Operation LINDEN aims to capture and share intelligence as well as plan, deliver and promote co-ordinated activity. This is to maximise enforcement opportunities against those responsible for breaching legislation associated with unsolicited marketing texts and calls.
The many regulators involved in operation LINDEN appear to share the same desired outcome, which is to protect the privacy and consumer rights of individuals and to improve compliance.
The Data Protection Act 1998 (DPA) currently governs the processing of personal data within England and Wales. However, this will soon change with the implementation of the new Data Protection Bill which will incorporate the General Data Protection Regulation 2016 (GDPR) into domestic legislation and become the amended DPA.
The Privacy and Electronic Communications Regulations (PECR) sit alongside the DPA, although they do set out some extra rules and give people specific privacy rights in relation to electronic communications. Most importantly, there are specific rules on marketing calls, texts, emails and faxes contained within PECR. Individuals and organisations therefore, should ensure compliance with the DPA and PECR if they wish to avoid scrutiny under operation LINDEN and consequently be subject to enforcement action by the ICO or relevant regulatory body.
The co-ordinated activity and shared intelligence of various regulatory bodies and commissions continues to ensure operation LINDEN is achieving its aim of “cracking down” on unsolicited electronic marketing.
For example, in 2016/17 a total of 166,099 complaints were submitted directly to the ICO online reporting tool; 82,011 automated calls, 65691 live calls and 18,397 SMS. In comparison, the total number of complaints received in 2015/16 was 159,546.
The slight increase in 2016/17 could be attributed to the ICO improving their online reporting tool in response to operation LINDEN which enables the public to more easily report individual concerns.
The Gambling Commission have continued to receive intelligence from the ICO’s monthly threat assessment and have reviewed their Codes with a view to including references to PECR.
In addition, the Claims Management Regulation Unit (CMRU) have continued to share intelligence with the ICO and have also issued joint guidance with the Advertising Standards Agency (ASA) on misleading marketing.
The Fundraising Regulator have been working with 13 charities to ensure no recurrence of DPA and PECR breaches and in support of operation LINDEN launched the Fundraising Preference Service on 6th July 2017.
Furthermore, the Citizens Advice Bureau are also involved and have been passing data to the ICO and CMRU with regards to nuisance calls.
Enforcement Summary 2016/2017
The collaborative surveillance of unsolicited marketing communication has seemingly maximised enforcement opportunities which is evident in the enforcement updates from 2016/17. In particular, as a result of operation LINDEN, the ICO have issued 23 monetary penalties for PECR contraventions, 9 Enforcement Notices and 18 companies are now placed on monitoring.
Within the charities sector, investigations have resulted in 13 civil monetary penalties being issued to the value of £181,000. In total, 17 meetings about DPA/PECR compliance with 15 charities and two call centres have been held, resulting in 3 charities being placed on monitoring.
It is clear that the regulatory bodies are determined to stop unsolicited marketing and ensure that the privacy and consumer rights of individuals are at the forefront of organisations’ marketing strategies.
This operation is evidence that the ICO is committed to assisting businesses and public bodies to prepare and meet the requirements of the GDPR ahead of May 2018, given that under this new regulation, privacy rights of individuals are to be significantly strengthened.
If you require advice on direct marketing issues, need help preparing for GDPR compliance or are the subject of enforcement action by a regulatory body please contact Andrew Swanor Sheila Ramshaw.