine for sending 2.5 million nuisance marketing emails; and
  • Your Home Improvements Ltd, who received a £20,000 fine for making 1,718 unsolicited calls for direct marketing purposes.

More recently, on 01 December 2021 the ICO issued a significant fine of £140,000 to EB Associates Group Limited for instigating over 107,000 illegal cold calls regarding pensions. EB Associates had not obtained valid consent which had been specific, informed, and had been freely given. Further, the ICO noted that EB Associates had attempted to ‘circumvent’ the legislation by contracting lead generators to make the nuisance calls, despite knowing that a cold calling ban was in place.

What are the proposals?

Under the proposed DCMS reforms, fines for nuisance messaging could increase to sit in line with UK GDPR, meaning an increase in the total cap on fines from £500,000 to up to £17.5million, or 4% of an organisation’s total annual turnover.

The reforms would also allow the ICO to issue ‘assessment notices’ to companies who are suspected of infringing the legislation around nuisance messaging. This would allow the ICO to carry out on site audits of companies and observe their data processing activities.

Although still in its developmental phase, public trust and data protection is at the heart of the wider reforms, and the ICO has responded favourably to the proposals. Should the reinforcement of enforcement action on nuisance messaging progress, the ICO’s tool belt and the deterrents against unsolicited marketing will be significantly enhanced.

In light of the proposed reforms, it is increasingly important that your organisation’s marketing practices are fully compliant with PECR. If you have not already done so, review your marketing mailing lists and telephone databases to ensure that you have appropriate ‘opt ins’ and consents in place and avoid the risk of receiving a hefty fine.

You can find out more about the DCMS proposals and the National Data Strategy here.

Get help from data law specialists

If you would like further advice about marketing in line with the UK data protection legislation then please get in touch with a member of our GDPR team:

Call us now

Find out more