£ 750,000 data protection fines for unlawful calls

The UK Information Commissioner’s Office (ICO) has issued an unprecedented amount of fines to six companies for making lawless calls to numbers registered with the Telephone Preference Service (TPS).

Unlawful calls

The first set of fines was filed against four separate companies that have made up to 2.4 million unlawful calls altogether. Based on these calls, the ICO and the TPS have received numerous complaints from individuals who claimed that they had not provided consent to these marketing calls. The law indeed prohibits companies from making marketing calls to numbers that have been registered with the TPS for more than 28 days unless the individuals consented to it. In these particular cases it appears that no consent was provided, thus making these calls illegal and an invasion of people’s privacy, as Andy Curry (Head of Investigation at ICO) states.

Additionally, the ICO points out that companies must familiarise themselves and comply with the law. Thus, companies are obliged to comply with data protection and privacy rules, such as to obtain valid consent from the individuals in case they want to call numbers registered with the TPS. However, the fines were not only based on neglecting to obtain people’s consent but also the companies’ failure to conduct sufficient due diligence on data suppliers.

Based on the same infringements, two more companies were fined £ 270,000 for making illegal marketing calls to numbers that have been registered with the TPS. In these cases as well, the ICO points out that the companies violated people’s privacy by making nuisance calls without their valid consent.

Legal basis for fines

The UK Privacy and Electronic Communications Regulations (PECR) give people specific rights concerning their privacy in electronic communications. In particular, privacy rights apply to marketing calls, emails, cookies (and similar technologies), keeping communications services secure, and so on. In violation of these privacy rules, the ICO has the power under the PECR to impose monetary penalties against the data controller, or in this case, the companies, of up to £ 500,000.

The ICO publishes its actions against companies if they violate privacy and data protection laws. You should make sure that your company complies with all the relevant privacy and data protection regulations to avoid high fines and avoid damage to its reputation, as the ICO publishes actions it takes against companies, even small businesses.