Unsolicited direct marketing calls and messages are one of the main sources of complaint to the ICO and as a result are one of the most heavily enforced areas of data protection legislation. Understanding the likely triggers for such enforcement actions and the aggravating or mitigating steps taken by organisations can help inform your marketing strategies.
The current maximum fine for breaches of PECR is £500,000 which is a hold over from the old maximum amounts contained within the Data Protection Act 1998. When the DPA 2018 was introduced, the maximum penalties for infringements under that Act were increased in line with the requirements of GDPR (now UK GDPR) and are now £17,500,000 or 4% of the undertaking’s total annual worldwide turnover whichever is higher but penalties under PECR remained aligned with the old law.
The new Data Protection Bill currently proceeding through Parliament will regularise the position and increase the maximum penalties under PECR to match those under s.157 of the DPA 2018 which is likely to lead to significant increases in penalties under the regulations. Given that by volume the ICO imposes significantly more penalties under PECR than under the DPA, this will be a significant increase in regulatory risk to any business with is involved in electronic marketing or is otherwise caught by the regulations.
As to whether the ICO is likely to substantially change its approach to fines in light of this increase, our instinct is that they will. It is of note to recall how the ICO dealt with the same increase in powers when the DPA 2018 came into force after which they moved quickly to begin imposing penalties into the tens of millions. Whilst we would not necessarily expect fines of that magnitude given the generally lower level of seriousness and penalties to date under PECR, we would still expect to see a substantial jump in amounts. The ICO will however likely be cautious of the increased push back that increased fines is likely to attract as the economic priorities of companies on the receiving end will shift. It is also of interest to note that at present the ICO still does not have up to date guidance on the calculation of penalties which means that appropriateness and proportionality of large fines are still susceptible to challenge on procedural grounds.
View ICO Enforcement Updates (PECR) - January 2024
View ICO Enforcement Updates (PECR) - December 2023
VIEW ICO ENFORCEMENT UPDATES (PECR) – October 2023
View ICO Enforcement Updates (PECR) – September 2023
View ICO Enforcement Updates (PECR) – August 2023
View ICO Enforcement Updates (PECR) – July 2023
View ICO Enforcement Updates (PECR) – June 2023
