Organisations that make unwarranted marketing phone calls or send unwanted marketing emails to consumers could face fines of up to £500,000, after amendments to the UK’s Privacy and Electronic Communications Regulations (PECR) come into force on 25 May.
The amendments to the PECR will extend the regulatory powers of the Information Commissioner’s Office (ICO), which is already able to administer fines of up to £500,000 for data-protection offences.
“The ICO has been calling for increased powers to regulate breaches of PECR for some time,” said Information Commissioner, Christopher Graham. “The changes to the Regulations will grant us the right to impose significant monetary penalties for the most serious breaches of the rules and give us improved powers to investigate companies that make nuisance marketing calls.”
As well as increased monetary penalty powers, the ICO will also be given greater investigatory powers, enabling the Information Commissioner to demand information from telecommunications companies and Internet service providers to help with investigations into breaches of the regulations.
The legislation is being implemented in line with the new EU Electronic Communications Framework, which also includes an e-Privacy directive requiring website owners to obtain prior consent before installing tracking technologies, such as cookies, on a visitor’s computer.
Cookies are small sections of code that carry information about users, enabling e-commerce and social networking operators to find their customers based on shopping tastes and behaviour. They are used primarily to enable websites to remember users’ preferences, but can also be used for tracking consumers’ browsing behaviour for targeted advertising purposes.
The technology has been treated with some hostility since the Phorm controversy in 2006 and 2007, when BT was discovered to be secretly trialling the behavioural advertising technology. Phorm uses tracking cookies to build a profile of users’ habits and interests based on the websites they visit and then assign targeted ads.
The government said on 15 April that it would adopt the full text of the EU amendments regarding the cookie issue, but said it did not expect the ICO to begin enforcement right away. The delay in enforcement will give time for technical systems to be developed that could, for example, allow users to set up their browsers to automatically “consent” to cookies on an ongoing basis, rather than having to agree each time they visit a website.
“We recognise that work on the technical solutions for cookie use will not be complete by the implementation deadline. It will take time for meaningful solutions to be developed, evaluated and rolled out,” said culture minister Ed Vaizey in a statement. “Therefore we do not expect the ICO to take enforcement action in the short term against businesses and organisations as they work out how to address their use of cookies.”
Last week, a Freedom of Information Act request by hardware encryption specialist ViaSat UK revealed that the ICO has acted on less than one percent of the data breaches reported to it. The firm found that 2,565 incidents had been reported, while the ICO has disclosed actions in 36 cases, including only four fines.
Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…
Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…
Elon Musk continues to provoke the ire of various leaders around the world with his…
Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…
Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…
Recall number six in 2024 for Tesla Cybertruck, and this time the fault cannot be…
View Comments
This is all very well but the Data Protection Act has just stopped the maternity ward of Epsom hospital from telling me how my daughter is progressing with the delivery of my grandchild. I was told "no personal information may be given over the phone even to a father of the expectant mother - this is due to the Data Protection Act"
This is reminiscent of Soviet style madness.