European data protection law gives individuals (and some business people) the right to prevent direct marketing approaches. When it comes to the telephone channel, this right can be exercised by the individual signing up to a Do Not Call or Telephone Preference list or by notifying the company directly that they do not want unsolicited calls.
Recent regulatory action by the UK’s Information Commissioner has emphasized the need for outbound telemarketers to be sure that they can accommodate both of these routes to withhold consent. Companies are now receiving swingeing monetary penalties for making unsolicited calls to individuals without their consent.
Some of the punished companies were not cleaning telemarketing lists against the UK’s Telephone Preference Service. This is a legal requirement under the Privacy and Electronic Communications (EC Directive) Regulations 2003. The only exemption from this rule is if the individual has given clear “consent” to the calls. This consent has to be obtained by telling the individual that calls will ensue and giving an opportunity to opt-out (or opt-in if the company concerned wants positive consent). Even if an individual has given consent it is only “for the time being” and can be withdrawn at any time.
The ICO has also taken action where individuals have asked companies directly to stop calling and their wishes have not been acted upon. Other organisations (including the major UK political parties) have been censured in the past for making automated recorded calls to individuals. The regulations state that these calls can only be made where the individual has opted-in to receiving them.
It is likely that this is only the beginning of an increased pattern of enforcement in the arena of outbound cold calling. UK DMA statistics show that this form of marketing is regarded as the most intrusive of the direct channels and, it is consumer complaint which generally drives the ICO to take action.
Published May 2015
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.