Who: HM Government and the Information Commissioner’s Office
Where: United Kingdom
When: 16 May 2016
Law stated as at: 16 May 2016
What happened:
From 16 May 2016 all UK individuals and organisations which make or instigate direct marketing telephone calls (“DMC”) are no longer permitted to block caller line identification (“CLI“).
This applies to (1) live DMC not using automated call technology (2) live DMC using automated calling systems and (3) DMC consisting of pre-recorded marketing messages. The new requirement also applies even if the company’s call centre is based abroad, provided the instigator is in the UK.
The two key pieces of legislation governing direct telephone marketing calls are the Data Protection Act 1998 (“DPA“) and the Privacy and Electronic Communications Regulations 2003 (“PECR“). The PECR have been amended (The amendment to the PECR was effected by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2016) so that as of 16 May 2016 businesses engaged in DMC will be in breach of the PECR if they block CLI.
CLI enables individuals who receive DMC to identify the caller’s telephone number. The change in the law has been introduced in response to growing concerns about nuisance calls to both landlines and mobiles. Preventing direct telephone marketers from blocking CLI is seen by the Information Commissioner’s Office (“ICO“) as an important way of tackling the problem.
Why this matters:
In recent years the ICO has shown it is prepared to issue increasingly large fines to companies which breach the PECR and the DPA in relation to DMC. Such companies may be fined up to £500,000 by the ICO depending on the nature and severity of breach (this will increase to up to 4% of global turnover for serious breaches when the General Data Protection Regulation comes into force in 2018). In addition they are likely to suffer reputational damage and may lose customer trust.
Companies need to be mindful of how the DPA and the PECR apply to them in relation to DMC and the fact the ICO is taking a stricter approach to enforcing the relevant laws. In particular businesses should:
- take steps to ensure any third party they engage to carry out DMC on their behalf complies with the DPA and the PECR (including the requirement not to block CLI). This should be addressed appropriately in the contract between the business and the telephone marketing company;
- have in place a robust system for ensuring that unless the subscriber has specifically consented, non pre-recorded DMC does not call numbers that are either numbers that subscribers have expressly asked that business not to use for DMC or are registered with the telephone preference service (or in the case of a company, the corporate TPS);
- ensure they have a robust means of ensuring that DMC consisting of pre-recorded messages is only directed to individuals who have given prior consent as this is expressly required by Regulation 19 (1) of the PECR; and
- carry out appropriate due diligence when buying in marketing lists from third parties for DMC purposes. Businesses should ensure the seller of the list has obtained fairly and lawfully all personal data that is being shared and, where required by the DPA and/or the PECR, obtained consent.