The ICO exists to empower you through information.

The Information Commissioner’s Office (ICO) has ordered a charity to stop sending unsolicited marketing texts to people without their consent, as it reminds all charities of their legal obligations.

Penny Appeal, based in Wakefield, sent more than 460,000 unsolicited texts over a ten-day period to 52,000 people who had never provided their consent, or who had clearly opted out. The texts were sent between April and May 2022 to coincide with Ramadan, encouraging people on a daily basis to donate to the charity’s appeals.

This resulted in 354 complaints to the ICO and the Mobile UK’s Spam Reporting Service. Complainants reported their requests to opt out were ignored and described the texts as “intrusive”, “unwanted,” and often received late at night.

The ICO’s investigation found that the charity had created a new database where requests to opt out were not recorded and messages were sent to anyone who had interacted with the charity in the last five years.

The regulator has been engaging with Penny Appeal since 2020, after receiving complaints about a similar marketing campaign. Following the ICO’s intervention, the charity committed to improving its compliance with direct marketing law. However, further complaints revealed they were still sending illegal marketing texts. While still under investigation, Penny Appeal sent further spam texts over Ramadan, which led to even more complaints.

The ICO has now issued an Enforcement Notice, ordering Penny Appeal to stop sending marketing communications without consent within 30 days.

Following this action, the data protection regulator is reminding all charities that it is against the law to send marketing texts, calls, or emails without valid consent.

Andy Curry, Head of Investigations at the ICO, said:

“Penny Appeal inundated people with text messages, with no regard for their consent or their right to opt out. This is unacceptable and we will act decisively to protect the public from unsolicited marketing texts. Despite providing advice and guidance to improve this charity’s compliance we were left with no choice but to take enforcement action in order to protect the public.

“We are here to support charities in their missions to responsibly raise funds for good causes and help people in need. We also appreciate that small charities may need a helping hand when it comes to understanding the law. However, this is not an excuse for breaking it. All organisations sending direct marketing messages are responsible for ensuring they have valid consent to contact every recipient.”

Gerald Oppenheim, Chief Executive of the Fundraising Regulator, said:

“The Fundraising Regulator supports the ICO’s decision which echoes an investigation into the same issue that the Fundraising Regulator completed in 2022. While communicating with donors via text can be an effective tool for charities, it is vital that those charities abide by not only the law, but also the Code of Fundraising Practice – which stipulates that fundraising must be open, honest, legal, and respectful.”

The ICO has shared its advice to help charities comply with the law:

  • Only email or text someone if they have specifically consented to receiving emails or texts – for example, by ticking an opt-in box.
  • People cannot provide consent as a condition of subscribing to a service – consent must be freely given and fully informed.
  • Offer an opt-out option (by reply or unsubscribe link) and act on this promptly.
  • Keep a clear ‘do not contact’ list of anyone who opts out or unsubscribes from your communications, and screen against this list every time you send an email or text.

The ICO enforces the Privacy and Electronic Communications Regulations 2003 (PECR), which cover the rules for organisations wishing to make direct marketing calls, texts or emails.

Charities can visit the ICO website for further guidance and support on all aspects of data protection, including general recommendations for charities and bespoke advice for small organisations.

Find out more about the ICO’s work to tackle spam texts and nuisance calls here.

Notes to editors

The outcome of the Fundraising Regulator’s 2022 investigation into Penny Appeal can be viewed here.

About the ICO

  1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
  3. The ICO can take action to address and change the behaviour of organisations and individuals that collect, use, and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
  4. To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to ico.org.uk/concerns.