Keurboom: A Record Fine For Marketing Firm

Data Protection

Data Protection and Privacy Regulator, the Information Commissioner’s Office (ICO) has issued the largest ever fine to Keurboom Communications (Keurboom) for nuisance calls.

Keurboom made almost 100 million nuisance calls to people to see if they were eligible for road-accident or PPI compensation. The company breached privacy and communications laws by making the calls, sometimes at night, without the individual’s consent. The ICO received in excess of 1,000 complaints about the automated calls and as a result issued a record fine of £400,000. The current limit in respect of a financial penalty is £500,000 and the ICO has not previously levied fines to this amount.

Keurboom has since gone into liquidation but the ICO has said it is committed to recovering the full amount of the fine.

What are the legal issues?

The legal issues are that not only did the company make some of the calls at unsociable hours, it also made repeated calls to the same people, regardless of whether consent had been given or not and hid its identity so that it was harder for people to make complaints about the calls. The Privacy and Electronic Communications Regulations (PECR) require companies such as Keurboom to identify themselves clearly (rather than in a speed read of a pre-agreed script) and display their contact number. Many individuals receiving such nuisance calls will now have noticed that companies have stopped using ‘unknown’ numbers and now display phone numbers with local area codes or mobile phone codes. This step is merely designed as an attempt to make it appear that you may know the caller and are more likely to pick up.

A director of Keurboom stated that whilst nuisance calls were annoying, its actions were not illegal. The ICO, however, took a very different view and said that making automatic marketing calls without people’s consent was illegal. The PECR, which sit alongside the Data Protection Act, give individuals specific privacy rights in relation to electronic communications, one of the key ones being that companies should not be making unsolicited telephone calls to individuals without specific consent.

Data protection law changes

Companies undertaking automatic bulk marketing practices, such as nuisance calls and bulk electronic mailing, need to be aware of the laws surrounding such practices and ensure that they are fully compliant. The law on data protection is due to change on 25 May 2018 when the European General Data Protection Regulation (GDPR) comes into force and the fines which may be imposed under the GDPR are substantially higher than the position under the current law. Under the new legislation, regulators will have the ability to levy fines up to €20m or 4% of an undertaking’s worldwide turnover.

Contact us if you have any questions in relation to your current marketing practices, or if you require further information about the new data protection laws.

Tidman Legal is an Edinburgh-based firm of specialist intellectual property lawyers.