Regulation Hub Update - March 2023

This article is written by Steve Sullivan, the Deputy Chair of the Contact Centre Council.

It’s been a quiet start to the year for the ICO in terms of enforcement and fines, but as you can see both 2021 and 2022 have shown historically high levels of regulatory activity, which is likely to continue.

In addition, the ICO has now started publicising when it reprimands organisations for data protection failings, but falls short of fines or enforcement actions.

However, it’s still almost always the case that fines generally, and especially those to do with contact centres, are imposed when companies fail to obey the PECR rules. Typically these are:

• Failing to screen outbound calling data against the TPS and CTPS
• Mis-using CLIs (outbound calling numbers)
• Sending marketing emails without proper consent or permissions
• Buying and renting third party prospect data which doesn’t have reliable provenance or contact permissions

DPDI (Data Protection & Digital Information bill) Still on Track

“Despite Rishi Sunak’s recent mini-reshuffle and re-organisation of government departments, which resulted in oversight of the ICO moving from the DCMS (Department for Culture, Media and Sport) to the new Department for Science, Innovation and Technology (DSIT) the ‘on again, off again’ new data protection bill is now back on track.

With measures including:

• an increase in the level of potential fines for PECR infringements to the GDPR’s 4% of global turnover
• affirmation of key role of legitimate interests as a legal basis for marketing
• granting charities the right to use the same ‘soft opt-in’ for emails as commercial firms
• a less onerous set of rules around cookies and cookie banners, and
• a promised lowering in the amount of compliance paperwork

The DMA has given the new Bill a warm welcome:

“The DMA has collaborated with the government throughout the Data Protection and Digital Information Bill (DPDI)’s development to champion the best interests of both businesses and their customers. We are confident that the bill should act as a catalyst for innovation and growth, while maintaining robust privacy protections across the UK – an essential balance which will build consumer trust in the digital economy.”

Experian Wins Appeal

Experian has been largely successful in its appeal against the ICO's initial judgement in 2020 that its data privacy standards were inadequate and out of step with the other big credit reference agencies (CRAs), Equifax and TransUnion. The ICO had argued that Experian was less transparent in its use of personal financial data, especially for direct marketing services which the other CRAs had moved away from.

However, the Information Rights Tribunal disagreed and mostly found in favour of Experian.

The DMA’s Chris Combemale welcomed the decision saying “The Tribunal ruling reaffirms key principles for the use of Legitimate Interests for direct marketing, particularly that any balancing test must take into account the economic benefits and the benefits to the individual of receiving the relevant offers. The DMA agrees fully with the Tribunal’s judgement that receiving more relevant offers are unlikely to cause any distress or harm and are more likely to create benefits”.

The DMA has been granted a further one year extension to its contract to run the TPS on behalf of the ICO through to summer 2024.

Numbers on both the TPS and CTPS (Corporate TPS) remain quite static.

Ofcom abandons abandoned and silent calls

After 16 years, Ofcom has formally wrapped up its programme looking into silent and abandoned calls.

Over the past 6 years complaints to Ofcom about silent and abandoned calls has fallen by 65% and ‘bad actors’ are now more interested in overt scams and fraud rather than just annoying sales calls.

Ofcom is shifting its focus to these scam activities, including the ‘spoofing’ of legitimate brands’ numbers by rogue telemarketers.

Ofcom’s latest quarterly complaints analysis – using data from Q3 2022 – again shows that Virgin Media, BT Mobile and Shell Energy are performing poorly.

Although all 3 are no doubt working very hard to turn things around, the challenge of breaking the cycle of dissatisfaction and complaints is hard work. See below for an idea of much harder still this is likely to be for energy sector contact centres.

ICSS Sites Causing “Widespread Consumer Detriment”

Despite announcing that it was planning to wind itself up and hand its remaining responsibilities back to Ofcom, the PSA has been keeping busy. Its review of ICSS (Information, Connection, Sign-posting Services) has found “widespread consumer detriment”.

ICSS sites are the sites which pay for high Google rankings and – a cynic would say – attempt to pass themselves off as the legitimate site. This results in very high call charges if they are used to make contact with an organisation (or marked-up fees if their links are used to buy a service [e.g. paying the Congestion Charge or ULEZ, apply for a passport or driving license, etc] – which wouldn’t directly come under the PSA’s remit).

The PSA’s review suggest that the current rules aren’t working – though rogue ICSS sites are regularly closed down by the PSA and their owners fined – so the PSA Code is likely to be amended as a result.

Suppliers ‘Must Improve’ as the Gas and Electric Doom Loop Continues

Ofcom’s latest ‘deep dive’ into the customer service and complaint handling performance of the 17 biggest suppliers has found that all had ‘weaknesses’ These included:

And one of the biggest players, E.ON, has been served a Provisional Order to improve by Ofgem – which is a big ask when energy sector contact volumes are 300% above pre-crisis levels.

Content accurate as of 8^th March 2023

See more from the Contact Centre Council here.

If you're interested in joining the Contact Centre Council, please contact Councils@dma.org.uk