ICO and FCA publishes joint letter on data protection provisions and effective communications to savings customers

On 18 July 2023, the Information Commissioner’s Office and the Financial Conduct Authority published a joint letter sent to UK Finance and the Building Societies Association setting out whether data protection regulations stop firms from telling savings customers about better deals. The joint letter’s answer is that this “is not the case“.

There are a number of useful points from the joint letter including:

– Data protection law gives data subjects the right to object from direct marketing.

– But this does not stop firms from providing communications when requested, or required, by a statutory regulatory (for example, the FCA under the consumer duty). This is true even if the customer has ‘opted out’ of direct marketing.

– PRIN 2A.5.3R and PRIN 2A.5.5R (both of which implement the consumer duty) both require firms to communicate with their customers so that they can make informed decisions.

– The ICO’s guidance on direct marketing and regulatory communications explains how to draft such regulatory communications, and includes illustrative examples. Firms should use a neutral tone and avoid active promotion or encouragement.

– Firms can therefore send regulatory communications to all their savings customers that provide neutral, factual information about the interest rate and terms of the savings product they hold, the interest rate and terms of other available savings products, and what their options are for moving to another product.

Information Commissioner’s Office fines Hall and Hanley Limited £120,000 for instigating the sending of almost three and a half million spam direct marketing texts

On 3 May 2019, the UK Information Commissioner’s Office (the ICO) issued a monetary penalty notice (otherwise known as a fine) of £120,000 to Hall and Hanley Limited for sending unsolicited texts about potential payment protection insurance complaints to individuals.

The ICO decided Hall and Hanley Limited had breached Regulation 22 of the Privacy and Electronic Communications (EU Directive) Regulations 2003 (PECR) by instigating the sending over three and a half million unsolicited texts to individuals between January and June 2018. Whilst Hall and Hanley Limited did not send the text messages, the ICO was satisfied it was the instigator of those messages (and it did not have a valid consent to send them).

This is another example of the ICO using its powers under the PECR to issue significant monetary penalty notices to firms. For another example, see our earlier blog post.

Information Commissioner’s Office fines Grove Pension Solutions Limited £40,000 for instigating the sending of almost two million spam direct marketing emails

On 26 March 2019, the Information Commissioner’s Office (the ICO) published a press release confirming it had fined Grove Pension Solutions Limited £40,000 for breaching the Privacy and Electronic Communications Regulations 2003 (PECR) by being responsible for almost two million spam direct marketing emails.

The ICO decided Grove Pensions Solutions Limited had instructed a marketing agent to use third party email providers to carry out hosted marketing campaigns that advertised the company’s services.

Grove Pensions Solutions Limited has sought advice from a data protection consultancy and legal advice on its planned activity. But the ICO decided Grove Pensions Solutions Limited received “misleading advice”. For more information, please see the Monetary Penalty Notice.

This penalty notice shows two things: (a) the ICO’s continued enforcement action for breaches of PECR and (b) the importance of good advice.