The Information Commissioner’s Office (“ICO”) has issued the largest ever fine to Keurboom Communications for nuisance calls.
Keurboom Communications made almost 100 million nuisance calls to people to see if they were eligible for road-accident or PPI compensation. The company breached privacy and communications laws by making the calls, sometimes at night, without the individuals’ consent. The ICO received in excess of 1,000 complaints about the automated calls and as a result issued a record fine of £400,000. The current limit in respect of a financial penalty is £500,000 and the ICO has not previously levied fines to this amount.
Keurboom Communications has since gone into liquidation but the ICO has said it is committed to recovering the full amount of the fine.
The legal issues are that not only did the company make some of the calls at unsociable hours, it also made repeated calls to the same people, regardless of whether consent had been given or not and hid its identity so that it was harder for people to make complaints about the calls. The Privacy and Electronic Communications Regulations (PECR) require companies such as Keurboom to identify themselves clearly (rather than in a speed read of a pre-agreed script) and display their contact number. Many of you will have noticed that companies have stopped using ‘unknown’ numbers and now display phone numbers with local area codes or mobile phone codes. All designed to make it appear that you may know the caller and are more likely to pick up.
A director of Keurboom stated that whilst nuisance calls were annoying, its actions were not illegal. The ICO, however, took a very different view and said that making automatic marketing calls without people’s consent was illegal. PECR, which sit alongside the Data Protection Act, give individuals specific privacy rights in relation to electronic communications, one of the key ones being that companies should not be making unsolicited telephone calls to individuals without specific consent.
Companies undertaking automatic bulk marketing practices such as nuisance calls and bulk electronic mailing need to be aware of the laws surrounding such practices and ensure that they are fully compliant. The law on data protection is due to change on 25 March 2018 when the European General Data Protection Regulation (“GDPR”) comes into force and the fines which may be imposed under the GDPR are substantially higher than the position under the current law.
Under the new legislation, regulators will have the ability to levy fines up to €20m or 4% of an undertaking’s worldwide turnover.
If you have any questions in relation to your marketing practices please contact a member of IP team.