Who: Company directors and the ICO
Where: United Kingdom
When: From 17 December 2018
Law stated as at: 6 December 2018
Amendments to the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR“) will come into force on 17 December 2018. The new Privacy and Electronic Communications (Amendment) Regulations (“PECR Amendment“) will permit the ICO to hold officers of a body corporate personally liable for breaching PECR rules on unsolicited direct marketing (including, nuisance calls).
The ICO, under PECR, already has the power to fine companies up to £500,000, and the Insolvency Service has the power to disqualify senior officials found to be in breach of the direct marketing rules. However, such measures have not always been as effective as hoped, with some companies having succeeded in evading the fines by dissolving and then re-incorporating under a new name. The PECR Amendment will permit the ICO to fine company officers, or companies, or both, up to £500,000 where they are deemed to have consented to or connived in the breach, or if the breach can be attributed to their neglect. The ICO hopes the risk of personal liability hanging over the heads of company directors will help to address the issue of fine avoidance.
The Amendment PECR gives the ICO some teeth in terms of enforcement against those that flout the rules. However, the effectiveness of this change remains to be seen.
Why this matters:
According to a report published by Ofcom, UK consumers receive on average 3.9 million nuisance calls each year. The aim of the amendments is to ensure that direct marketing laws “are treated more seriously at boardroom level” and, given the potential level of fines involved, this could well be achieved. Company officers should keep a close eye on the direct marketing activities of their employees from now on. A new direct marketing code of practice is due to be published by the government – watch this space!