On December 17, the Privacy and Electronic Communications (Amendment) Regulations (2018 Regulations), which the United Kingdom Secretary of State made on November 15, will come into force. These regulations, which amend the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (2003 Regulations), authorize the Information Commissioner’s Office (ICO) to impose monetary penalties on officers of corporate bodies and Scottish partnerships, in addition to corporate bodies themselves, for nuisance calls and messages.
According to the explanatory note for the 2018 Regulations, under the 2003 Regulations
the Information Commissioner may impose a monetary penalty, under the Data Protection Act 1998 as applied to, and modified by, the 2003 Regulations, for a serious breach of regulations 19 to 24 of the 2003 Regulations. The effect of the amendments made by regulation 2 [of the 2018 Regulations] is to enable the Commissioner to impose such a penalty on an officer of a body corporate or Scottish partnership in addition to the body itself, where such a breach occurs as a result of action, or inaction, by that officer.
The 2018 Regulations revise Schedule 1 of the 2003 Regulations to state that if a monetary penalty notice has been served on a body,
the Commissioner may also serve a monetary penalty notice on an officer of the body if the Commissioner is satisfied that the contravention in respect of which the monetary penalty notice was served on the body—
(a) took place with the consent or connivance of the officer, or
(b) was attributable to any neglect on the part of the officer.
They also define the term “officer” to include (a) in relation to a body corporate, (i) “a director, manager, secretary or other similar officer of the body or any person purporting to act in such capacity”, and (ii) “where the affairs of the body are managed by its members, a member”; and (b) “in relation to a Scottish partnership, a partner or any person purporting to act as a partner.” Finally, the 2018 Regulations authorize the ICO to impose a civil monetary penalty on an officer of up to £500,000 for a breach of the 2003 Regulations.
Note: The United Kingdom, like other countries, for some time has been trying to cope with the constant flood tide of nuisance calls and messages. The Financial Conduct Authority recently stated that in the 12 months before September 2018, firms made 2.7 billion unsolicited calls, texts, and emails just for offers to help people make a claim.
The ICO has been making use of its existing nuisance-call authority to impose significant fines on corporate bodies. It reportedly issued 26 fines totaling more than £3 million to firms, and continued to impose substantial fines in 2018,. For example:
- August 2018: The ICO imposed a £100,000 fine on a firm that made 75,649 nuisance calls who were registered with the Telephone Preference Service (TPS). The TPS, like the “do-not-call” list in the United States, allows people in the United Kingdom to register if they do not want to receive unsolicited sales or marketing calls.
- October 2018: The ICO imposed a £150,000 fine on a firm that made 63,724 calls over a two-month period from May to July 2017 to people registered with the TPS.
- November 2018: The ICO imposed fines totaling £250,000 on two firms that made nearly 1.73 million direct marketing phone calls to people registered with the Telephone Preference Service (TPS)
These fines, however, have evidently proved insufficient to stem the tide of nuisance calls and messages to United Kingdom residents. Moreover, media reports have highlighted the fact that nearly one-half of the £17.8 million of nuisance-call fines issued to companies since 2010 has gone unpaid, as company officers evade the fines “by withholding payment, liquidating their companies and starting business again under new names.” With luck, the ICO may be able to reverse that trend and put paid to the most unscrupulous marketers whose business models are dependent on nuisance calls.