25Mar

The Information Commissioner’s Office has fined a Manchester-based debt management lead generation company £80,000 after it sent more than 95,000 text messages. These messages were all unsolicited, in that the recipients had not given explicit prior consent to receiving them. Furthermore, all 95,000 messages were sent in the space of just two months, from June to July 2020.

In addition to the fine, the company has been issued with an enforcement notice ordering it to stop sending these messages with immediate effect. If it fails to comply, then it could face a criminal prosecution.

The ICO accuses the company of seeking to profit from the pandemic and from the resulting increase in the number of vulnerable individuals. An example of one of the company’s texts read:

“*firstname* Affected by Covid? Struggling with finances? lost job /furloughed? Were here to help! Gvnmnt backed support see if you qualify”

As well as failing to obtain prior consent from the recipients, the company also didn’t provide any method by which the consumer could opt out of future communications in many cases. The ICO says that this failing applied on around 18,000 of the messages.

The company provided a partial response to the ICO saying:

“All data we use is fully compliant and purchased from credible UK data suppliers that we carried out full due diligence against prior to point of supply”

However, the company’s response did not directly address how they managed to end up sending thousands of messages to individuals who hadn’t explicitly consented to receiving them.

The ICO investigation says that it did see evidence of the consumers having given some form of consent, but says that when they did consent, the information was presented in such a way as to give a misleading impression that only a limited number of 16 organisations might contact them. Subscribers would then need to drill down into the separate privacy policy to find out that any one of 450 companies may in fact contact them, none of which the subscriber had any ability to refuse contact from. The ICO says that 450 organisations, from 40 different sectors, is “far too exhaustive a list to enable individuals to give valid consent”. 

The data protection regulator goes as far as to say that it believes the company’s conduct was a deliberate breach of the applicable legislation. A further aggravating factor in this case is that the company continued to send the messages even after it was aware that it was under investigation by the ICO.

The fine will be reduced to £64,000 if the company pays by March 22 and does not exercise its right of appeal.

Andy Curry, ICO Head of Investigations, said:

”Not only was the company breaking the law by sending unwanted marketing messages, they were trying to take advantage of people who may be financially vulnerable due to the health crisis.

“We have issued a number of fines recently to companies that have used the pandemic as a way of making money. Businesses that think they can exploit the pandemic in this way should think again. We can fine you and take action to recover that fine where necessary.”