UK Data Protection E-news - April 2011



  1. PECR unwanted marketing phone call and e-mail breaches now punishable by £500,000 fine
  2. UK will require cookie consent but no immediate enforcement

1. PECR unwanted marketing phone call and e-mail breaches now punishable by £500,000 fine

Amendments to the Privacy and Electronic Communications Regulations (PECR), in force on 25 May, mean that the ICO will be able to impose its highest monetary penalty on organisations making unwanted marketing phone calls or sending unwanted marketing emails to consumers. The new fine will apply, as with the Data Protection Act, to the most serious breaches.

Data breaches in the telecoms sector will now have to be notified to the ICO in certain circumstances.

The ICO will also receive a power to require telecommunications companies and Internet service providers (ISPs) to provide its office with information that is needed to investigate breaches of the PECR. The ICO will also have increased audit powers over telecommunications companies and ISPs which may have some compulsory elements.

The Information Commissioner, Christopher Graham, said:

“The new powers are coming into force on 25 May. We will be issuing guidance to reflect the changes that are being introduced.”

2. UK will require cookie consent but no immediate enforcement

The government announced on 15 April that the UK will copy the so called cookie-clause requirements from the amendments to the EU e-Privacy Directive. Consent for the use of cookies is thus required, but the government says it will work with browser manufacturers to see if browser setting can be enhanced to meet these requirements.

Although the implementation deadline is 25 May, draft regulations have not yet been published. The current proposals make it clear that the Information Commissioner’s Office will publish further guidance.

Communications Minister, Ed Vaizey, said: “We recognise that work on the technical solutions for cookie use will not be complete by the implementation deadline. It will take time for meaningful solutions to be developed, evaluated and rolled out. Therefore we do not expect the ICO to take enforcement action in the short term against businesses and organisations as they work out how to address their use of cookies.”

The government is also supporting cross-industry work on third party cookies in behavioural advertising. Adverts may in the future have an easily recognisable icon so users can access more information and an option to refuse those and other cookies.

For further details on the Privacy Laws & Business UK Newsletter, please click here.

Copyright Privacy Laws & Business 2011