Jon Baines, Data Protection Advisor, comments on recent secondary legislation (which has received surprisingly little fanfare) giving the Information Commissioner the power to serve fines on directors whose companies send illegal spam or make nuisance calls.
Spam is one of the irritants of the modern age – studies have suggested that approximately 50% of all global email traffic is spam. Nuisance sales calls and text messages are, to many, just as much of an annoyance. In Europe at least, much of this spam traffic and messages would be likely to be in contravention of ePrivacy law. And in the UK, since 2010, the Information Commissioner’s Office (ICO) has had the power to "fine" (or, more correctly, serve civil monetary penalty notices) on entities which infringe the relevant provisions of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR). But, as the ICO, and others, have often complained, when fines have been served on corporate bodies, directors have escaped liability, even where it has been clear that they knew about, or instigated, the sending or making of the illegal marketing. And it is also very common for companies served with fines to fold, only for their directors to reappear at the helm of new, similar companies (a phenomenon sometimes known as "phoenixing"). Figures disclosed earlier this year showed that since it acquired its fining powers the ICO has only managed to recover just over 50% of penalties levied against companies for PECR infringements.
Parliament, after a consultation this summer, has now legislated to address this loophole. The Privacy and Electronic Communications (Amendment) Regulations 2018 (statutory instrument 2018 No. 1189), which were made on 15 November, and will come into force on 17 December, will give the ICO the ability to fine directors, and other senior people within corporate bodies, if it has also served a fine on their company, and if the contravention happened either with the "consent or connivance of" or was "attributable to any neglect on the part of" the director.
The potential fines for directors will be to the same maximum of £500,000 as they are for the companies themselves. As the ICO has long lobbied for this extension to its regulatory powers, it is to be expected that we will soon see examples made. So those directors who knowingly or negligently allow their companies to send unlawful electronic marketing should be looking over their shoulders.
Mishcon de Reya's expert lawyers can advise and assist on compliance with all aspects of electronic marketing laws, and associated regulatory action.