Background
On 18 July 2023, the Information Commissioner’s Office (“ICO”) and Financial Conduct Authority (“FCA”) issued a joint statement in response to queries from some firms regarding whether UK data protection laws prevented sending communications to customers about better savings rates. In the joint letter, the ICO and FCA confirmed that data protection and direct marketing laws do not prevent organisations from sending such “regulatory communications”.
Summary
The joint letter reiterates the ICO’s existing direct marketing guidance on regulatory communications (here), and confirms that firms can provide “regulatory communications” to all savings customers provided such communications are neutral and provide factual information. For example, information about the interest rate and terms of the savings product the customer holds, the interest rate and terms of other available savings products, and what the customer’s options are for moving to another product.
The joint letter makes clear that the Privacy and Electronic Communications Regulations 2003 (“PECR”), UK GDPR and Data Protection Act 2018 do not stop firms from sending these types of regulatory communications. This is because such communications are requested or required by a statutory regulator. In this context, it is under the FCA’s Consumer Duty, which aims to ensure customers are given information they need, at the right time, and presented in a way customers can understand. The joint letter notes that to comply with the Consumer Duty, firms need to “make savings customers sitting on low rates aware of higher rate products the firm has that may better serve their financial objectives”.
Next Steps
The joint letter confirms that in practice regulated firms can send such regulatory communications to “all their savings customers that provide neutral, factual information about the interest rate and terms of the savings product they hold, the interest rate and terms of other available savings products, and what their options are for moving to another product”.
The FCA will be “paying close attention to firms’ engagement strategies to support their savings customers to achieve good outcomes. At the end of July, the FCA will report its updated view of how well the cash savings market is supporting customers”.
From a data protection perspective, this joint letter is helpful for firms regulated by the FCA by clarifying the position regarding data protection and direct marketing laws in relation to sending communications to customers to comply with the Consumer Duty.
In addition, this letter serves as a useful reminder of the ICO’s existing guidance on regulatory communications. The ICO guidance applies to other regulated sectors in addition to finance such as the pensions, communications, and energy sectors. Therefore, in practice organisations that intend to send communications to all customers to comply with a regulatory obligation should be mindful of the ICO’s guidance on regulatory communications, particularly regarding the tone and information contained in the email or other communication.
