Reform in line with GDPR:
In addition to the implementation of the General Data Protection Regulation (“GDPR”) there is also the intention of updating ePrivacy legislation so as to align the same with these new rules. Although the new ePrivacy legislation, as previously set out in the ePrivacy Directive 2002/58/EC, is intended to come into force alongside GDPR in May 2018, the new Regulation is not yet in approved form.
The purpose behind updating the ePrivacy legislation is to create a harmonised method of data and privacy management in every member state. Like with the GDPR, consent is highly important.
In the same way that consent is required under GDPR, consent in respect of the new ePrivacy Regulation is required to be:
- informed, specific and given freely and unambiguously;
- as easy to withdraw as it is to provide;
- by opt-in actions rather than silence or perhaps not opting-out;
- evidenced; and
- identifiable as independent from consent in respect of other terms and conditions.
Fines for nuisance calls
This month, Your Money Rights was fined £350,000 by the Information Commissioners Office (“ICO”) after making a staggering 146 million nuisance calls. Most of the calls were automated leaving the recipients feeling both harassed and threatened. Not only was the pure volume of calls shocking, but the calls made were made without the consent of the recipient and also did not disclose the name or contact details of the entity behind the call.
Furthermore, Easyleads Limited has also been fined a sum of £260,000 by the ICO for their making of 16.7 million automated calls where they did not have the recipients consent. Again, the company further broke the rules by failing to provide their company name and contact details.
The implementation of new ePrivacy legislation will prevent callers from withholding their number or require them to use a specific code so as they can be identified by the same. This will allow the recipient of the calls to block the number preventing further communication. This is in an attempt to reduce the amount of nuisance calls which can be viewed as harassment, particularly by the elderly or other vulnerable people.
Presently the fines have been directed to the companies themselves. The implementation of the new ePrivacy Regulation is intended to allow claims to be made personally against the Directors of any such company.
Liability of directors
The new Regulation is intended to include provisions allowing fines to be made personally against directors. This personal liability of directors for nuisance calls is intended to prevent them from avoiding fines, as done presently, by placing the company into liquidation. With the fines being made against them rather than the company, this unorthodox attempt of avoiding paying the fine is removed. Directors should be aware that any unlawful nuisance calls may have personal repercussions.
The new ePrivacy Regulation is also likely to alter how we accept and are affected by cookies. Under the GDPR, informed consent is required prior to processing and controlling a data subject’s data. Cookies monitor information regarding the visitors to the specific site and ultimately are a way of collecting an individual’s data. These will still be required to be consented to, as is often seen in banners or boxes on each individual site.
Presently, the procedure of having to accept cookies for each website you visit that uses them, although complying with the requirements, is a little cumbersome. Instead, the intention is to take a more user-friendly approach and for individuals to opt-in to receiving cookies during their browser set-up. However, whether this will be enough to satisfy the requirements for opting in is yet to be fully determined.
Please do read my previous articles on GDPR for further information and exploration of this topic. It may be worth reviewing the potential requirements under the ePrivacy Regulation alongside any developments so required to comply with GDPR. However, as the ePrivacy Regulation is still in draft form, there may be further changes to the legislation.
Should you wish to seek any tailored advice in respect of the above, my previous articles on GDPR or any other intellectual property matters please do not hesitate to contact me on 01908 660966 or email@example.com.