On 19 April 2017, the Information Commissioner’s Office (ICO) fined a finance brokerage firm, Monevo Ltd, £40,000 under section 55A of the Data Protection Act 1998 for sending unsolicited direct marketing texts. This constituted a serious contravention of regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (PECR).
An investigation by the ICO, prompted by numerous complaints from the public, found that Monevo Ltd sent 44,172 marketing texts without obtaining prior consent from the recipients. Monevo Ltd’s telemarketing affiliate had obtained the personal details used to send the messages from competition and money saving websites. None of the privacy notices on these websites indicated the data would be used for sending marketing text messages by Monevo Ltd.
This case serves as a reminder to all businesses of the importance of obtaining clear and transparent consent to electronic marketing. The introduction of the General Data Protection Regulation in May next year tightens the obligations on data controllers with regard to ensuring that consent if clear and transparent and tougher penalties will be levied at offenders. The upper limit on fines is going to increase from the current £500,000 limit to €20m or 4% of an undertaking’s worldwide turnover.
Privacy policies and tick boxes are going to have to be updated in order to comply with the new GDPR requirements and if you would like further help, please speak to Laura Trapnell, Partner of the IP team.