Recent changes to the law on the making of unsolicited calls for the marketing of claims management services will be welcomed by many, but they also make for an even more complicated regulatory landscape.
Since 1999 it has been illegal in the UK to make an unsolicited telephone call for the purposes of direct marketing, if the recipient is an "individual subscriber" (broadly – someone using their personal or home line) and has given prior notice that he or she does not want to receive it. And since 2003 it has also been illegal to make such calls to any recipient – including corporates – if they have similarly opted out of receiving them.
The position is, of course, different with direct marketing sent by email, or SMS, to individual subscribers – in those circumstances, the general position (subject to an exception for existing and certain prospective customers) is that such communications can only be sent with the prior consent of the recipient (and this year's General Data Protection Regulation – the GDPR – has clarified the definition of what is meant by "consent").
The current law regarding unsolicited direct marketing telephone calls is at regulation 21 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR). PECR also, at regulation 26, provide for a register (the Telephone Preference Register), originally maintained by OFCOM, and now operated by the Direct Marketing Association on behalf of the Information Commissioner's Office (ICO), to which one can subscribe, both as an individual or as a corporate, to indicate one's refusal to accept marketing calls.
However, on 8 September provisions in the Financial Guidance and Claims Act 2018 (FGCA) commenced, which had the effect of significantly amending PECR in respect of certain types of calls. Section 35 FGCA inserts a new regulation 21A into PECR, which provides that direct marketing calls in relation to "claims management services" can only be made where the recipient has previously consented to receive them (query how often this would happen!). A "claim" is defined broadly as "a claim for compensation, restitution, repayment or any other remedy or relief in respect of loss or damage", and a "claims management service" refers broadly to advice services, financial services or assistance, and referral services relating to such. Sanctions for breaches of the new 21A – specifically, monetary penalties to a maximum of £500,000 - will be under the Data Protection Act 1998, which continues to provide the enforcement mechanism for monetary penalties for PECR, despite being repealed for all other purposes.
Wider provisions in sections 21 and 22 of the FGCA, relating to unsolicited electronic marketing of pensions and other consumer financial products have not yet commenced, and need enabling secondary legislation to be made (a consultation with draft amendments to PECR opened on 20 July and closed on 17 August, with the government proposing – subject to Parliamentary timetabling – that the amending regulations be laid before both Houses some time in Autumn).
Whilst attempts to reduce the number of unsolicited marketing calls are likely to welcomed by many, it has to be said that the regulatory landscape regarding electronic marketing is now tremendously complicated – with some such communications requiring express consent of recipients, and others only being illegal if the intended recipient has actively opted out. One problem is that PECR are now 15 years old – and in the digital context this is almost prehistoric law. The European Commission's proposal to introduce an "ePrivacy Regulation", with direct effect and application across member states, should introduce modernity and consistency (as well as potentially significant changes requiring active consent for all direct electronic marketing). Yet there remain a number of complications around this – in part because industry and civil society lobbying over the proposed Regulation is intense, on both sides. But perhaps the most tricky aspect of all this - for those in the UK at least - is that, by the time the ePrivacy Regulation is passed, we may already have left – or be about to leave – the European Union to which it will apply.