Who: Prodial Ltd and the UK Information Commissioner’s Office (“the ICO”)
When: 29 February 2016
Law stated at: 15 March 2016
Companies who use fly-by-night automated phone messaging tactics to generate revenue will be sleeping a little less easily in their beds. The UK’s data protection regulator, the ICO, has set a new record in fines issued under its statutory powers as a penalty for serious breaches of electronic marketing legislation.
New record fine for ICO. The fine in question was £350,000 and was levied on the company formerly known as Prodial Limited (see below), a lead generation company which the regulator found had made over 46 million automated calls transmitting pre-recorded messages without prior consent. This breached regulation 19 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”) (which requires consent for such activities). Prodial’s activities had garnered over 1000 individual complaints from members of the public to the ICO.
Fines are on the increase. At present, the regulator’s fining powers are capped at £500,000. While the ICO has to date never issued the maximum possible fine, penalty levels are definitely on the increase. The previous record for nuisance calls was a £200,000 fine in September 2015. This recent case shows an increasing willingness on the part of the ICO to issue big fines where the marketer’s conduct is particularly heinous.
Buying “opted-in” data and TPS not enough for auto-calls sending pre-recorded messages Prodial’s conduct when challenged would seem unlikely to have endeared them to the ICO. Prodial claimed in its defence that it had purchased a list of “opted-in” data, and that it had further screened this against the Telephone Preference Service’s “do not call” list. Neither of these would have held much water with the ICO, as marketers are responsible for ensuring that consents on bought-in data are valid and cannot rely on unverified assurances from list brokers. Likewise, screening against the Telephone Preference Service would not have helped Prodial, as the requirement under regulation 19 of PECR is that customers must have opted IN to automated-call marketing using pre-recorded messages by “notify[ing] the caller that for the time being [the customer] consents to such communications being sent by, or at the instigation of, the caller on that line”. Checking whether customers had registered on the opt-OUT Telephone Preference Service do-not-call list would therefore not have provided any guarantee of compliance for Prodial.
Other factors. Based on the ICO’s report, it does not appear that Prodial engaged particularly constructively with the ICO’s investigation and – it is reported – did not produce any evidence of the “compliance” activities it identified above. The report also calls out that the company was operating out of a residential address, and hiding its caller-line-identification number from those it was illegally calling.
Liquidated during investigation. In what one can only speculate may have been the final straw for the ICO, the regulator’s report also notes that the leads generated by the company were sold onto claims management companies, and records showed that such activities could have generated nearly £1m of turnover for the company. However, during the course of the ICO’s investigation, the company was promptly put into voluntary liquidation by one of its directors.
The ICO is reportedly working with the company’s liquidators in order to enforce the fine.
Why this matters:
A combination of the scale and seriousness of Prodial’s activity and what could be interpreted by a cynical observer as an attempt to avoid the ICO’s enforcement are likely to have contributed to this substantial fine.
Any businesses which use automated calling systems to transmit pre-recorded messages should ensure that they hold clear evidence that the contacts they have used have opted into receiving such messages from that business. Marketers should also remember that for this form of telemarketing, the usual “opt-out” rules do not apply. Screening against the Telephone Preference Service is therefore no guarantee of compliance.