Update: Ban on unsolicited marketing calls to members of pension schemes

• United Kingdom

• Privacy, data protection and cybersecurity

13-11-2018

It is estimated that 10.9 million consumers have received unsolicited contact about their pensions since 2015. In this context, the government has proposed a draft amendment to The Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”), to be known as ‘The Privacy and Electronic Communications (Amendment) (No 2) Regulations 2018’. Its purpose is to implement a ban specific to pensions related cold calling. A response to the consultation on the draft amendment, which ran from 20 July to 17 August 2018, has now been published.

The ban that is proposed would, we suggest, be a welcome comfort for trustees whose schemes have members who have been pestered by cold calls from unknown third parties. Members’ interests will be better protected.

What is changing?

These types of cold calls are unsolicited marketing. PECR as it stands does not require a consent for them, unless they are automated calls. PECR does require the caller to screen against the TPS (Telephone Preference Service) and it bans calls to individuals who have opted out of unsolicited calls in that way. Not all members are signed up to TPS, or even know about TPS.

Firms making these cold calls in relation to pension schemes would already infringe the General Data Protection Regulation (EU) 2016/679 (“GDPR”) should they use personal data (eg names, telephone numbers, details of entitlements under the scheme) for marketing purposes without a lawful reason (which could potentially be consent or legitimate interests) and without satisfying the fairness and transparency principle (e.g. by explaining that this information will be used in this way in a privacy notice).

The proposed amendment means additional risk for callers under PECR. At present, unless the member has opted-out from receiving marketing calls by registering on the TPS, PECR does not ban the caller from using the telephone number to make an unsolicited marketing call, unless the member has previously notified the caller that calls should not be made on that line. The problem is that in most cases, he or she cannot realistically be expected to have done this - the caller is unknown. So there is a gap to be plugged by the proposed amendment.

Marketing emails and SMS messages to individuals (including members) are already subject to a consent requirement under PECR, except in narrow circumstances.

The ban proposes to amend regulation 21 of PECR. New regulation 21B will prohibit cold calling specifically in relation to pensions unless the caller is authorised by the Financial Conduct Authority, or is the trustee or manager of an occupational or personal pension scheme. Realistically, we expect that few trustees or managers would want to make these kinds of calls.

In addition, even if the caller falls within the descriptions above, under new regulation 21B the recipient of the call (here, the member) must;

(i) have given consent to the marketing calls by the caller,

(ii) have an existing client relationship with the caller, such that the recipient might reasonably envisage receiving pension cold calls, and

(iii) be given a simple means of refusing the use of his or her contact details for the direct marketing, at the time the details were initially collected, and at the time of each subsequent communication.

The consultation has found that the vast majority of pensions cold calling is undertaken by lead generation firms who pass member details to financial advisers. The ban will make the vast majority of pensions related cold calls illegal.

Firms who do consider their unsolicited calls to be in compliance with GDPR will (if this ban is implemented) have to overcome these new PECR hurdles.

The Information Commissioners Office (“ICO”) is empowered to enforce PECR as well as GDPR. The current maximum penalty for contravention of PECR is £500,000, although the government has stated that they are keeping this level of penalty under review. GDPR fines for the processing of personal data involved in these types of calls can be far higher. The ICO has a track record of enforcement activity for PECR-related contraventions and this can be picked up in national and local press.

What are the next steps?

The government intends to lay the draft regulations in parliament in Autumn 2018 and, subject to parliamentary approval, make the regulations and bring them into force as soon as possible after that.