Privacy and Electronic Communications (Amendment) (No. 2) Regulations 2018 Debate
Full Debate: Read Full DebateLord Bates
Main Page: Lord Bates (Conservative - Life peer)Department Debates - View all Lord Bates's debates with the Department for International Development
(5 years, 11 months ago)
Lords ChamberThat the draft Regulations laid before the House on 1 November be approved.
My Lords, for most people in the UK, their largest financial asset will be their pension, which unfortunately makes pensions an attractive target for fraudsters. As I am sure the House is aware, pension scams have had devastating consequences. Scams can leave people to face retirement with limited income, unable to rebuild their pension savings. Cold calling is not only a nuisance but the most common method used to initiate pension fraud. I am aware of the strength of feeling on tackling cold calling from recent debates in this House and in Committee. According to Citizens Advice, the most recent statistics show that 97% of pension fraud cases brought to it originated from a cold call. That is why the Government are taking action to ban pensions cold calling.
Before we discuss the legislation I will present to the House today, allow me to briefly explain how the current system works. Currently, the Privacy and Electronic Communications Regulations 2003, or PECR, permit firms to cold call consumers for marketing purposes, subject to a couple of exceptions: where the consumer has notified the caller that they do not wish to receive such calls, or has listed their number on the telephone preference service. The current regime therefore permits cold calling unless a consumer has proactively opted out.
The purpose of the legislation under discussion today is to amend PECR in order to much more tightly restrict firms from cold calling consumers on their pensions. It does so by creating an explicit opt-in regime prohibiting all such calls unless one of two tightly drafted exemptions applies. Importantly, the exemptions do not apply to so-called introducers. Introducers are the marketing firms which seek to establish “leads” which they pass to financial advice firms. It is introducers who undertake the majority of pensions cold calling.
The ban will make it clear to consumers that any pensions cold call they receive from an unknown caller is illegal and likely to be a scam call, so they should hang up. To help future-proof the regulations, the definition of,
“direct marketing in relation to pension schemes”,
in the SI has been drafted widely. This will help to ensure that we capture new activities which may evolve in future, as well as activities that we know scammers already use today.
So that the ban does not have an unnecessary or disproportionate impact on legitimate activities, the Government have provided two narrowly defined exemptions. The first is where the consumer has given consent to a caller to receive direct marketing calls on their pensions. This exemption has been included so that consumers seeking information on pension products are able to do so. The SI is fully in line with the GDPR, which sets a high standard for consent.
The second exemption is where the consumer,
“has an existing client relationship with the caller”,
such that they would expect to receive such calls. This is so that individuals are able to receive information about investment opportunities from firms with which they have a client relationship. Crucially, the exemptions apply only where the caller is authorised by the Financial Conduct Authority or is the trustee or manager of a pension scheme. This means that there are no circumstances in which introducers, as defined, are permitted to call consumers on their pensions.
As many noble Lords will be aware, a similar ban on cold calling by claims management companies was implemented through the Financial Guidance and Claims Act 2018, which was skilfully taken through your Lordships’ House by my noble friend Lord Young, who joins me on the Front Bench this evening. The present SI has been drafted so as to achieve a consistent approach to both bans. The ban will be enforced by the Information Commissioner’s Office, a world leader in the protection of information rights. The Information Commissioner’s Office has tough enforcement powers, which include fining offenders up to £500,000. From 17 December 2018, directors of companies making unlawful calls may be personally liable for penalties of up to £500,000.
The Government are working with partners across the public, private and charity sectors to ensure that news of the ban reaches as many people as possible. To support the industry to keep within the law, the Information Commissioner’s Office will publish updated guidance when the ban comes into force. I will take this opportunity to thank stakeholders across the industry and the third sector for their helpful comments on the drafting of the regulations through consultation over the summer. As a consequence, I am pleased to say that we have a set of regulations which our stakeholders can get behind.
In summary, the Government believe that the proposed legislation is necessary to tackle the scourge of pension scams and help protect customers and consumers from pension fraudsters. I hope that noble Lords will join me in supporting these regulations and I commend them to the House.
My Lords, I welcome these regulations, which restrict firms in cold-calling individuals regarding their pension schemes. The Explanatory Memorandum was clear and helpful in setting matters out. This was a point of considerable concern during the passage of the Financial Guidance and Claims Act 2018, when the Government gave a commitment to ban cold calls on pensions. It is pleasing to see the product of that commitment in these regulations.
As we all know, the threat of pension scams—in fact, the threat of financial scams—is a growing problem. The scale of these unsolicited calls and the number of people impacted is alarming. The estimates from the Money Advice Service indicate that there are 250 million scam calls per annum. Most cases involving pension scams start with cold calling and if someone is scammed out of their pension savings, the effect can be not only devastating but lifelong and irreversible. Scams can originate from sources other than onshore cold callers—for example, from social media and offshore callers—but these regulations will make a significant contribution to protecting individuals. I acknowledge that there are many positives in the regulations. The definition of direct marketing set out in paragraph (5) of new Regulation 21B in relation to pension schemes has been drafted widely, which is helpful. Organisations which breach the ban may be liable to pay compensation to the victim, be subject to enforcement activity by the Information Commissioner’s Office and, as the Minister referred to, face a penalty of up to £500,000.
I thank noble Lords for their questions. I will try to address the points that were raised. The noble Baronesses, Lady Drake and Lady Bowles, asked why we have not considered banning all cold calls. Pensions cold calling is a special case where levels of consumer detriment are particularly high. The Government are determined to tackle the scourge of nuisance calls, but a balance needs to be struck between ensuring that consumers are adequately protected and providing the right conditions for the legitimate direct marketing industry to operate. Government efforts are focused on taking action against companies that deliberately break the rules, not on penalising legitimate businesses that comply with the law.
The noble Baroness, Lady Bowles, made a specific point about extending this to cover all investments. The wording used—
“direct marketing in relation to … pension schemes”—
is broadly defined in the SI to capture the marketing of any investment product, not only conventional pension products, to be acquired using pension funds. However, it does not cover marketing in relation to funds held in other products that may serve to provide retirement benefits, such as a lifetime ISA, as this would go beyond the powers currently in the enabling Act. However I accept her point that our approach should be continued vigilance rather than claiming that it could never be changed in future.
The noble Baroness, Lady Drake, asked about the definition of “reasonably envisage”. It is drafted to set up an objective rather than subjective standard. It would be determined on a case-by-case basis. Consideration would be given to the nature of the firm with which there is a relationship. Is it the kind of firm that could provide pension services, for instance? She asked whether the exemption gives a preferential market position to those with an existing relationship. It enables consumers to hear from the existing provider and enables them to make informed decisions about their pensions.
It was suggested that the ban would be ineffective because it does not cover calls from overseas. The Information Commissioner’s Office has arrangements with international—including non-European—regulators to enable enforcement action where companies operating abroad make calls to the UK which would appear to be unlawful if made in the UK. Companies based in the UK which contract or instruct companies based abroad to make calls into the UK must comply with data protection legislation. In fact, this is a good moment to note that the PECR and this SI sit alongside the Data Protection Act 2018 and the GDPR in this respect.
The noble Baronesses, Lady Drake and Lady Bowles, raised a very fair point about potential inertia by people ticking boxes. We have all inadvertently done that or not done that, as the case may be. The GDPR provides a very high threshold for consent. Consumers cannot provide consent through a pre-ticked box. Consent must be actively given under the GDPR.
The noble Baroness, Lady Bowles, asked why the FCA is not prohibiting the use of personal data collected by third parties through cold calling. Organisations are already required to process or handle personal data in accordance with the Data Protection Act—a point which I have already made. The Data Protection Act 2018 and the GDPR include significantly stronger sanctions for breaches than the legislation they replaced. Processing data in contravention of data protection principles could attract fines of up to approximately £17 million, or 4% of the company’s global annual turnover, whichever is higher.
I do not know whether I have reached the threshold set by the noble Lord, Lord Tunnicliffe, for adequately responding to the questions. If I have not, I will be happy to write, but on the basis of what I have said I commend the regulations.