Embed Size (px)
Citation preview
This Month’s Headlines • Nintendo, Xbox & PlayStation’s customer
retention techniques under scrutiny • The CMA blocks the Sainsbury’s-Asda merger • Bounty fined £400k for pre-GDPR data
protection abuses • Pensions firm fined £40k despite getting
advice from specialist consultants and lawyers
• Funeral plan firm fined for calling TPS numbers
• Data cleanse leaves TPS file numbers 4m down vs 2018
Compliance Newsletter May 2019
Compliance News for Busy People
The CMA is often in the news for its headline activities – such as the decision to block a merger of Sainsbury's and Asda – but equally important can be the implications on businesses across sectors of both its decisions and the business areas it chooses to investigate. When planning how to attract and retain customers in the best way you can, having an insight into the way the UK’s arguably most influential and powerful market regulator can be invaluable.
CMA’s ruling blocking the Sainsbury’s-Asda merger is unequivocal and identifies a series of linked areas for potential consumer harm if the merger had gone through: • Increased grocery prices • Increased petrol prices • Online and offline Full details are here: www.gov.uk/government/news/cma-blocks-merger-between-sainsburys-and-asda
Online console video gaming investigation 5 April – “The CMA has today launched a consumer law investigation into the auto-renewal practices of Nintendo Switch, Playstation and Xbox”. The investigation will look at roll-over renewals of subscription contracts and the ease of cancellation. This is the 2nd investigation after Citizen’s Advice’s 2018 ‘super complaint’ about loyalty treatments (the first was an investigation into anti-virus software providers and how they treat customers, which was launched at the end of 2018 and is ongoing) www.gov.uk/cma-cases/online-console-video-gaming Obviously the video gaming console market is narrow and doesn’t directly affect many businesses. However, Sony, Microsoft and Nintendo have all developed impressive businesses and revenue streams based on attracting and retaining customers as paying members. When so many businesses across sectors are developing membership and subscription business models, the implications of this investigation could be significant.
Trading Standards may appear to be the low-brow, provincial cousin of the CMA and of little concern to the better class of person who reads this Newsletter. Perhaps that’s the case and we’d hope that cases like that of the jailing of an exploitative door-to-door fishmonger using intimidatory sales tactics (www.nationaltradingstandards.uk/news/time-behind-bars-for-doorstep-criminal/ ) don’t reflect the way you run your business. However, Trading Standards’ campaigns and investigations can be a useful indictor of consumer concerns and vulnerabilities, We plan to come back to this in future months.
CMA action on Hotel Booking sites Expedia, Booking.com, Agoda, Hotels.com, ebookers and trivago .. e.g Search results: making it clearer how hotels are ranked after a customer has entered their search requirements, for example telling people when search results have been affected by the amount of commission a hotel pays the site. Pressure selling: not giving a false impression of the availability or popularity of a hotel or rushing customers into making a booking decision based on incomplete information. For example, when highlighting that other customers are looking at the same hotel as you, making it clear they may be searching for different dates. The CMA also saw examples of some sites strategically placing sold out hotels within search results to put pressure on people to book more quickly. Sites have now committed not to do this. Discount claims: being clearer about discounts and only promoting deals that are actually available at that time. Examples of misleading discount claims may include comparisons with a higher price that was not relevant to the customer’s search criteria. For example, some sites were comparing a higher weekend room rate with a weekday rate or comparing the price of a luxury suite with a standard room. Hidden charges: displaying all compulsory charges such as taxes, booking or resort fees in the headline price. Sites can still break that price down, but the total amount the customer has to pay should always be shown upfront. www.gov.uk/government/news/hotel-booking-sites-to-make-major-changes-after-cma-probe
ICO Enforcement Actions
Grove Pension Solutions of Sevenoaks, Kent, has been fined £40,000 by the ICO for sending 2 million unsolicited marketing emails from October 2016 to October 2017, in contravention of the PECR regulations. Some interesting aspects of this case:
There have been three ICO enforcement cases in the customer facing world over the past few weeks – and all three have interesting features: • Taking guidance from specialist data protection consultancies and lawyers is no guarantee of
compliance – or immunity of regulatory actions (Grove) • Having ‘cleared the decks’ and got your organisation ready for the GDPR in the first half of 2018 doesn’t
mean you won’t be fined and reprimanded for non-compliant actions beforehand (Bounty) • If you’re not following data protection rules then you maybe need to be as afraid of the Mail on Sunday
as the ICO (Avalon)
Bounty (UK) has been fined £400,000 under the 1998 Data Protection Act for sharing individuals’ personal data without informing them.
• The ICO was initially alerted to Grove’s activities by the FCA • Grove used a network of affiliate marketers which provided ‘hosted’ email
marketing channels and typically acquired consumer records through testing and competition sites (see left)
• The ICO acknowledged that Grove sought the guidance of a specialist data protection consultancy and an independent data protection solicitor. But by implication the ICO thought their professional advice was incorrect
ww.ico.org.uk/media/action-weve-taken/mpns/2614585/grove-pensions-mpn-20190326.pdf
This is the joint second highest fine imposed by the ICO – its recent £0.5m fine of Facebook (which is being appealed) being the highest. The full notice is given here: www.ico.org.uk/media/action-weve-taken/mpns/2614757/bounty-mpn-20190412.pdf but there are some specific features of the case worth highlighting:
ePrivacy Regulation
Although there’s still a desire in Brussels to get the ePrivacy Regulation text finally agreed before the next round of EU Parliamentary elections in late May, this hasn’t happened yet.
There haven’t been any further instances of the government’s Insolvency Service taking action against the directors of companies which have been subject to ICO enforcement action but haven’t paid the fines since the former director of a firm making pre-recorded PPI messages was banned for 8 years in March. However, as nearly half of the ICO’s fines go unpaid, it’s probably safe to say there will be more soon…
• Bounty – which provides expectant and new parents with support services, including ‘Bounty packs’ of free product samples – came to the ICO’s attention as part of an investigation into the data brokerage market. Bounty used to act as a provider of 3rd party data
• Bounty’s supply of data was on a massive scale. It had a database of 17 million unique records and shared nearly 35million to 39 organisations – including Equifax, Acxiom & Sky – between July 2017 and April 2018
• Although Bounty’s online data capture processes had marketing preference options, the ⅔ of members acquired offline had no way of opting out of Bounty’s (non-specific) data sharing
• Despite Bounty stating that it never shared children’s data with third parties, the ICO judged that sharing babies’ date of birth and gender data would allow third party organisations to append it to other existing data to better identify children
• Overall, Bounty radically changed its business model and approach to personal data in the lead-up to the GDPR, but the ICO’s enforcement focused on the prior period
Avalon Direct Limited (previously trading as Plan My Funeral Avalon), based just down the road from the ICO in Wilmslow, has been fined £80,000 for making unsolicited marketing calls to numbers registered on the TPS. Avalon made over 2m attempted calls over a period in 2017, 134,000 of which connected. Of these, 52,000 were TPS registered. • The ICO investigation was triggered by a critical article
in the Mail on Sunday in November 2017. The ICO contacted Avalaon the day after the MoS article appeared
• At the time, two of Avalon’s director’s had already been subject to ICO enforcement for a different matter – and as they were also directors of Avalon’s lead supplier the ICO feels that they, at least, should have understood the law…
• As the calls were about funeral planning the ICO considered that the recipients may have been especially vulnerable
www.ico.org.uk/media/action-weve-taken/mpns/2614789/avalon-mpn-20190412.pdf
The ICO’s big annual Data Protection Practitioners’ Conference took place in Manchester on 8th April. There were some interesting contributions and discussions (see www.ico.org.uk/dppc2019).
One specific cause for concern from the ICO was the increase in complaints it is receiving – up 98% in the wake of the GDPR and 2018 Data Protection Act.
Given the increase in public awareness of data protection concerns over the past couple of years, a doubling of complaints to the regulator doesn’t seem very surprising. But if you want to ease the pressure on the ICO, have a look at the checklist they helpfully distributed at the Conference
Ofcom has published its 2019/20 Annual Plan.
Unsurprisingly, given the scope of Ofcom’s responsibilities, generic consumer-related issues (including ‘nuisance calls’ ) don’t feature in Ofcom’s 9 priorities.
The Plan’s reference to Nuisance Calls effectively proposes the continuance of ‘business as usual; for Ofcom:
The Telephone Preference Service’s data cleansing exercise, which started in January 2018, has resulted in a significant drop in the volume of TPS registered numbers. As you can see, below, now that the bulk Landline and then Mobile data cleanses have been completed, the file size is stable at around 19m – nearly 4 m numbers less than at the total at the start of last year.
18,000,000
19,000,000
20,000,000
21,000,000
22,000,000
23,000,000
Axi
s Ti
tle
TPS File Size - 2018-19
Bulk landline cleanse Bulk mobile cleanse
In the world of payments, there are a number of changes and potential challenges underway. For organisations which take card payments over the phone, awareness of the Payment Cards Industry (PCI) Security Standards Council’s updated Guidance for Phone-Based Card Payments from late 2018 remains patchy (www.pcisecuritystandards.org/documents/Protecting_Telephone_Based_Payment_Card_Data_v3-0_nov_2018.pdf)
In parallel, the EU’s 2nd Payment Services Directive (PSD2) and the new requirements for Secure Customer Authentication (SCA) aim to reduce remote payment fraud, but will have a significant impact of online merchants and customers. As is so often the case, businesses need to take care not to sacrifice their customer experience in order to meet regulatory and contractual requirements
One new tribunal decision from the PSA, this month. Best VIP Games’ owner, Inter Inventory Company Ltd, has been fined £375,000 for running an unregistered gaming subscription
Pro Money Holdings which traded as Comphouse Competitions was previously subject to a £50,000 fine and a reprimand by the PSA in March 2018 for unfairly operating its chargeable competition service. However, a year later Pro Money has still not paid the fine or provided refunds to subscribers, so has been further banned from providing premium rates services for 8 yaers: www.psauthority.org.uk/news/news/2019/april/pro-money-holdings-breach-of-sanctions The original PSA investigation was triggered by 47 consumer complaints and series of stories in the Mail on Sunday
1St April marked the start of PSA’s price cap on calls to 118 (Directory Enquiry) numbers, after which date all calls to will be limited to £3.65 per 90 seconds
service. Best VIP Games generated 161 complaints to the PSA in 2017/18 from consumers who said they hadn’t signed up and/or continued to be billed £4.50/week after they cancelled the service. Best VIP has also been ordered to refund all former customers who request a refund: www.psauthority.org.uk/-/media/Files/PSA/00NEW-website/Tribunal-adjudications/2019/Inter-Inventory-135934_Redacted.ashx?la=en&hash=68854822B0AFC05C4575DD4BBE9096736D9CF4B5
The FR has published its 2017/18 Complaints Report, which looks at both fundraising complaints made to the Regulator directly and the reported complaints received by the 58 charities spending the most on fundraising.
The biggest cause of complaints was the content of fundraising communications, but the following two reasons are more relevant to the Contact Centre audience: • Failing to manage supporters’ data properly (and
frequently not fulfilling requests to cease contact)
• Poor complaint handling
The FR also shared guidance from the Royal Mail about stamp fraud. Which is a thing, apparently: http://www.fundraisingregulator.org.uk/more-from-us/news/old-stamps-new-tricks-how-avoid-stamp-fraud?utm_source=newsletter&utm_campaign=stamp-fraud-blog-01&utm_medium=email
It Can Happen to the Best of Us Finally, it would be a shame not to share this article from The Register:
Subscribe here http://eepurl.com/gqxzw5 and you’ll receive next month’s newsletter in June.
