The Information Commissioner’s Office (ICO) has issued its largest fine to Keurboom Communications Limited (KCL) for breaching Regulation 19 of the Privacy and Electronics Communications Regulation 2003 (PECR). This relates to the use of automated calling systems.
Over a period of 18 months KCL instigated over 99 million automated marketing calls to subscribers without their consent, resulting in over 1,000 complaints to the ICO. Automated marketing calls may only be made to individuals with their consent, and those made without such are commonly known as ‘nuisance calls.’ Some of these calls were made to seem very urgent and important, e.g. relating to road traffic accidents and often made at unsocial hours. As a result the ICO issued a £400,000 fine to KCL.
The ICO has been cracking down on nuisance calls and the penalties are substantial. Nuisance calls have had a busy year; from 2016 to 2017, the ICO fined a total of £1.92 million to 23 companies for such conduct. In February 2016, they issued what was then its largest fine of £350,000 to Prodial Limited for making around 46 million nuisance calls.
The message is clear: nuisance calls will not be tolerated by the ICO and companies that make them will be subject to significant fines. Steve Eckersley, the ICO’s Head of Enforcement, has commented in relation to the KCL decision that “These calls have now stopped - as has Keurboom - but our work has not. We’ll continue to track down companies that blight people’s lives with nuisance calls, texts and emails.”
A strict approach towards data protection
The enforcement action towards nuisance calls by the ICO is only one example of the increased enforcement action being taken by the ICO.
Penalties issued by the ICO for breaches of PECR and the Data Protection Act 1998 have been harsher over the past year, with the ICO more commonly issuing fines closer to the £500,000 limit.
The penalties issued by the ICO in 2017’s first quarter are 62% of the total monetary value of fines issued in the whole of 2016. Fines of £3.25 million were issued in 2016 and so far in 2017, this stands at £2 million and is very much on the increase.
Organisations should bear in mind that the introduction of GDPR in May 2018 will give the ICO the ability to issue fines at a much greater value. Given the current trend of increasing levels of fines, under GDPR the ICO may levy even higher fines to organisations for significant breaches.
If you have any queries about the above and the effect it will have on your organisation, please contact a member of the Media and Technology or your usual Shepherd and Wedderburn contact.