In January 2021, Repair & Assure Limited were fined for breach of Regulation 21 of the Privacy and Electronic Commerce (EU Directive) Regulation 2003 (“PECR”) which outlaws making unsolicited direct marketing calls where a subscriber has either notified the marketer that they do not want to receive such calls or the telephone number is registered with the Telephone Preference Service.
The activities of Repair & Assure came to the attention of the Information Commissioner’s Office due to high volumes of complaints from the public about unsolicited live marketing calls about washing machine warranties. The telephone numbers called were obtained by third parties conducting telephone marketing surveys and Repair & Assure was unable to prove that consent to marketing calls had been validly obtained.
The standard for consent is that it should be an unambiguous indication of agreement, a positive act or statement not obtained under duress or based on misrepresentation.
In total it was established that 1,103,292 unsolicited direct marketing calls were made to individuals who had registered with the TPS. The fine was set at £180,000 taking into account an aggravating feature, that Repair & Assure continued to make unlawful cold calls even after their practices were under investigation by the ICO, and a mitigating feature, that there had been attempts to conduct due diligence on direct marketing lists used, although these were considered to be inadequate by the ICO.
This case is not alone. Also in January 2021, Chameleon Marketing were fined £100,000 for making 617,323 direct marketing calls to individuals registered with TPS. And Solar Style Solutions Limited were fined £90,000 for making 188,665 cold calls to individuals who had taken the time to register with TPS. Rancom Security Limited was fined £88,000 for more than 800,000 cold calls of which more than 565,000 were to telephone lines that were registered with TPS.
There were a further three cases involving unlawful cold calling reported in December 2020. One of these, Pownell Marketing Limited, is now a defunct company but the ICO is able to take action against individual directors in cases where a company is closed down to try to avoid a fine.
So, what are the learning points here:
- Make sure that marketing lists have been compiled legitimately (due diligence on both list supplier and content of the lists supplied)
- Check marketing lists against TPS or whichever is the relevant preference service
- Check marketing lists against the organisation’s own marketing suppression lists
- Keep good records of the above activity to evidence efforts to comply (an audit trail)
- If complaints about marketing practices are received (especially from the ICO) stop marketing and check the lawfulness of the marketing activity and the audit trail. Bear in mind that people who have taken the time to register with TPS will not hesitate to complain about an unlawful cold call.
Although this seems to be an area where marketers appear not to learn the lessons, the ICO is keeping the pressure on. The ICO is also taking the option to bring proceedings against individual directors of non compliant companies and eventually the message will get through. If your marketing team is struggling to understand the rules we can help with training and building operational guidelines to help them steer a compliant course. Give us a call.
For the future, we might expect to see even higher fines for this type of activity. Currently fines under PECR are capped at £500,000 as the GDPR standard for fines does not yet apply to PECR. However the PECR rules are being revisited in the EU and will align fines for non compliance with those under GDPR. It is expected that the UK will adopt new PECR rules to mirror the EU rules.