The ICO have recently fined “Digital Growth Experts Ltd”, formerly “Motorhome Brokers Ltd” for sending thousands of marketing text messages without consent.
This brazen breach of PECR occured between 29 February and 30 April 2020. Reportedly, 16,190 messages were received, promoting a hand sanitising gel.
During their investigation the ICO found that Digital Growth Experts Ltd had breached regulations 22 and 23 of PECR.
PECR is a law that governs the use of direct marketing, like email and telephone communications, and the use of tracking technologies like cookies and web pixels. Section 22 and Section 23 cover the use of electronic mail for direct marketing purposes.
The regulations state that marketing texts can only be sent when the individual receiver has given their consent, or in the case of a soft-opt-in exception, where all the following conditions are met:
- that person has obtained the contact details of the recipient of that electronic mail in the course of the sale or negotiations for the sale of a product or service to that recipient;
- the direct marketing is in respect of that person’s similar products and services only; and
- the recipient has been given a simple means of refusing the use of his contact details for the purposes of such direct marketing, at the time that the details were initially collected, and, where he did not initially refuse the use of the details, at the time of each subsequent communication.
In practice, this means that the only time you do not require valid consent is when the individual receiver has entered into negotiations to buy or has purchased a product or service from you. And, at the time that the details were initially collected that a simple means of opting out of these communications was offered.
This exception is commonly relied upon by e-commerce companies, such as Amazon, and airlines like Ryanair.
When the ICO asked digital growth experts ltd for the legal basis of their marketing communications. They received “unclear and inconsistent” responses.
Further investigation revealed where some of the contacts used in the direct marketing campaign may have been sourced.
The ICO’s enforcement notice reports that it appears that Digital Growth Experts Ltd used contact data scraped from an online marketplace account belonging to it’s Director to send marketing messages. Digital Growth Experts suggested that the contacts had come from an eBay account which had been active since 2003. Apparently, the details were from users who had previously engaged with the Director’s “eBay offers”.
There was no evidence that valid consent had been obtained from any of the individuals gathered from eBay or that there was any previous relationship between the individuals and Digital Growth Experts Ltd.
According to the notice, Digital Growth Experts also used social media advertising, offering free samples of a product. On signing up to receive the sample, people were automatically opted into receiving marketing messages.
Neither method used can be classed as valid consent, and the “soft-opt-in” exemptions in PECR listed above do not apply either.
The ICO first became aware of these marketing texts, when recipients forwarded the unsolicited text messages to a spam reporting service. This information is reviewed monthly by the ICO.
“DGEL played upon people’s concerns at a time of great public uncertainty, acting with a blatant disregard for the law, and all in order to feather its own pockets. We will prioritise action on organisations carrying out similar activity.
“Direct marketing laws are clear and it is the responsibility of businesses to ensure they comply. Ignorance of it or attempting to rely on vague and misleading evidence in support of a marketing campaign simply does not wash.
“The sending of nuisance marketing texts are a significant concern to the public, and the ICO will continue to take action where our advice is not followed and where we find serious, systemic or negligent behaviour that puts people’s information rights at risk.”
Under PECR the ICO can fine organisations upto £500,000 per infringement. If you want to learn more about your legal responsibilities as a marketer, check out our course that tells marketing teams what they need to know and how to put their knowledge into action. It’s cheaper than a fine.
⚠️ Try our "painless" GDPR course. Certificate on completion. Sign up and start learning today.