The Committee consisted of the following Members:
Chair: Ian Austin
† Beckett, Margaret (Derby South) (Lab)
† Campbell, Mr Alan (Tynemouth) (Lab)
† Dodds, Anneliese (Oxford East) (Lab/Co-op)
† Gibson, Patricia (North Ayrshire and Arran) (SNP)
† Glen, John (Economic Secretary to the Treasury)
† Herbert, Nick (Arundel and South Downs) (Con)
† Howell, John (Henley) (Con)
† Jenkyns, Andrea (Morley and Outwood) (Con)
† Jones, Susan Elan (Clwyd South) (Lab)
† Keegan, Gillian (Chichester) (Con)
† McCarthy, Kerry (Bristol East) (Lab)
† Pawsey, Mark (Rugby) (Con)
† Thomas, Derek (St Ives) (Con)
† Vickers, Martin (Cleethorpes) (Con)
† Walker, Thelma (Colne Valley) (Lab)
† Whitfield, Martin (East Lothian) (Lab)
† Whittaker, Craig (Lord Commissioner of Her Majesty's Treasury)
Bradley Albrow, Matthew Congreve, Committee Clerks
† attended the Committee
Sixth Delegated Legislation Committee
Wednesday 12 December 2018
[Ian Austin in the Chair]
Draft Privacy and Electronic Communications (Amendment) (No. 2) Regulations 2018
I beg to move,
That the Committee has considered the draft Privacy and Electronic Communications (Amendment) (No. 2) Regulations 2018.
It is a pleasure to serve under your chairmanship again, Mr Austin. For most people in the UK, pensions are their largest financial asset, but that, unfortunately, makes pensions an attractive target for fraudsters. Pension scams can have a significant and devastating impact on people’s lives. Scams can lead people to face retirement with a greatly reduced income and unable to build their pension savings back up.
From recent debates in the other place, I am aware of the strength of feeling on tackling cold calling. As well as being a nuisance, cold calling is the most common method used to initiate pension fraud. According to Citizens Advice’s most recent statistics, 97% of pension fraud cases brought to it originated from a cold call. That is why the Government are taking action to ban pensions cold calling.
Before I discuss the regulations, I will briefly explain how the current system works. The Privacy and Electronic Communications (EC Directive) Regulations 2003—PECR—permit firms to cold call consumers for marketing purposes, subject to a couple of exceptions, which are where the consumer has notified the caller that they do not wish to receive such calls, or has listed their number on the telephone preference service. The current regime, therefore, permits cold calling unless a consumer has proactively opted out.
The purpose of these regulations is to amend PECR in order to much more tightly restrict firms from cold calling consumers about their pensions. The regulations do that by creating an explicit opt-in regime that prohibits all such calls unless one of two tightly drafted exemptions applies and the caller is authorised by the Financial Conduct Authority or is the trustee or manager of a pensions scheme. The exemptions mean that the ban does not have an unnecessary or disproportionate impact on legitimate activities.
It is important to highlight that the exemptions do not apply to so-called introducers, which are the marketing firms that seek to establish leads that they then pass to financial advice firms. Introducers undertake the majority of pensions cold calling. Under the proposed regulations, there are no circumstances under which introducers are permitted to call consumers about their pensions.
The first exemption applies where the consumer has given consent to the caller to receive direct marketing calls about their pension. It has been included so that consumers can seek information on pension products. The regulations are fully in line with the general data protection regulation, which sets a high standard for consent. Consent must be actively given—for example, the use of pre-ticked boxes is not permitted.
The second exemption applies where the consumer has an existing client relationship with the caller, such that they would expect to receive such calls. It means that individuals can receive information about investment opportunities from firms with which they have a client relationship.
To help to future-proof the regulations, the definition of “direct marketing in relation to pension schemes” has been drafted widely, which will help to ensure that we capture new activities that may evolve in future, as well as activities that we know scammers already use.
On the changing approach taken by the scam companies, will the regulations cover the use of texting and contact through messaging? I know from constituents’ experiences that a response by way of text is deemed to be consent and they then get the phone call.
I am grateful to the hon. Gentleman for making that point. The pensions cold calling ban does not include direct marketing via texts and emails, because they are already closely restricted under PECR. Under regulation 22, texts and emails are restricted unless consumers have given consent. That is an opt-in regime.
Those regulations deal with that matter; I am dealing today with the banning of cold calling. I will move on to enforcement, and then I will be happy to respond.
The ban will be enforced by the Information Commissioner’s Office, a world leader in the protection of information rights. The ICO’s tough enforcement powers include fining offenders up to £500,000. I am also pleased to say that from Monday next week, 17 December, directors of companies making unlawful calls may also be personally liable for penalties of up to £500,000.
What I mean is that there is scope for them to be fined up to £500,000, according to the breach that they have committed. That will be a matter for the ICO to adjudicate.
I would like to take this opportunity to thank industry and charity stakeholders for their engagement with the consultation over the summer. As a consequence, I am pleased to say that we have a set of regulations that our stakeholders can get behind. I emphasise that the Government do not consider this ban to be “job done”. We understand that scammers are skilled at adapting to circumstances and that scams are constantly evolving. As such, we will continue our efforts to understand and take action on future scams.
Project Bloom, a cross-Government taskforce established in 2012 and currently led by the Pensions Regulator, continues its work to tackle scams and identify emerging threats. In addition, the Government are committed to limiting the statutory right to transfer, to help prevent funds transferring from occupational pension schemes into fraudulent ones.
In conclusion, the Government believe that the proposed legislation is necessary to help protect consumers from pension fraudsters, and I hope colleagues will join me in supporting the regulations, which I commend to the Committee.
I am grateful to the Minister for explaining the rationale for the measures. Of course, we have talked in previous Committees about other statutory instruments arising out of them. This is a significant problem; I understand that more than 11 million pensioners, in particular, are being targeted annually by cold callers, with fraudsters making 250 million calls a year, which is the equivalent of eight per second. That is a huge problem, and behind those figures there is a significant human impact on some vulnerable people.
As the Minister will be aware, during the Committee stage of the Financial Guidance and Claims Act 2018 the Labour party called for the FCA, rather than the ICO, to be given functions in respect of the ban on unsolicited direct marketing relating to pensions. The FCA has much stronger powers than the ICO and can strike off members who contravene the rules. We also called for an offence to be created for the use of information obtained through cold calling.
Will the Minister explain his response to those points? I have looked through the accompanying material and it is not crystal clear to me which body will be responsible for enforcing the ban, or whether the respective powers of the FCA, as against those of the ICO, have been taken into account in this determination.
I am concerned about the restricted powers of the ICO. I am sure that the Minister is aware of the views of various representative bodies. In particular, the Fair Telecoms campaign has intimated that the ICO has restricted means of ensuring compliance. I recall sitting on a previous Committee examining delegated legislation related to other parts of the Act, where we discussed transferring authority to the FCA precisely because it is a more powerful and authoritative body. It would be useful to hear more about that.
Secondly, it would have been helpful to ban the use of information derived from cold calls. That would have resulted in firms that provide financial services covered by the FCA being banned from using information gathered by introducers, thereby breaking that part of the chain. I know that that idea was not accepted by the Government, but has the Minister considered other means of dissuading such forward use of that information?
Thirdly, perhaps I have not got to grips with the relevant part of the legislation, but it is not clear to me exactly who the draft regulations will cover with respect to the telephone preference service register. The Fair Telecoms campaign maintains:
“This change in regulation will only affect the behaviour of callers who are currently checking numbers on the TPS register before making calls. For those who do not it simply adds to the cases that may be the subject of action by the ICO, rather than making any significant change.
Targets with their numbers on the TPS—the basis for many of the statistics given about the volume of calls alleged to be covered—are not affected in any way by this measure. It is understood that 80% of UK households have their number recorded on the TPS. At best, this measure can only affect the remaining 20%.”
Will the Minister clarify whether the draft regulations are focused on those not covered by the telephone preference service? If so, is it the Government’s view that the service is sufficient? It would be helpful to hear the Government’s thinking on the matter.
Fourthly, the Minister states that the draft regulations are in line with GDPR requirements, but some have suggested that their consent provisions are weaker than those in the GDPR. It would be helpful to understand where the exact language used about consent in the draft regulations has come from and why it is formally different from the language used in the GDPR.
Fifthly, as I understand it the regulations are drafted to cover only cases in which there is specific reference to
“funds held, or previously held, in an occupational pension scheme or a personal pension scheme”.
Cases in which a caller fails to make specific reference to the source of the funds that may be used for an unwise investment will therefore not be covered. Is the Department aware of that potential loophole? We can all imagine a particularly inventive and devious caller simply manipulating their sales script to comply with the letter but not the spirit of the draft regulations by talking in general terms without referring to a specific existing personal or occupational pension scheme.
Finally, may I push a little harder on the issue raised by my hon. Friend the Member for East Lothian? Would a response to a text message that was legal under PECR be sufficient to enable future cold calls within this regime?
I welcome the proposals, as far as they go. The Minister may be aware that I have long campaigned against the whole culture of cold calling on the grounds of the distress, disturbance and alarm that it causes and the door that it leaves gapingly open to scammers of all kinds.
I was interested to hear the Minister say that the UK Government will implement my Bill to make named directors responsible, the Unsolicited Marketing Communications (Company Directors) Bill—in September, I think he said. The Government exactly reprinted and resurrected my Bill in the name of one of their own Back Benchers; that was ironic, given that one of the Bill’s goals was to deal with scammers, but its implementation is very welcome. However, there is a very serious point to be made.
If all consumers are to receive welcome protection from cold callers on receipt of their pension, surely the Government must concede that cold calling, in and of itself, leaves all consumers open to fraud or heavy-handed sales techniques. So far, at least, it seems that protection from cold calling is not to be extended to all consumers. I know that that issue is not in the Minister’s remit today, but it is an interesting point. Will he explain why the Government are not extending that protection? There has been a delay of more than two years in the important policy of using named directors’ responsibility to protect not only those with pension pots, but all consumers.
I welcome the common-sense approach outlined by the Minister under which the consumer will be able to receive marketing calls about their pension if they have explicitly consented to that. Of course, explicit consent cannot mean just ticking a tiny wee box at the bottom of a page of very small writing; it has to be more robust than that. People should not opt in to receive pension marketing calls by accident. Opting in must be clear and explicit. What assurances can the Minister give about that?
We are told that the general data protection regulation
“sets a high standard for consent”.
Will the Minister give us more detail about what that high standard looks like and what it involves?
I have concerns about the ICO being able to take action against organisations that contravene the regulations. We know that, in the past, companies that faced heavy penalties from the ICO for various breaches simply closed down and reopened with the same staff and premises under a different name. That is why named director responsibility matters so much. I welcome the Minister’s comment that it will be enshrined in law in September—
Excellent. I am very pleased to hear what the Minister has to say, and I welcome that. I have waited a long time for it. There has been a delay over named director responsibility. We want it not just for people with big pension pots, important as they are, but for all consumers in all industries. The two-year delay was a wasted opportunity. I wonder how many people have been swindled while we have waited.
The ICO can take any enforcement action it likes, but without named director responsibility it is a paper exercise because companies simply phoenix and evade their responsibilities. Penalty notices without named director responsibly are pie in the sky; they will not deter scammers.
I welcome these measures, and I am very pleased to hear about the December deadline that the Minister set out. I think he understands my reservations about this not being extended across every industry. For pension pots, this will stop scammers calling people without fear of reprisal and, when they receive a notice of penalty, simply putting it in the bin because it does not mean anything.
I urge the Minister to go back to his colleagues and make the case for real protection for all consumers in all industries. The Government supported named director responsibility for this measure, but we need to stop scammers across the board, not just in the area of pensions.
I thank the hon. Members for Oxford East and for North Ayrshire and Arran for their points, which I will try to respond to as fully as I can. I will start with the last point, about the delay. All I can say is that, since I have been in office, this is something I have focused on. It came out of the legislation that was introduced in the spring. I am pleased that we are at this point. I cannot account for the delay fully, but I am glad we are at this point today.
The hon. Member for East Lothian asked whether, if someone has opted into receiving text messages, they are opting into receiving calls. The answer is no, because the GDPR requires granular consent to something clear and specific. Consent to receiving a text is not consent to receiving a call.
Just to clarify, the experience that I am aware of is that a text message was used, which itself invited consent. The caller used the consent given by the response to the text message to phone again. The measure talks about the specific line that the caller has been authorised to use, but I wonder whether the Minister understands that, in the regulations, the consent to approach a person has to be for the telephone number/line, in which case the text messaging system would not be consent at any time.
As I say, text messages are not the subject of these regulations, which relate to the PECR. I am relying on box notes to clarify the point. I will have to take this away and write to the hon. Gentleman. I understand the specific example that he has raised, and I will not leave him in any ambiguity on that point. Currently, my understanding is that one cannot opt in to receive cold calling by text message, but I will write to him as soon as I can on that matter.
The hon. Member for Oxford East raised issues relating to the ICO and the FCA. I will not rehearse those points again, as we have already have discussed them, but I will respond to the concern about the effectiveness of the ICO as an enforcement body. The ICO will enforce restrictions on unsolicited electronic direct marketing under PECR, and it is appropriate that the planned ban is enforced through that existing framework. As we have discussed, the ICO has tough enforcement powers, including a fine of up to £500,000. There would be a risk of confusing consumers and industry if we had different cold calling enforcement regimes for different sectors. If the Committee agrees to introduce the ban, the FCA will work closely with the ICO where breaches of the rules by FCA-authorised firms are identified and, crucially, the ICO will be able to enforce bans on introducers that are outside the FCA’s remit, because they are not FCA-authorised firms.
The hon. Member for Oxford East also talked about the telephone preference service. This statutory instrument would change it from an opt-out to an opt-in regime, which makes restrictions on pensions cold calling much tighter. In addition, although not all consumers are aware of the TPS, those listed on it would still be protected by the ban.
The ICO’s guidance is indeed clear that consent under PECR is to be understood in accordance with GDPR. Although the FCA is not prohibiting the use of personal data collected by third parties through cold calling, the Government and the FCA will keep the proposal under review as the effectiveness of the ban is monitored. An authorised firm that accepts business from an introducer must meet the FCA’s regulatory requirements, including carrying out due diligence on the introducers they transact with. If customers are given unsuitable advice by an introducer, the authorised firm may be held responsible and subject to regulatory action. The FCA has alerted investment advisers and authorised firms to their responsibilities when accepting business from unauthorised introducers or lead generators. Organisations are already required to process or handle personal data in accordance with the Data Protection Act 2018 and GDPR.
I assure the hon. Members for Oxford East and for North Ayrshire and Arran, and the Committee as a whole, that the Government are engaged in an ongoing process. As I said in my opening remarks, this is not “job done”. I recognise that there are a range of concerns from consumer organisations and different parts of the industry about whether further restrictions or bans should be in place. One of the reasons for the draft instrument is that, in future, we can introduce additional restrictions more speedily should they be required.
On a slightly different topic, in 2015, a constituent of mine, 92-year-old Olive Cook, committed suicide by throwing herself over the Avon gorge. That hit the national headlines because she had been inundated with calls from charities. She was on the databases of 99 different charities, and a lot of them would trade in her details. To stop cold calling now, has the Minister considered the lessons that we tried to learn and the work of the Charity Commission to try to stop cold calling following that incident?
I am extremely sorry to be reminded of that case. The regulations introduce a ban on pensions cold calling, but I would be happy to look into the matter and see what the collective conclusion of Government was on that particular case and its implications. I am happy to examine that in the context of my previous remarks.
The hon. Member for North Ayrshire and Arran spoke about a more comprehensive cold calling ban. As I tried to indicate, pensions cold calling is a special case where levels of consumer detriment are particularly high. The Government are committed to taking action. I accept that, for some, action has not been taken as quickly as it could have been, but a balance has to be struck between ensuring that consumers are adequately protected and providing the right conditions for legitimate direct marketing industry to operate.
I am happy to look at appropriate additional measures, in the light of the evidence presented. I would like to draw the Committee’s attention, for example, to situations where utilities companies use calls to prospects to secure a switch to their service, or where the publishing industry uses calls to consumers who have indicated some affinity with the brand. Many national newspapers and magazine publishing houses use that approach. I am not, in this response, indicating that the Government are closed off to any further moves, but it has to be done on an evidential basis.
Fraud is fraud, and with actionable fraud the police can be contacted in such circumstances. With respect to the cold calling mechanism, I have said all I can on that. The Government are open on the basis of evidence to move forward.
The hon. Lady also raised the issue of how the Government will ensure that consumers do not accidentally give consent through ticking a box on a form. To give clarity on what GDPR sets out, it is a high standard of consent, requiring a positive opt in. Any default method, such as a pre-ticked box, does not constitute consent under GDPR, as I made clear in my opening remarks. Guidance to firms on complying with GDPR highlights that that request for consent must be prominently displayed, clear and specific, and separate from the terms and conditions.
I hope that that deals—
I am sorry to interrupt the Minister, who has been generous and helpful in his responses. I have one question remaining, which might fit into the rubric of what he has said about Government being open to further tightening, if necessary. I have handed over my speaking notes, but I recall that the legislation refers specifically to occupational or other pension schemes, and how a scammer or somebody selling inappropriately could use general talk of pensions to get into that conversation, and thus creatively comply. Will the Minister’s Department look at that carefully?
I am clear that this is about pensions cold calling. I understand what the hon. Lady is saying about loopholes, in the sense that that conversation could hide that intent. It would be appropriate for me to reflect on that and write to the hon. Lady and the Committee. She raises a fair point, and the last thing we want to do is leave such ambiguity out there.
To conclude, this legislation will make a real impact in tackling pensions scams, deterring pensions cold callers by making their actions illegal and signalling to consumers that legitimate companies will not cold call them about their pensions. I hope the Committee will have found the sitting informative and will join me in supporting the regulations.
Question put and agreed to.