By Steve Eckersley, Head of Enforcement.
Sometimes the simplest statements are the strongest: to be an effective regulator the ICO needs effective powers. This is especially true when it comes to battling the complex and continuing problem of tackling nuisance calls and texts. The statistics are staggering: in the last year we received 120,000 concerns regarding unsolicited calls and 30,000 concerns regarding texts. And these, of course, are just a small slice of a much larger issue. Across newspapers, social media and radio the message from the public is loud and clear – please put a stop to the spammers.
Until recently one our most effective tools to reduce the number of complaints and tackle those responsible was the civil monetary penalty, with recent research identifying them as a successful sanction that changed behaviour and improved compliance.
In November 2012, the ICO served one of our highest civil monetary penalties of £440,000 to Christopher Niebel and Gary McNeish, owners of Tetrus Telecoms. Over the course of a year the marketing company had sent out hundreds of thousands of unsolicited text messages, blighting the lives of thousands of people.
We have to meet a tough legal threshold before we can issue a fine. Under the Privacy and Electronic Communication Regulations we have to show that the contravention has or was likely to cause ‘substantial damage or substantial distress’. In this case we argued that an aggregate of the unsolicited text messages sent, which the judge described as being on ‘an industrial scale’, did reach this level. In effect, that if a single text message caused damage if you added the cumulative impact of the all the concerns we had received it would reach the threshold of ‘substantial damage or substantial distress’.
Niebel appealed our decision and in October 2013, the First-tier Tribunal overturned our penalty notice, ruling there was insufficient evidence of damage and the distress we claimed was found to be mere irritation, which did not meet the threshold of issuing a civil monetary penalty. We appealed this decision, but on June 2014 the Upper Tribunal agreed with the First-tier Tribunal, cancelling our monetary penalty notice against Niebel and McNeish, and largely rendering our power to issue fines for breaches of PECR involving spam texts redundant.
Obviously an unworkable law is a bad one, which is why we are currently arguing for lowering the legal threshold we have to prove before issuing a fine from substantial distress to one of nuisance or simply removing the threshold altogether. Last year we submitted our argument to the government and we are pleased there will be a consultation later this year. But the law moves slowly and we simply cannot wait for legislative changes.
In the meantime we are using our existing powers to hold companies to account and to disrupt their unlawful activities. We are continuing to issue civil monetary penalties for nuisance calls, which we can more clearly show cause substantial distress, and we are obtaining undertakings from and issuing enforcement notices, effectively cease-and-desist orders, to companies that breach PECR. Over the past year we have also worked closely with other regulators and mobile phone operators to gain a better understanding of how personal data is collected, traded and how it is then used by organisations to send texts or make unsolicited calls. This has enabled us to begin targeting the organisations ’up-stream’ of the text senders and callers. In May we also executed a search warrant in Birmingham to recover equipment used to send mass texts.
We have other avenues available to us as well. If you have been following the ICO’s work closely, you may have noticed we have prosecuted ten organisations and individuals for non-notification in the past year. Under the Data Protection Act, most organisations processing personal data have to register with the ICO and not doing so is a criminal offence. Some of these prosecutions have been undertaken against cold calling and spam text companies. One recent example is our prosecution against Jayesh Shah, the owner of call centre business accused of bombarding UK customers with spam texts and calls, with a failure to inform us of changes to his notification, resulting in a £4,000 fine. This prosecution doesn’t prevent us from taking further action against him under PECR in the future.
For most of, us an unsolicited call or spam text is just another annoyance of modern life. For the lonely and vulnerable, such as the elderly those living with dementia, they can be deeply distressing and confusing. We are doing all we can to fight the problem, for example educating people about the TPS register that can help prevent unwanted calls, but ultimately we need a full spectrum of powers to fulfil our job. The hundreds of thousands of people who have contacted us with their concerns over these calls and texts expect nothing less.
Last updated 12/08/2014 10:15
|Steve Eckersley leads the ICO’s Enforcement Team. Its aim is to take purposeful risk-based regulatory action where obligations are ignored, examples need to be set or issues need to be clarified, based on the ICO’s Regulatory Action Policy.|