​ICO issues fines over illegal marketing

17 October 2017


The ICO has recently fined an advertising firm and a bank for sending illegal texts and emails.

London based advertising company, Xerpla, was fined £50,000 for sending 1.26 million emails, promoting a wide range of products and services, without the specific consent of the recipients. The emails were sent to individuals who had signed up to two websites. Although those subscribing to the websites were told their details could be shared with other organisations, the wording was not clear and specific enough.

Vanquis Bank issued 870,849 text messages and 620,000 emails, marketing their credit cards. The recipients had not explicitly consented to being sent such marketing emails from the bank. The bank obtained the marketing lists from other organisations. The consent only included general wording, such as ‘trusted parties’ and ‘carefully selected third parties’. Vanquis was fined £75,000.

The ICO commented that “People must be properly informed about what they are consenting to. Telling them their details could be passed to ‘similar organisations’ or ‘selected third parties’ cannot be relied upon as specific consent”.

The issue of obtaining consent from individuals for the processing of their personal data will become even more important under the General Data Protection Regulation (GDPR), which will apply from 25th May 2018. The GDPR sets a very high standard for consent. Businesses should review their existing consents to ensure they are GDPR compliant.

Below are some pointers:

  • Consent requires a “clear affirmative action” or statement such as a positive opt-in. Pre-ticked boxes and consent by default are not sufficient.
  • Consent requests should be kept separate from other terms and conditions.
  • The wording should be clear and unambiguous.
  • You should provide simple and accessible ways for individuals to withdraw their consent.
  • You should name any third parties who will rely on the consent.
  • You must keep clear records to demonstrate consent.

If you have any queries, please do not hesitate to contact any member of our Data Protection Team.