Out-Law Analysis 6 min. read
01 Oct 2014, 11:05 am
The FCA is seeking views, until 6 November, on the regulatory implications of financial promotions made in a social media context. In its consultation document the FCA has sought to provide practical guidance in helping firms draw the line between financial promotions – invitations to engage in financial activities, and other forms of online communication. The existence of this consultation may explain why so little attention was given to social media in the retail investment advice guidance consultation.
The FCA’s social media consultation is not only relevant to financial promotions, but also may have relevance to the discussion of what constitutes financial advice. Its views on what amounts to influence and persuasion in the context of financial promotions are worth considering when assessing whether or not digital information presented has the potential to influence a customer’s decision to enter into an online transaction. Therefore even firms that do not intend to actively engage with social media should be aware of the content and outcomes of this consultation.
In respect of this consultation the regulator has already been criticised for not providing more clarity as to the circumstances in which a communication in a social media context may be considered a financial promotion. In our view however, this criticism may be overstated. Erring on the side of taking a principled-based approach, in the consultation the FCA avoids the danger of setting out prescriptive rules that may too quickly become outdated or unsuitable as innovative technologies progress.
In terms of practical assistance, the FCA has highlighted at least 10 matters for firms to consider when communicating through social media:
The FCA has identified social media compliance as one aspect of its overall approach to advancing its regulatory objectives, which in some circumstances it intends to address through the use of enforcement powers. Therefore in addition to its close relation to the advice guidance consultation, firms have good reason to revisit their approach towards social media compliance.
Further rules for both advice and other digital services and communications
Whether providing financial advice or communicating via social media, businesses operating in the financial services sector need to ensure that they comply with all applicable online, data and communications laws.
Any business engaging with a customer online for financial products or services must comply with EU laws that set out common standards for information to be given to consumers before any contract for a financial product or service is entered into. This information should include details about the firm itself, the service provided, the online contract formed and means of dispute resolution. These laws also provide consumers with withdrawal rights in some circumstances.
Data protection laws must be met. Risks arise particularly where information has been gained in one context and the firm intends to use it for another. Dealing with these risks is best achieved by being transparent as to the current and future intended uses of data. The current data protection regime does not however, require that businesses obtain consent from each customer to use their personal data in all instances. If a financial business can identify a legitimate business interest that does not ‘override’ their customers’ ‘fundamental rights and freedoms’, including data privacy, they may be able to use that person’s data without their consent. Where data is to be used in a context that could lead to an adverse inference being drawn about a customer however, in general, the expectation of most regulators is that consent must first be obtained.
The Article 29 Working Party, a representative body of data protection regulators across Europe has provided recent guidance on the issue of the circumstances in which data can be used for purposes to which the persons to whom they relate have not consented. Unfortunately, the opinion gave little in the way of practical steps that businesses can take to determine when a business interest will override a person’s right to privacy. It does however state that where there is “a risk of damaging the reputation, negotiating power, or autonomy of the data subject” it would be difficult to demonstrate that a business’ legitimate interests overrode those of a customer. Businesses looking to use data about customers generated in the contexts of either providing online advice or social media need to be aware that their ability to do so is limited if specific consent has not been obtained for the purpose for which the data are intended to be used.
Businesses operating in the financial services sector must also consider the impact of the Privacy and Electronic Communications Regulations (PECR) when engaging with existing and potential customers online. Among other things, PECR permits unsolicited email and online communications to be sent only in limited circumstances, the broadest of which is where a prior relationship between the sender and the recipient of a communication can be established. PECR provides that for a prior relationship to be established the recipient’s contact details must have been obtained “in the course of the sale or negotiations for the sale of a product or service” and that the communication must relate to “similar products and services only”. While the Information Commissioner’s Office’s guidance indicates that “[i]t is enough if ‘negotiations for a sale’ took place” and that “[t]he customer does not have to have bought anything to trigger [a] soft opt-in”, a recent lower court decision has cast doubt on the reliability of this guidance in the context of web communications.
In a decision against John Lewis one lower court recently found that browsing a website, registering an email address and not un-ticking a pre-ticked box (a soft opt-in) were not sufficient circumstances to establish that negotiations for the sale of a product or service were taking place. John Lewis has confirmed that it will not appeal the decision as the damages awarded were trivial. But the decision highlights that uncertainty remains as to the effectiveness of common website practices such as pre-populating product forms and soft opt-in mechanisms when communicating with clients online. What is clear though is that marketing on the basis of an opt-in mechanism that attempts to cross-sell products or services that are not similar to those that a client has already purchased or is considering will almost always be ineffective in meeting the PECR requirements.
These are of course, only a few examples of a vast array of laws that businesses must take into account when engaging with a customer online.
John Salmon and Luke Scanlon are technology and financial services experts at Pinsent Masons, the law firm behind Out-Law.com. This article first appeared in a white paper by Pinsent Masons addressing different aspects of the FCA's consultation.
This article first appeared in a white paper by Pinsent Masons addressing different aspects of the FCA's consultation. You can also see our analyses of retail investment advice; 'Project Innovate'; digital technology; social media and financial advice, the barriers to simplified advice; pensions product advice, the FOS as a barrier to innovation, and local authority duties to advise on social care funding.