The Privacy and Electronic Communications Regulations implement an EU Directive of last year, and will come into force on 11th December. The EU's implementation deadline was 31st October.
In summary the Regulations:
- Require businesses to gain prior consent before sending unsolicited advertising e-mail to individuals. This consent must be explicitly given on an 'opt-in' basis by all, except where there is an existing customer relationship;
- Network operators and their partners will be able to provide subscription and advertising services based on location and traffic data to their customers. There is no restriction on the type of services that may be provided as long as subscribers give their consent and are informed of the data processing implications, and;
- Ensure stronger rights for individuals to decide if they wish to be listed in subscriber directories. Clear information about the directory must also be given, e.g. whether further contact details can be obtained from just a telephone number or a name and address.
The Government has also announced its intention to extend the Telephone Preference Service to corporate subscribers next year.
This means that all businesses as well as individuals will be able to opt-out of phone marketing. The move is backed by the British Chambers of Commerce and the Federation of Small Businesses.
The Office of the Information Commissioner will enforce the regulations by issuing enforcement orders to those who do not comply with the new rules.
A breach of these orders will be a criminal offence carrying a fine of up to £5,000 in a magistrate's court, or an unlimited fine if the trial takes place before a jury.
In addition, anyone who has suffered damages because the regulations have been breached has the right to sue the person responsible for compensation.
Announcing the new rules, Communications Minister Stephen Timms said:
"These regulations will help combat the global nuisance of unsolicited e-mails and texts by enshrining in law rights that give consumers more say over who can use their personal details."
Critics are not so sure. Apart from the fact that most spam originates outside Europe, the rules only protect individual subscribers and leave commercial subscribers – and their employees - open to spam e-mail and text messages.
This, say the critics, will have the effect of legitimising spam sent to businesses, which is likely to increase the volume sent – not reduce it.
Enforcement may also be a problem. The Information Commissioner, who currently supervises the enforcement of Data Protection rules in the UK, is expected to take on the additional task of enforcing the Privacy and Electronic Communications rules, without any increase in the powers he currently holds.
According to vnunet.com, the Commissioner said in a statement, "I am pleased at the DTI's commitment to review the enforcement powers of my office, but am disappointed that it has not been possible to introduce new powers from the outset".
He added, "I am calling for stronger powers to allow my office to take swifter action where necessary."
There are also fears that, as the new rules will have no influence over the flood of spam that comes into the UK from overseas, they will have little impact.
According to anti-spam group, the Spamhaus Project:
"Britain's much anticipated anti-spam law has been rendered toothless and will now do very little if anything to stop spam in the UK, instead it will create more confusion and misery for British businesses with spammers now insisting that spamming them is legal.
"Any legislation banning spam is a step in the right direction, it's a pity Britain decided to take such a baby step and with such gaping loopholes."
The Information Commissioner will be issuing guidance on the Privacy and Electronic Communications rules in the near future.