An effective regulator needs effective powers

By Steve Eckersley, Head of Enforcement.

Sometimes the simplest statements are the strongest: to be an effective regulator the ICO needs effective powers. This is especially true when it comes to battling the complex and continuing problem of tackling nuisance calls and texts. The statistics are staggering: in the last year we received 120,000 concerns regarding unsolicited calls and 30,000 concerns regarding texts. And these, of course, are just a small slice of a much larger issue. Across newspapers, social media and radio the message from the public is loud and clear – please put a stop to the spammers.

reading-textUntil recently one our most effective tools to reduce the number of complaints and tackle those responsible was the civil monetary penalty, with recent research identifying them as a successful sanction that changed behaviour and improved compliance.

In November 2012, the ICO served one of our highest civil monetary penalties of £440,000 to Christopher Niebel and Gary McNeish, owners of Tetrus Telecoms. Over the course of a year the marketing company had sent out hundreds of thousands of unsolicited text messages, blighting the lives of thousands of people.

We have to meet a tough legal threshold before we can issue a fine. Under the Privacy and Electronic Communication Regulations we have to show that the contravention has or was likely to cause ‘substantial damage or substantial distress’. In this case we argued that an aggregate of the unsolicited text messages sent, which the judge described as being on ‘an industrial scale’, did reach this level. In effect, that if a single text message caused damage if you added the cumulative impact of the all the concerns we had received it would reach the threshold of ‘substantial damage or substantial distress’.

Niebel appealed our decision and in October 2013, the First-tier Tribunal overturned our penalty notice, ruling there was insufficient evidence of damage and the distress we claimed was found to be mere irritation, which did not meet the threshold of issuing a civil monetary penalty. We appealed this decision, but on June 2014 the Upper Tribunal agreed with the First-tier Tribunal, cancelling our monetary penalty notice against Niebel and McNeish, and largely rendering our power to issue fines for breaches of PECR involving spam texts redundant.

Obviously an unworkable law is a bad one, which is why we are currently arguing for lowering the legal threshold we have to prove before issuing a fine from substantial distress to one of nuisance or simply removing the threshold altogether. Last year we submitted our argument to the government and we are pleased there will be a consultation later this year. But the law moves slowly and we simply cannot wait for legislative changes.

In the meantime we are using our existing powers to hold companies to account and to disrupt their unlawful activities. We are continuing to issue civil monetary penalties for nuisance calls, which we can more clearly show cause substantial distress, and we are obtaining undertakings from and issuing enforcement notices, effectively cease-and-desist orders, to companies that breach PECR. Over the past year we have also worked closely with other regulators and mobile phone operators to gain a better understanding of how personal data is collected, traded and how it is then used by organisations to send texts or make unsolicited calls. This has enabled us to begin targeting the organisations ’up-stream’ of the text senders and callers. In May we also executed a search warrant in Birmingham to recover equipment used to send mass texts.

We have other avenues available to us as well. If you have been following the ICO’s work closely, you may have noticed we have prosecuted ten organisations and individuals for non-notification in the past year. Under the Data Protection Act, most organisations processing personal data have to register with the ICO and not doing so is a criminal offence. Some of these prosecutions have been undertaken against cold calling and spam text companies. One recent example is our prosecution against Jayesh Shah, the owner of call centre business accused of bombarding UK customers with spam texts and calls, with a failure to inform us of changes to his notification, resulting in a £4,000 fine. This prosecution doesn’t prevent us from taking further action against him under PECR in the future.

For most of, us an unsolicited call or spam text is just another annoyance of modern life. For the lonely and vulnerable, such as the elderly those living with dementia, they can be deeply distressing and confusing. We are doing all we can to fight the problem, for example educating people about the TPS register that can help prevent unwanted calls, but ultimately we need a full spectrum of powers to fulfil our job. The hundreds of thousands of people who have contacted us with their concerns over these calls and texts expect nothing less.

Last updated 12/08/2014 10:15

Steve EckersleySteve Eckersley leads the ICO’s Enforcement Team. Its aim is to take purposeful risk-based regulatory action where obligations are ignored, examples need to be set or issues need to be clarified, based on the ICO’s Regulatory Action Policy.
This entry was posted in Steve Eckersley and tagged , , , , , , , . Bookmark the permalink.

4 Responses to An effective regulator needs effective powers

  1. Tony Gray says:

    When are governments going to take some action on spam emails, they must surely be the major problem. It can be done by proper email authentication but this can only take place when we remove POP & IMAP and bring in a more secure and authenticated email system. Passed to you for action please!

  2. Alan Brown says:

    Setting _statutory_ damages for breaches would make arguing the levels of damage a non-event. This is why the USA’s Telephone Consumer Protection Act (TCPA) has mandatory per-call damages in claims (with triple damages for wilful breaches – such as ignoring TPS)

    Addtionally: providing a right of private action as the TCPA does, with the advertiser and the company hiring them being jointly and severally liable has had a marked chilling effect on illegal fax, text and marketing call activity in the USA.

    Companies may be able to focus on fighting a regulators action, but facing hundreds of small claims actions is something that actually works far better – and because the hirer is also held liable for the illegal activity, one doesn’t get the phenomenon of repeated breaches promoting the same company from different marketers.

    TCPA statutory damages are currently set at $500 (personal claims) and $11,500 (regulator action) per call. This law has been _highly_ effective and is credited with virtually shutting down the USA junk fax industry overnight.

  3. AlisonM says:

    I would love the ICO to have much stronger powers, it is outrageous how much our lives are interrupted by nuisance calls and I am fed up with it. Wouldn’t it be much better to abolish all telephone marketing, companies can always advertise on the internet where customers can choose to access their information/products. As for the calls coming from abroad – summon that country’s ambassador and demand an explanation!

    • Alan Brown says:

      “As for the calls coming from abroad – summon that country’s ambassador and demand an explanation!”

      No need for that. Just “follow the money”. Overseas call centres (other than scams) will be pushing local businesses.

      The USA’s TCPA shows that If the company that hires the call centres is held jointly and severally liable for the activity, and if there is a right of private action with statutory damages through small claims, it causes a massive downturn in the illegal activities.

Leave a Reply