Vanquis Bank Limited, part of Provident Financial, has been fined £75,000 by the Information Commissioner’s Office (ICO) for sending large numbers of spam marketing texts and emails. The credit card provider was responsible for 870,849 spam text messages and 620,000 spam emails.
The case highlights the importance of ensuring that ‘consent statements’ and the like are worded correctly. Vanquis apparently believed that the recipients had consented in advance to receiving the communications, but the ICO said that the consent statement used on the marketing lists Vanquis obtained from other parties was not sufficiently robust. The ICO comments that these consent statements “included non-specific, general wording, such as ‘trusted parties’ and ‘carefully selected third parties’.” It does not believe that the statement made it clear that individuals’ data could be passed to firms such as Vanquis, who would then send marketing texts and emails to these people regarding credit cards.
The data protection watchdog clearly does not believe therefore that use of this wording in consent statements is sufficient, even under existing UK data protection law. Companies need to be totally transparent with consumers as to exactly what their data will be used for. The European Union’s General Data Protection Regulation (GDPR) will be introduced in May 2018, from which date firms will need to ensure their procedures for obtaining consent are even more robust.
Firms that fail to comply with GDPR could be fined up to €20 million or 4% of global annual turnover, whichever is greater. At present the ICO can only impose fines of up to £500,000.
ICO Head of Enforcement Steve Eckersley said:
“There are rules in place to protect people from the irritation, and in some cases anxiety and distress, spam texts and emails cause.
“People need to be properly informed about what they are consenting to. Telling them their details could be passed to ‘similar organisations’ or ‘selected third parties’ cannot be relied upon as specific consent.
“People were so exasperated by these messages that they complained to us. That sparked two ICO investigations and enabled us to take action and hold the firms behind this nuisance to account.
“These firms should have taken responsibility for ensuring they had obtained clear and specific consent for the sending of the messages. They didn’t and that is unacceptable.”
When Mr Eckersley refers to “two investigations”, he is also referring to a fine imposed on Xerpla, who sent over one million spam emails regarding various consumer goods.
The action against Vanquis represents the second occasion in the last three months when a Provident Financial company has been fined by the ICO. In July, Provident Personal Credit Ltd was fined £80,000 after various third-party affiliate companies sent 999,057 unsolicited text messages on its behalf. These spam texts were intended to promote the Satsuma Loans brand.
The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article.