Privacy & Information Security Law Blog

The UK’s Information Commissioner’s Office (“ICO”) has fined Vote Leave Limited (the UK’s official Brexit campaign) £40,000 for sending almost 200,000 unsolicited texts promoting the aims of the campaign. In an unrelated action, the ICO has carried out searches of a business believed to have been responsible for initiating nuisance telephone calls. The ICO has highlighted nuisance calls, spam texts and unsolicited direct marketing as areas of “significant public concern,” and is increasingly imposing sanctions on businesses that infringe the Privacy and Electronic Communications Regulations 2003 (“PEC Regulations”), which prohibit these practices. In its view, the monetary penalty imposed on Vote Leave should act as a “deterrent against non-compliance, on the part of all persons running businesses currently engaging in these practices.”

During January 2019, the ICO reportedly investigated 83 cases relating to unsolicited calls and texts. During the same month, more than 4,000 complaints were made by consumers about unsolicited live calls, and more than 5,000 of January’s complaints related to unsolicited automated calls.

The PEC Regulations, which incorporate the EU’s ePrivacy Directive into domestic law in the UK, require organizations, when making live calls, to state the identity of the caller and allow its number to be displayed to the receiver of the call. Callers must also ensure that the number they are calling has not been registered with the Telephone Preference Service (“TPS”) or Corporate TPS, indicating that individuals and businesses have opted out of receiving live marketing calls.

When conducting automated calls, the requirements are stricter: organizations must obtain specific consent prior to making such calls. With regard to texts, which fall within the definition of “electronic mail,” organizations must similarly obtain opt-in consent unless the “soft opt-in” rules apply.

On March 12, 2019, the ICO announced that following a year of investigation, it had searched two addresses of a business believed to have been making nuisance calls. The searches were carried out using the ICO’s power to enter and inspect under Regulation 31(1) of the PEC Regulations. The business in question was searched under suspicion of making both live and automated nuisance calls relating to road traffic accidents and personal injury claims, as well as insurance for household goods. Almost 600 complaints were made to the ICO in relation to these calls, in which the business failed to identify itself or offer an opt-out in relation to future calls.

Subsequently, on March 19, the ICO announced the fine it had imposed on Vote Leave, stating that the campaign was unable to provide evidence that those individuals who received its text messages had provided their consent. Political campaigns are required to comply with the law in the same way as any other business. Vote Leave stated that the individual recipients of its texts had initially made approaches to the campaign, but that evidence of any consent was deleted following the conclusion of the campaign.

The ePrivacy Directive is under review, with a draft ePrivacy Regulation currently being considered by the European Council before trilogue negotiations take place. It is not expected to be approved before the European Parliament elections in May 2019.