Compensation company fined £90,000 for unlawful marketing calls
- Date 24 April 2025
- Type News
AFK Letters is a company which writes letters seeking compensation and refunds for its customers.
Between January and September 2023, AFK used data collected through its own website and a third-party telephone survey company to make 95,277 marketing calls without being able to demonstrate valid and specific consent from the people contacted. Despite AFK claiming it could not provide evidence of consent because it deleted all customer data after three months, when challenged by us, it was also unable to provide consent records for several calls made within a three-month timeframe.
One of the complainants about the company stated that they had not consented to receive the calls:
“...claimed she had information showing I might be due a refund in relation to my solar panels as the supplier had gone bust (which isn’t true.) She knew my name... I explained I had not consented to receive such a call which was an intrusion and asked her to remove me from the list.”
AFK’s third-party data supplier was using consent statements which did not specifically name AFK when asking the public for consent to be called. Additionally, AFK’s own privacy policy only mentioned contact by email, and did not state that people would also receive phone calls.
Our investigation found that AFK failed to comply with Regulation 21 of the Privacy and Electronic Communications Regulations (PECR), which requires organisations to have clear, informed and specific consent before making unsolicited direct marketing calls.
Andy Curry, Interim Director of Enforcement and Investigations, said:
“AFK made calls to those registered with the Telephone Preference Service, and failed to keep proper records of consent for those it was calling as well as failing to properly disclose to people what they would be consenting to. This is a fundamental requirement of responsible and legally compliant direct marketing.
“This fine should serve as a clear warning to and learning for other organisations: if you cannot demonstrate valid consent for people on the Telephone Preference Service, you should not be contacting people. If people are being asked for consent to be contacted, it should be absolutely clear what this is for.
“It is vital that other companies utilising direct marketing have robust systems in place to protect people’s privacy and comply with the law.”
We remind people to report nuisance calls and check that their TPS registration is up to date. Organisations are also urged to review their direct marketing processes to ensure they comply with data protection law.
To learn more about stopping spam marketing calls and emails, visit the ICO’s guidance here. To register with the TPS, please visit here. To submit a complaint about nuisance calls, click here.
Notes to editors
- The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
- The ICO can take action to address and change the behaviour of organisations and individuals that collect, use, and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
- To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to ico.org.uk/concerns.