Who: Information Commissioner’s Office (“ICO”)
Where: UK
When: July 2014
Law as stated at: 1 August 2014
What happened:
The ICO (the UK’s data protection regulator) has recently published its Annual Report 2013/14 (the “Report”). It includes an update on the ICO’s achievements over the twelve month period starting April 2013 (“Year”); details of data protection and marketing related complaints, caseloads and penalties over the same period; and the ICO’s financial statements.
Marketers should take note of the Report as it provides an insight into the areas of public concern and regulator action in relation to marketing.
Why this matters:
The main highlights of the Report which marketers should be aware of are as follows:
1. Record numbers of concerns and casework
The ICO has reported record complaints case work relating to data protection issues (14,738) with an increase of 7.1% on the previous year. It has also received a record number of complaints with regard to the Privacy and Electronic Communications (EC Directive) Regulations 2003 (the “PEC Regs”) at over 160,000.
Although reported “cookie concerns” were mysteriously down from 685 in 2012/3 to 278 in 2013/4. a “Nature of telesales and SPAM texts reported” pie chart reveals that the largest category was “Automated calls” at 45.7%, with live calls next at 34.7% and last being spam texts at 18.6%.
This clearly demonstrates that cookies apart, public understanding and concern relating to use of their data is growing. In order to demonstrate to consumers that they understand these concerns, marketers should ensure they comply with relevant law and regulation in this area.
2. Number and level of sanctions against marketers for breach of the PEC Regs
Enforcement in relation to the PEC Regs appears to have been an important area for the ICO. Over the Year it issued five monetary penalty notices relating to marketing calls and texts amounting to almost half a million with the highest being the £175k penalty for First Financial (UK) Ltd as reported on in our Marketing Law blog back in January. Further action in this respect included seven prosecutions, four enforcement notices and correspondence or monitoring of around 75 organisations relating to compliance.
This shows that not only are consumers concerned about breach of marketing rules but the regulator’s action in the last year demonstrates that it is also taking such breaches seriously. With the last monetary penalty notice in relation to non-compliant unsolicited marketing being issued in July this year, it appears this focus will continue into the year 2014/15 – so marketers should beware.
3. New guidance issued by the ICO during the year 2013/14
During the last year the ICO issued guidance on Direct Marketing and also two other topics which are likely to be relevant to marketing strategies: guidance on “Privacy in mobile apps”; and a new code of practice on “Conducting privacy impact assessments”. Marketers should also be aware of the DMA’s clarification of the ICO’s Direct Marketing guidance.
These are useful tools which marketers should follow in order to determine how to comply with the law in practice.
4. Low level of understanding of data protection reform proposals
• The ICO has reported that its research shows businesses do not understand the main provisions and implications of the proposed EU Data Protection Regulation. It says that 40% of companies do not understand any of the 10 main provisions and 87% were unable to estimate the cost of the proposals to their business.
• This highlights that many businesses need to update their knowledge on the proposed data protection reforms in order to be prepared for their impact – you can start now by reading Marketing Law’s latest update on the Data Protection Regulation.
The Report shows that direct marketing in particular continues to be a focus for the ICO (and source of complaint for consumers) and so marketers would be well advised to adhere to the law and regulation in this area in order to keep consumers happy.
The full report can be found here.