Organisations that make unwarranted marketing phone calls or send unwanted marketing emails to consumers could face fines of up to £500,000, after amendments to the UK’s Privacy and Electronic Communications Regulations (PECR) come into force on 25 May.
The amendments to the PECR will extend the regulatory powers of the Information Commissioner’s Office (ICO), which is already able to administer fines of up to £500,000 for data-protection offences.
“The ICO has been calling for increased powers to regulate breaches of PECR for some time,” said Information Commissioner, Christopher Graham. “The changes to the Regulations will grant us the right to impose significant monetary penalties for the most serious breaches of the rules and give us improved powers to investigate companies that make nuisance marketing calls.”
As well as increased monetary penalty powers, the ICO will also be given greater investigatory powers, enabling the Information Commissioner to demand information from telecommunications companies and Internet service providers to help with investigations into breaches of the regulations.
The legislation is being implemented in line with the new EU Electronic Communications Framework, which also includes an e-Privacy directive requiring website owners to obtain prior consent before installing tracking technologies, such as cookies, on a visitor’s computer.
Cookies are small sections of code that carry information about users, enabling e-commerce and social networking operators to find their customers based on shopping tastes and behaviour. They are used primarily to enable websites to remember users’ preferences, but can also be used for tracking consumers’ browsing behaviour for targeted advertising purposes.
The technology has been treated with some hostility since the Phorm controversy in 2006 and 2007, when BT was discovered to be secretly trialling the behavioural advertising technology. Phorm uses tracking cookies to build a profile of users’ habits and interests based on the websites they visit and then assign targeted ads.
The government said on 15 April that it would adopt the full text of the EU amendments regarding the cookie issue, but said it did not expect the ICO to begin enforcement right away. The delay in enforcement will give time for technical systems to be developed that could, for example, allow users to set up their browsers to automatically “consent” to cookies on an ongoing basis, rather than having to agree each time they visit a website.
“We recognise that work on the technical solutions for cookie use will not be complete by the implementation deadline. It will take time for meaningful solutions to be developed, evaluated and rolled out,” said culture minister Ed Vaizey in a statement. “Therefore we do not expect the ICO to take enforcement action in the short term against businesses and organisations as they work out how to address their use of cookies.”
Last week, a Freedom of Information Act request by hardware encryption specialist ViaSat UK revealed that the ICO has acted on less than one percent of the data breaches reported to it. The firm found that 2,565 incidents had been reported, while the ICO has disclosed actions in 36 cases, including only four fines.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
This is all very well but the Data Protection Act has just stopped the maternity ward of Epsom hospital from telling me how my daughter is progressing with the delivery of my grandchild. I was told "no personal information may be given over the phone even to a father of the expectant mother - this is due to the Data Protection Act"
This is reminiscent of Soviet style madness.