The Information Commissioner’s Office (ICO) has fined Papa John’s (GB) Limited £10,000 for sending 168,022 nuisance marketing messages to its customers without the valid consent required by law.
The ICO received 15 complaints from Papa John’s customers about the unwanted marketing they were receiving by text and email. The complaints noted the distress and annoyance the messages were causing.
“I never gave my consent for marketing text messages, it causes me distress receiving these so frequently without being able to stop them”
“Nearly a 100 messages in the past two months is the textbook definition of harassment.”
The ICO’s subsequent investigation found that between 1 October 2019 and 30 April 2020, Papa John’s sent over 210,000 marketing messages with 168,022 confirmed as received.
The ICO investigation found that Papa John’s was relying on the ‘soft opt in’ exemption in order to send marketing texts and emails.
This exemption allows organisations to send electronic marketing messages to customers whose details have been obtained for similar services, but offers a simple way for people to refuse or opt out. The ICO ruled that Papa John’s could not rely on this exemption for customers that had placed an order over the telephone, as they were not given the option to opt out at point of contact nor were they provided with a privacy notice.
Andy Curry, ICO Head of Investigations said:
“The law is clear and simple. When relying on the ‘soft opt in’ exemption companies must give customers a clear chance to opt-out of their marketing when they collect the customers details. Papa John’s telephone customers were not given the opportunity to refuse marketing at the point of contact, which has led to this fine.
“We will continue to take action against companies who may be gaining unfair advantage over those companies that adhere to the law and comply with electronic marketing law”.
The laws governing electronic marketing are contained in the Privacy and Electronic Communications Regulations 2003.
Notes to Editors
- The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018, the UK General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
- The Privacy and Electronic Communications Regulations (PECR) give people specific privacy rights in relation to electronic communications. There are specific rules on:
- marketing calls, emails, texts and faxes;
- cookies (and similar technologies);
- keeping communications services secure; and
- customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.
- The ‘soft opt -in’ exemption provided by Regulation 22(3) PECR means that organisations can send marketing messages by text and e-mail to individuals whose details have been obtained in the course or negotiation of a sale and in respect of similar products and services. The organisation must also give the person a simple opportunity to refuse or opt out of the marketing, both when first collecting the details and in every message after that.
- The ICO has the power under PECR to impose a monetary penalty on a data controller of up to £500,000.
- Civil Monetary Penalties (CMPs) are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
- Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).
- To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.