Businesses that send spam text messages, make nuisance calls or carry out other types of unsolicited direct electronic marketing activity could be fined up to £500,000 if their actions cause "annoyance, inconvenience or anxiety", under new plans unveiled by the UK government.
The Department for Culture, Media and Sport (DCMS) said the move would help the Information Commissioner's Office to "take robust action" (26-page / 352KB PDF) against organisations that breach rules set out under the Privacy and Electronic Communications Regulations (PECR).
The proposals, if introduced, would lower the existing legal threshold of harm that the ICO needs to demonstrate has been met to justify serving businesses that flout the PECR rules with a monetary penalty.
Under the plans, the ICO would be able to issue fines to organisations that breach PECR's direct marketing rules if the breach is serious and was "likely to cause annoyance, inconvenience or anxiety".
The watchdog would also be able to issue fines for serious PECR breaches if the unlawful actions were carried out either deliberately or with the knowledge that there was a risk that a breach causing "annoyance, inconvenience or anxiety" would occur. It would be a defence for businesses to show that they had taken "reasonable steps to prevent the contravention".
"It is evident that the current legal threshold, which must be met before a [monetary penalty] can be issued, is too high and whilst there is evidence that in many cases the calls cause ‘annoyance, inconvenience or anxiety’, this does not reach the higher legal threshold that is currently required," DCMS said in its consultation paper. "This is hampering ICOs’ ability to regulate effectively on this issue."
"We are keen to make it easier for the regulator to take robust action against any organisation that acts unlawfully and believe that a lower threshold will send a strong signal to those that are currently deliberately breaking rules," it said.
Currently, the ICO must prove that unsolicited direct electronic marketing causes consumers "substantial damage or substantial distress" to merit it serving businesses responsible for the activity with a monetary penalty.
The ICO said it supports the DCMS proposals to replace the existing threshold with the 'annoyance, inconvenience or anxiety' test instead.
"The majority of rogue marketing firms make hundreds, rather than thousands, of calls and the nuisance is no less a nuisance for falling short of the ‘substantial’ threshold," Information Commissioner Christopher Graham said. "This change means we could now target those many companies sending unwanted messages – and we think consumers would see a definite drop off in the total number of spam calls and texts."
The ICO previously lost a legal battle with a business owner, Christopher Niebel, over a £300,000 fine it had issued him regarding a breach of PECR rules. An information rights tribunal overturned the fine after finding that the ICO had failed to show that the sending of spam text messages that it held Niebel part-responsible for had not caused the recipients of those messages substantial damage or substantial distress.
An ICO investigation had uncovered evidence that Tetrus, the business part-owned by Niebel, had used unregistered pay-as-you-go SIM cards to send up to 840,000 spam texts every day from offices in Stockport and Birmingham, raising income of between £7,000 and £8,000 each day. However, the tribunal judge said that the effect of Niebel's breach of PECR was "likely to be widespread irritation but not widespread distress".
The ICO appealed the decision but lost its case before an upper information rights tribunal in June. The judge in that case said that had an alternative legal threshold for serving penalties applied in the case, there might have been a "different outcome" in the case. Nicholas Wikeley suggested that the alternative test could be whether unsolicited marketing activities in breach of PECR caused "annoyance, inconvenience and/or irritation".
"The overturning of one of its large [monetary penalties] has made ICO reluctant to issue further penalties in relation to spam texts for fear that they will not be seen as meeting the legal threshold requirements," according to the DCMS consultation. "As a result [the] ICO currently only investigates a small proportion of cases and targets its resources on those that could result in larger penalties, as they would act as a stronger deterrent as well."
The ICO said that it could have taken enforcement action against "approximately 50 more organisations" than it had done for PECR breaches during the period 1 April 2012 to 31 November 2012 had the lower legal threshold for serving fines applied then, according to DCMS' consultation.
The watchdog is currently investigating 35 organisations over PECR violations, it said.
Under PECR, organisations are generally prohibited from transmitting or instigating the transmission of unsolicited electronic communications to consumers for the purposes of direct marketing unless the person receiving those communications has provided prior consent for the messages to be sent. The marketing companies also must not disguise or conceal their identity in the messages or use invalid addresses where recipients of the messages would send responses to ask for the messages to stop being sent.
Companies can send direct marketing via electronic mail to consumers if they have "obtained the contact details of the recipient of that electronic mail in the course of the sale or negotiations for the sale of a product or service to that recipient", where the marketing is for "similar products and services only" and providing the recipient has a "simple means" to refuse the use of their contact details for that marketing "at the time of each subsequent communication."
The ICO has the power to issue fines of up to £500,000 against organisations that breach the PECR rules.
DCMS' consultation closes on 7 December.
Copyright © 2014, Out-Law.com
Out-Law.com is part of international law firm Pinsent Masons.