The ICO has been busy recently, fining companies and issuing penalty notices for sending spam messages and making unsolicited calls. We are all plagued by ‘nuisance’ calls and texts despite the law being very clear indeed that consent is required for any direct marketing activities by electronic means. I have found that when questioned (and yes, I do put them on the spot) companies are telling me that I have ‘almost certainly ticked a box somewhere which has given permission to us calling you’. I remind them that that is not sufficient with the Privacy and Electronic Communications Regulations (PECR) nor will it be sufficient under the GDPR. That is then the point at which they tend to hang up on me, leaving me even more frustrated as I hadn’t yet got round to my ‘delete me from your database’ spiel which reminds them that the obligation is to remove me completely, not just ignore me or move me to a deleted list.
I was therefore pleased to read the following summaries of the ICO’s recent activities to combat these companies. You will recall our recent blog on the £400,000 fine levied at Keurboom for its unlawful direct marketing activities and you will see below that the ICO is continuing with its war. A breach of the Regulations carries a maximum penalty of £500,000.
Concept Car Credit Ltd fined £40,000 by ICO for sending 336,000 spam text messages in breach of Privacy Regulations
The Information Commissioner’s Office (ICO) fined Concept Car Credit Ltd (Concept Car) £40,000 on 17 May 2017, for sending 336,000 spam text messages, contrary to regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (PECR).
An investigation by the ICO found that the company sent the spam texts as a marketing device after obtaining people’s details from other organisations. Concept Car could not provide evidence that the recipients of the texts had consented to receive them as required by PECR.
As well as the £40,000 fine, the ICO also issued an enforcement notice ordering the company to stop sending unlawful texts in the future.
Double glazing company fined £50,000 by ICO for making nuisance calls in breach of Privacy Regulations
Brighter Homes Ltd’s (Brighter Homes) business involves making marketing calls to subscribers to sell its home improvement products and services, including windows, doors, conservatories and kitchens. Following 160 complaints, the Information Commissioner’s Office (ICO) found that between 4 January 2016 and 26 August 2016, Brighter Homes made 187 unsolicited calls for direct marketing purposes to subscribers registered with the Telephone Preference Service (TPS). The company had made calls using information from a third party company, but failed to carry out checks that the subscribers had consented to receiving phones calls.
The ICO issued Brighter Homes with a monetary penalty of £50,000 for a serious breach of regulation 21 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (PECR) in relation to making unsolicited marketing calls.
The PECR govern unsolicited electronic marketing within the EU. Regulation 21 prohibits making marketing calls to people who have registered their telephone numbers on the TPS and in the absence of their consent.
Telecommunications company fined £100,000 by ICO for sending millions of unsolicited text messages in breach of Privacy Regulations
On 16 May 2017, the Information Commissioner’s Office (ICO) fined Onecom Ltd (Onecom) £100,000 for sending millions of spam text messages, contrary to regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (PECR).
Following customer complaints about Onecom, an investigation was launched by the ICO. The investigation revealed that between 26 October 2015 and 2 June 2016 Onecom sent millions of spam texts about mobile phone upgrades.
Onecom could not provide evidence to the ICO explaining the source of the data used to send 1,050 text messages. It could also not provide evidence that it had consent to send the text messages. Onecom confirmed that it had sent 3.3 million text messages between 1 October 2015 and 31 March 2016.
The fines levied at these three companies are significantly lower than the £400,000 imposed by the ICO against Keurboom. This is because the level of spam messages or nuisance calls was significantly lower. However, the fines are not small and it goes to show that companies need to take seriously the requirements to obtain clear consent (and be able to evidence the same when required) in respect of direct marketing activities by electronic means.
If you require any further information as to your own obligations in this regard, please contact me.