Home > News
Mind my data Click to visit the homepage
The basics
Plausible deniability
Employment agencies
Useful links
Open in a new window/tab
The Information Commissioner
Mailing Preference Service
Telephone Preference Service
Royal Mail junk mail opt-out
Register of data controllers
Analysis
My response to the ICO's tweet about policy
Are data controllers 'officially' lying to us?
Why do we need to accept a Privacy Policy?
Can I opt-out of a renewal quote under section 11 of the DPA?
Who's texting me about PPI?
Marketing corporate employees by e-mail

The ICO failed to act on TPS complaints

During the BBC Panorama interview, the ICO's Simon Entwisle told the interviewer that he lacked the powers to take action against the cold-calling companies that phoned individuals who had opted out with the TPS. Despite receiving thousands of complaints every month, Mr Entwisle said that 'We definitely are trying to take action against these individuals... we've only had the power to issue a fine since the end of January [2012] so it's early days yet'. I'm not convinced by Mr Entwisle's response.

A reporter from Panorama contacted me shortly before the programme aired but unfortunately it was the day before I was going on holiday and I didn't have the time to contribute my opinion. So here it is.

Mr Entwisle said 'we definitely are trying to take action'.

I have submitted many direct marketing related complaints to the ICO over the years and the one thing that I am sure of is that the ICO has a policy of trivialising this kind of complaint. Don't get me wrong, they will go through the motions; they'll write to the company and reach their conclusions, but they rarely prosecute. Indeed, the ICO are so reluctant to pursue direct marketing prosecutions that they refused to take any action against Barclays after conducting two separate assessments - Barclays simply ignored the advice given by the ICO after the first assessment. After the ICO concluded their second assessment I complained about the fact that they should be prosecuting Barclays and they advised me that it wasn't their policy to pursue prosecutions for direct marketing offences. Not their policy!

If it's the policy of the ICO not to prosecute for direct marketing contraventions then why is Mr Entwisle suddenly looking to take action for contraventions of the PECR, when his office won't take action against Barclays for twice failing to comply with my section 11 request. I've had to go to the ASANew window to see if they they're prepared to take action against Barclays but they have a different definition of direct marketing from the ICO so I've had to ask the ASA to review their definition of direct marketing so that it's compatible with the ICO's interpretation; so that it's compatible with the DPA, as interpreted by the ICO.

In my opinion, the reason why the ICO has failed to take action over the thousands of TPS complaints is because it isn't their policy to take action over direct marketing related complaints. And the only reason why they're "trying" to take action now is because they've been caught out and embarrassed by Panorama.

Mr Entwisle said 'we've only had the power to issue a fine since the end of January'

If an organisation phones you and the caller proceeds to promote their products or services to you while you're registered with the TPS, then unless they have obtained an informed indication of your consent, it's likely that they've failed to comply with the PECR. It's also likely that the organisation's data controller has failed to comply with the DPA, because the first data principle requires a data controller to satisfy at least one of the conditions at Schedule 2New window of the DPA. Assuming that the phone call is unsolicited (that the company did not obtain your consent) then the company would likely have to demonstrate that the phone call was made in pursuit of their legitimate interests and that the processing of your data to make the call wasn't unwarranted. Bearing in mind that the company has an obligation to consult the TPS list before phoning you, I fail to see how they could argue that the phone call wasn't unwarranted.

According to Mr Entwisle, the ICO has only had the power since January 2012 to prosecute for contraventions of the PECR... so why didn't he pursuit for failing to comply with the DPA instead? My point is, the ICO could have prosecuted if they'd wanted to, they just didn't want to. Saying that he didn't have the power to prosecute until January makes it sound like Mr Entwisle wanted to prosecute but wasn't able to... but that's not the case.

I've submitted an FOI enquiry to clarify whether the ICO could have prosecuted under the DPA for a contravention of the PECR. If they could then I'm going to escalate this matter.

Added: 11.07.2012