UK Government Proposes Heavy Fines for Spam Calls and Texts

Businesses which use illegal calls and texts to market their services will face greatly increased fines if the UK government succeeds in having its new Data Reform Bill passed by parliament. The new maximum penalty for unsolicited spam calls and texts would be the greater of 4 percent of the company’s global turnover and GBP17.5mn (USD21.4mn). This represents a substantial increase on the current maximum fine of GBP500,000 (USD611,000). The proposed changes to law were welcomed by the Information Commissioner’s Office (ICO), which would be responsible for levying these fines.

The Conservative government has drawn attention to these tough penalties on spam communications partly to offset the criticism it is receiving for watering down data protection obligations within the same bill. Brexit created the opportunity for the UK’s data protection regime to deviate from the European Union’s GDPR regulations, with the ostensible motivation being to reduce burdens on business. The most noticeable impact the new law would have on ordinary Brits is that they will no longer have to click on messages asking for permission to use cookies whenever they visit a new website.

It is debatable whether stiffer penalties will change the number of spam calls and texts received by the British public. ICO has always been an under-staffed, under-resourced agency run by career civil servants who do not want to admit their agency cannot possibly give adequate attention to the tens of thousands of data protection and freedom of information complaints it receives each year. ICO has an annual budget of slightly under GBP60mn, and almost 90 percent of its funding comes from the fees businesses must pay just to register the fact that they process data. In other words, ICO was designed from inception to perform its enforcement duties without relying on money raised through general taxation. This effectively limits how many infringements ICO can investigate, how many fines it can impose, and the extent to which fines are collected. A November 2021 study by MobileMarketing found ICO issued only 47 fines during the first 9 months of 2021, although more than a million organizations have registered their activities with ICO. The study also found that less than half of those fines had been paid, with fines for SMS spam being the least likely to be collected in practice.

The Data Reform Bill does include some sensible improvements to legislation that will help to reduce spam. The rules for ICO enforcement activity would be changed so they reflect the number of calls dialed by offenders and not the number of calls they succeeded in connecting. It would be daft to continue to focus on the number of calls received by victims whilst encouraging telcos to use automation to block more calls. Comms providers will also have a new obligation to tell ICO about suspicious levels of traffic on their network. This will help to encourage more consistency in the handling of spam and fraudulent traffic. Laggard telcos will be less inclined to excuse themselves by claiming they were unaware of the criminal abuse of their networks if competitors can demonstrate they are capable of identifying the same kinds of scams from the same kinds of sources.

One part of the Data Reform Bill that is not receiving sufficient attention are the proposed changes to make it easier for politicians to spam members of the public. The UK has always treated campaign communications from politicians just like any other marketing calls and messages, which means the recipient must have explicitly agreed to receive them. The danger is there will be bipartisan support – and hence no meaningful public debate – about changing these rules with the intention of ‘supporting democratic engagement’. This is a euphemism for politicians recording messages that tell people how to vote whilst begging for donations. The new bill will erode a key barrier to political spam by allowing politicians to make calls and send messages to anyone who accepts a ‘soft opt-in’. This is another euphemism; it means voters will receive spam from politicians and political parties if they have previously communicated with them in some way (attending a meeting, signing a petition) but failed to notice and tick an opt-out box shown in small print at the bottom of some paperwork.

Expanding the permitted use of phone calls and text messages will lead to abuse by political activists. The typical defense will see activists portraying themselves as well-meaning amateurs who made an honest mistake. Legal limits on campaign expenditure mean British political campaigning is healthily amateur when compared to the cynical professionalism of much more expensive campaigns found in other countries. However, this amateurism means there also has to be realism about stipulating rules that rely on the judgment of the people who are supposed to respect those rules in practice. The problem with breaking rules like these is that the penalty may seem unimportant if it only comes long after the robocalls and robotexts have influenced how people voted. Trust in the democratic process will be eroded if the public believes somebody won an election and remains in office because of the deliberate breaking of rules that prohibit automated calls and messages. A simple blanket ban would be much safer.

It is clear why the ruling Conservative Party would like to make more use of robocalls for political campaigning. The statistics show their party is suffering a long-term decline in membership. This means they increasingly struggle to persuade volunteers to knock on doors during election campaigns, so it would be to their advantage to use more automated calls to reach voters instead. However, the most prominent example of a British politician ignoring laws that prohibit automated phone calls is a member of Labour’s shadow cabinet; David Lammy MP was fined GBP5,000 for making illegal robocalls in 2015. Lammy excused himself by saying he was unaware he needed permission from everybody who received the 35,629 robocalls placed on his behalf. The introduction of a ‘soft opt-in’ will lead to many more politicians claiming they only broke campaigning rules inadvertently. We will see how much politicians really care about protecting the public from nuisance calls when we see which of them opposes another significant change introduced by the Data Reform Bill: the inclusion of new regulatory powers which mean Parliament can create new exceptions to the rules preventing marketing spam without needing to go to the effort involved in passing a new law.

The sad truth is that many of the changes included in the Data Reform Bill show British politicians have not learned from mistakes made in the USA. Politicians on both sides of the Atlantic (and both sides of the political divide) appear to care more about gimmicks to win votes than the long-term harm caused by their policies. Just like the USA, the UK will have more noisy news headlines about big fines whilst nobody pays attention to how few fines are levied in general and how rarely those fines are collected. This will give the public the impression that their rights are being diligently defended even though the agencies responsible for catching and punishing criminals lack the resources to pursue more than a few of the worst offenders, and only when those criminals are situated in countries where the local authorities are unusually helpful. Political robocalls and robotexts are so unpopular that a recent survey by Transaction Network Services said 79 percent of Americans want political robocalls and robotexts to be banned, but the UK’s politicians will emulate the double standards found in the USA by making it easier for politicians to spam British voters.

There are clear signs that the US strategy for reducing nuisance calls will focus on imposing heavy punishments on legitimate telecoms businesses precisely because they are easy targets who can be expected to pay their fines. US politicians lack the will to put resources into chasing, deterring, and ultimately crushing the offenders who are the source for the worst large-scale frauds. It seems that UK politicians have noticed how US politicians can use the issue of phone and messaging spam to increase their popularity even though their policies fail to deliver any reduction in spam, and so have decided to copy from the US playbook. This will result in some bigger fines that will please the general public whilst helping to pay the costs of regulators like ICO. But distracting the public is the worst way to tackle the root cause of spam. The total amount of spam will always increase if the worst spammers can see they never need to fear punishment because none of the modest resources put into enforcement are ever targeted at them.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.