Steeper UK Fines for Nuisance Calls and Texts Inch Closer

The UK Government’s Technology Secretary, Michelle Donelan MP, will today re-introduce the new Data Protection and Digital Information Bill (DPDI No.2) to parliament, which among other things will increase fines for nuisance calls and texts to be either up to 4% of global turnover or £17.5 million, whichever is greater.

The telecoms regulator, Ofcom, has estimated that nearly 41 million UK people may have received suspicious or scam calls and text messages last summer (here), which usually ends up duping a tiny proportion of the recipients (around 700,000). This might seem like a small proportion, but that’s all the scammers need to make it viable. The financial harm it causes to such people is not to be underestimated.

Nuisance calls typically include unsolicited direct marketing calls (live and recorded), silent calls and abandoned calls. Scam calls also come in all sorts of different forms, from people claiming that your computer has been infected with viruses, to those pretending to represent your bank, HMRC, delivery firms or the NHS etc. We’ve all had them.

Most of the major home phone, broadband ISP and mobile network operators have already implemented technical measures to tackle Nuisance Calls, but these aren’t always 100% effective and there are still plenty of operators that could potentially do more, especially some smaller players.

What will the new bill do?

The DPDI Bill, which was first introduced last summer before being “paused in September 2022 so ministers could engage in a co-design process with business leaders and data experts” (i.e. this bill is technically a new one called – The Data Protection and Digital Information Bill (No. 2)), won’t fix everything. But it will increase fines for nuisance calls and texts.

At present the current maximum fine is £500,000. But under the new bill those organisations that engage in such practices could face fines worth up to 4% of global turnover or £17.5 million, whichever is greater. This will be overseen by the Information Commissioner’s Office (ICO).

A quick glance over the previous Bill’s explanatory notes suggests that the government has also amended the definition of “calls” to make it clear this will include all calls, whether or not they connect with the intended recipient (e.g. calls blocked by an operator will still be counted as part of the problem).

The definition of a “communication” has similarly been amended to “make it clear it covers communications, such as texts and emails, which are ‘transmitted’“. The previous definition only covered communications that were “exchanged or conveyed“, which implied they needed to reach their intended recipient.

All of this would be underpinned by a new duty on communication providers, which would require them to report when they have identified “suspicious traffic” (calling, texts etc.) transiting their networks. “An example of this might be where a very high number of calls originate within a very short space of time from the same number or from a small batch of numbers,” said the government last year.

Michelle Donelan, Science, Innovation and Technology Secretary, said:

“Co-designed with business from the start, this new Bill ensures that a vitally important data protection regime is tailored to the UK’s own needs and our customs.

“Our system will be easier to understand, easier to comply with, and take advantage of the many opportunities of post-Brexit Britain. No longer will our businesses and citizens have to tangle themselves around the barrier-based European GDPR.

Our new laws release British businesses from unnecessary red tape to unlock new discoveries, drive forward next generation technologies, create jobs and boost our economy.”

One challenge here is that most such calls and texts tend to originate from outside the UK, which may dampen the impact of these changes. However, Ofcom are currently working with telecommunications providers to stop some of this by tackling the use of fake phone numbers and spoofed calls (here). But this is a complicated area to get right (i.e. the risk of catching legitimate calls) without wider international cooperation.

In the meantime, if you’ve received a scam call, you can report it to Action Fraud, which is the reporting centre for fraud and cybercrime in England, Wales and Northern Ireland. Reports of fraud and any other financial crime in Scotland should be made to Police Scotland via 101. Meanwhile, anyone who receives a suspicious text message should report it by forwarding the message to 7726, which directs the message to your operator.

The Bill will also establish a framework for the use of trusted and secure digital verification services, which allow people to prove their identity digitally if they choose to do so. The measures will allow customers to create certified digital identities that make it easier and quicker for people to prove things about themselves. This may sound useful, but any talk of digital ID solutions tends to garner a mixed reception.

At the time of writing, we haven’t yet had a chance to see the text of the revised DPDI bill, although in respect to nuisance calls and texts, it’s not expected to make any other big changes to those that were first tabled last summer.