The Information Commissioner’s Office (ICO) recently announced that it had issued a record £400,000 fine to Keurboom Communications Ltd for serious breaches of the Privacy and Electronic Communications Regulations 2003 (PECR). The case involved almost 100 million nuisance calls made between October 2014 and March 2016.
Not only does this decision highlight the risks of not adhering to the rules governing electronic communications with consumers but it acts as a timely reminder of the new e-Privacy Regulation (the draft Regulation) published by the European Commission in January 2017 which is intended to be brought in to replace the PECR in May 2018. One of the aims of the draft Regulation is to make providers of electronic communications services play a more central role in protecting their customers from security risks involved in using their services. As the draft Regulation is due to come in next year, businesses will therefore have to react quickly to implement any necessary changes once the final text is agreed.
The draft Regulation applies to any entity providing electronic communications services to end-users in the EU, whether or not that entity is based in the EU. It also proposes changes to the rules governing cookies, seeking to move away from obtaining users’ consent via website banners to obtaining consent through a user’s browser settings;
With less than a year to go before the proposed implementation date, retailers should be assessing the types of electronic marketing communications they send and how they obtain customer consent. This is likely to involve consideration of whether records being kept are sufficient to enable the organisation to demonstrate its compliance, as well as the review of contracts with any third party marketing providers.