Skip to main content

Privacy and Electronic Communications (Amendment) (No. 2) Regulations 2018

Volume 794: debated on Wednesday 28 November 2018

Motion to Approve

Moved by

My Lords, for most people in the UK, their largest financial asset will be their pension, which unfortunately makes pensions an attractive target for fraudsters. As I am sure the House is aware, pension scams have had devastating consequences. Scams can leave people to face retirement with limited income, unable to rebuild their pension savings. Cold calling is not only a nuisance but the most common method used to initiate pension fraud. I am aware of the strength of feeling on tackling cold calling from recent debates in this House and in Committee. According to Citizens Advice, the most recent statistics show that 97% of pension fraud cases brought to it originated from a cold call. That is why the Government are taking action to ban pensions cold calling.

Before we discuss the legislation I will present to the House today, allow me to briefly explain how the current system works. Currently, the Privacy and Electronic Communications Regulations 2003, or PECR, permit firms to cold call consumers for marketing purposes, subject to a couple of exceptions: where the consumer has notified the caller that they do not wish to receive such calls, or has listed their number on the telephone preference service. The current regime therefore permits cold calling unless a consumer has proactively opted out.

The purpose of the legislation under discussion today is to amend PECR in order to much more tightly restrict firms from cold calling consumers on their pensions. It does so by creating an explicit opt-in regime prohibiting all such calls unless one of two tightly drafted exemptions applies. Importantly, the exemptions do not apply to so-called introducers. Introducers are the marketing firms which seek to establish “leads” which they pass to financial advice firms. It is introducers who undertake the majority of pensions cold calling.

The ban will make it clear to consumers that any pensions cold call they receive from an unknown caller is illegal and likely to be a scam call, so they should hang up. To help future-proof the regulations, the definition of,

“direct marketing in relation to pension schemes”,

in the SI has been drafted widely. This will help to ensure that we capture new activities which may evolve in future, as well as activities that we know scammers already use today.

So that the ban does not have an unnecessary or disproportionate impact on legitimate activities, the Government have provided two narrowly defined exemptions. The first is where the consumer has given consent to a caller to receive direct marketing calls on their pensions. This exemption has been included so that consumers seeking information on pension products are able to do so. The SI is fully in line with the GDPR, which sets a high standard for consent.

The second exemption is where the consumer,

“has an existing client relationship with the caller”,

such that they would expect to receive such calls. This is so that individuals are able to receive information about investment opportunities from firms with which they have a client relationship. Crucially, the exemptions apply only where the caller is authorised by the Financial Conduct Authority or is the trustee or manager of a pension scheme. This means that there are no circumstances in which introducers, as defined, are permitted to call consumers on their pensions.

As many noble Lords will be aware, a similar ban on cold calling by claims management companies was implemented through the Financial Guidance and Claims Act 2018, which was skilfully taken through your Lordships’ House by my noble friend Lord Young, who joins me on the Front Bench this evening. The present SI has been drafted so as to achieve a consistent approach to both bans. The ban will be enforced by the Information Commissioner’s Office, a world leader in the protection of information rights. The Information Commissioner’s Office has tough enforcement powers, which include fining offenders up to £500,000. From 17 December 2018, directors of companies making unlawful calls may be personally liable for penalties of up to £500,000.

The Government are working with partners across the public, private and charity sectors to ensure that news of the ban reaches as many people as possible. To support the industry to keep within the law, the Information Commissioner’s Office will publish updated guidance when the ban comes into force. I will take this opportunity to thank stakeholders across the industry and the third sector for their helpful comments on the drafting of the regulations through consultation over the summer. As a consequence, I am pleased to say that we have a set of regulations which our stakeholders can get behind.

In summary, the Government believe that the proposed legislation is necessary to tackle the scourge of pension scams and help protect customers and consumers from pension fraudsters. I hope that noble Lords will join me in supporting these regulations and I commend them to the House.

My Lords, I welcome these regulations, which restrict firms in cold-calling individuals regarding their pension schemes. The Explanatory Memorandum was clear and helpful in setting matters out. This was a point of considerable concern during the passage of the Financial Guidance and Claims Act 2018, when the Government gave a commitment to ban cold calls on pensions. It is pleasing to see the product of that commitment in these regulations.

As we all know, the threat of pension scams—in fact, the threat of financial scams—is a growing problem. The scale of these unsolicited calls and the number of people impacted is alarming. The estimates from the Money Advice Service indicate that there are 250 million scam calls per annum. Most cases involving pension scams start with cold calling and if someone is scammed out of their pension savings, the effect can be not only devastating but lifelong and irreversible. Scams can originate from sources other than onshore cold callers—for example, from social media and offshore callers—but these regulations will make a significant contribution to protecting individuals. I acknowledge that there are many positives in the regulations. The definition of direct marketing set out in paragraph (5) of new Regulation 21B in relation to pension schemes has been drafted widely, which is helpful. Organisations which breach the ban may be liable to pay compensation to the victim, be subject to enforcement activity by the Information Commissioner’s Office and, as the Minister referred to, face a penalty of up to £500,000.

However, as has been pointed out, there are two exemptions to this ban and I have some questions and seek reassurance in this area. The first exemption is where the person being called has given consent. The second exemption is where that person has an existing client relationship with the caller, could “reasonably envisage receiving” direct marketing calls about pensions, and has been given the opportunity to refuse to receive cold calls from that organisation. In both cases, the caller must be either a trustee or manager of a pension scheme, or a firm authorised by the FCA. It is welcome that restricting the exemptions to those callers will reinforce the ban on unregulated lead generators calling about pensions.

My areas of concern, however, include that some individuals can still be vulnerable to being pressured into giving consent, or not actually understand that they are doing so. For example, if someone fails to tick a box they could be deemed to have given consent by inertia. Similarly, where these exemptions require that individuals be given the opportunity to refuse to receive direct marketing calls from an organisation, how robust will that opt-out process be? Can the Minister give further assurance on what standard is to be set for ensuring that a person has knowingly given consent to being cold called, and how will that be policed?

Similarly, where an exemption is allowed to the ban on unsolicited calls if the person being called has an existing client relationship with the caller, and could “reasonably envisage receiving” direct marketing calls about pensions, how is “reasonably envisage” to be interpreted? A pension saver may have an existing relationship with an FCA-authorised firm as the administrator of their pension scheme, but that does not mean that they should reasonably envisage receiving direct marketing calls about pension products which that firm may also sell through another of its divisions. Could the wording of the exemption from the cold-calling ban in some circumstances give that FCA-authorised firm a preferential market position over other product providers which have no existing relationship? Can the Minister clarify how paragraph (3)(b), which includes the phrase,

“the recipient might reasonably envisage receiving unsolicited calls for the purpose of direct marketing”,

will operate in practice?

My Lords, first, I again thank the noble Lord, Lord Bates, for his introduction; it makes a change not to be the expert in the room. I greatly welcome this legislation and have just a few points to make, some of which follow up on those made by the noble Baroness, Lady Drake.

As I understand it, much of the problem with cold calling is that the cold callers—in this case, the introducers—are offshore. We will not be able to get at those generators of leads and they will attempt to sell on their information, which at the moment they may do quite successfully. The UK buyer of those leads would then presumably be committing an offence by following them up with a cold call, on the assumption that the person buying the information is not already, for example, the financial adviser to the individual concerned. Those following up, having bought that information in this hypothetical case, would be subject to the penalty. They should therefore be too scared to do it, so nobody buys leads and offshore cold calling stops because they cannot sell their ill-gotten gains. I think that is how it is meant to work, but it would be good to hear that confirmed.

We still have to address the wider issues of cold calling, beyond protecting pensions. I hope that, having dealt with this issue, we will not think that it is “job done” and that is the end of it. Following the noble Baroness, Lady Drake, I shall look at some of the issues that were not dealt with after the consultation period. The first was the time limit for having given consent. If the case in question happened 20 years ago, it rests on whether a person would reasonably expect to be contacted. It is probably quite a sophisticated system if the caller has information about the person because they already have a policy, for example. It all sounds very formal, and they go through some kind of identity check. I understand that the reason for not doing anything was the fear of setting a wider precedent within the GDPR, but that is a common excuse that is used more widely.

There may be more that could be done in due course because there is also consent by inertia, which was mentioned by the noble Baroness, Lady Drake. Perhaps after a time lapse, instead of saying that someone is not allowed to make the call, there could be a halfway house of having to make sure that the person still consents to receiving calls, especially if they are on a related product rather than the product they have already been advised on. The existing client relationship could become very stretched, especially where one firm is taken over by another which has a wider suite of products on offer. A client might expect a much narrower relationship than would come from an enlarged entity. I am not sure that the recipient of a cold call stating that the caller is the successor of Bloggs and Co would know that the call should not perhaps have been made.

Ultimately, we may have to look at more than just pensions. If we are successful, that lucrative strand for the scammers and the cheaters will be closed off, but individuals who have diligently put money into ISAs—especially if they have put it into stocks and shares ISAs over the period since ISAs started—can have as much saved in them as they might have in a pension fund. So when these organisations start looking for where else they can swindle people, those might be next on their list.

I urge that we do not think that this is “job done”. This instrument is excellent as far as it goes, but it is a work in progress and we have to continue to keep an eye out for where the scams move to.

My Lords, subject to a satisfactory response from the Minister to the queries by the two noble Baronesses, I warmly welcome these regulations. I am sure many people will value the fact that cold calling is reduced, particularly in this important area.

I thank noble Lords for their questions. I will try to address the points that were raised. The noble Baronesses, Lady Drake and Lady Bowles, asked why we have not considered banning all cold calls. Pensions cold calling is a special case where levels of consumer detriment are particularly high. The Government are determined to tackle the scourge of nuisance calls, but a balance needs to be struck between ensuring that consumers are adequately protected and providing the right conditions for the legitimate direct marketing industry to operate. Government efforts are focused on taking action against companies that deliberately break the rules, not on penalising legitimate businesses that comply with the law.

The noble Baroness, Lady Bowles, made a specific point about extending this to cover all investments. The wording used—

“direct marketing in relation to … pension schemes”—

is broadly defined in the SI to capture the marketing of any investment product, not only conventional pension products, to be acquired using pension funds. However, it does not cover marketing in relation to funds held in other products that may serve to provide retirement benefits, such as a lifetime ISA, as this would go beyond the powers currently in the enabling Act. However I accept her point that our approach should be continued vigilance rather than claiming that it could never be changed in future.

The noble Baroness, Lady Drake, asked about the definition of “reasonably envisage”. It is drafted to set up an objective rather than subjective standard. It would be determined on a case-by-case basis. Consideration would be given to the nature of the firm with which there is a relationship. Is it the kind of firm that could provide pension services, for instance? She asked whether the exemption gives a preferential market position to those with an existing relationship. It enables consumers to hear from the existing provider and enables them to make informed decisions about their pensions.

It was suggested that the ban would be ineffective because it does not cover calls from overseas. The Information Commissioner’s Office has arrangements with international—including non-European—regulators to enable enforcement action where companies operating abroad make calls to the UK which would appear to be unlawful if made in the UK. Companies based in the UK which contract or instruct companies based abroad to make calls into the UK must comply with data protection legislation. In fact, this is a good moment to note that the PECR and this SI sit alongside the Data Protection Act 2018 and the GDPR in this respect.

The noble Baronesses, Lady Drake and Lady Bowles, raised a very fair point about potential inertia by people ticking boxes. We have all inadvertently done that or not done that, as the case may be. The GDPR provides a very high threshold for consent. Consumers cannot provide consent through a pre-ticked box. Consent must be actively given under the GDPR.

The noble Baroness, Lady Bowles, asked why the FCA is not prohibiting the use of personal data collected by third parties through cold calling. Organisations are already required to process or handle personal data in accordance with the Data Protection Act—a point which I have already made. The Data Protection Act 2018 and the GDPR include significantly stronger sanctions for breaches than the legislation they replaced. Processing data in contravention of data protection principles could attract fines of up to approximately £17 million, or 4% of the company’s global annual turnover, whichever is higher.

I do not know whether I have reached the threshold set by the noble Lord, Lord Tunnicliffe, for adequately responding to the questions. If I have not, I will be happy to write, but on the basis of what I have said I commend the regulations.

Motion agreed.