Swyddfa’r Comisiynydd Gwybodaeth yn dirwyo ffyrmiau y tu ôl i 44 o negeseuon ebost sbam, 15 miliwn o alwadau niwsans a miliwn o negeseuon testun sbam

Four companies that disrupted people with nuisance marketing have been fined a total of £600,000 by the Information Commissioner’s Office (ICO).

Hundreds of complaints from the public about the firms prompted four ICO investigations, and resulted in the following fines:

  • Barrington Claims Limited, previously based in Llanelli but now registered in Port Talbot, fined £250,000 for over 15 million automated calls,
  • London-based Newday Limited fined £230,000 for over 44 million spam emails,
  • Goody Market UK Limited, in Liverpool, fined £40,000 for 111,367 spam texts and
  • Macclesfield-based TFLI Limited fined £80,000 for over 1.19 million spam texts.

All four of the businesses broke the law by not having people’s agreement to be contacted by them. Organisations should always ensure the language used to signify consent is clear, easy to understand and not hidden away in a privacy policy or small print.

Andy Curry, ICO Enforcement Group Manager, said:

“Firms cannot get away with failing to follow the rules designed to protect people from the irritation and, on occasions, distress nuisance calls, emails and texts cause.

“I would urge anyone bothered by nuisance marketing to report it to us. Your reports help us take action against firms like those we have fined today, putting a stop to the trouble they cause.”

Nuisance calls and spam texts and emails can be reported via the ICO’s website or by calling 0303 123 1113 with as much detail as possible. Mobile phone users can also report spam texts by forwarding the message to 7726.

The ICO has published detailed guidance for companies carrying out marketing – explaining their legal requirements under data protection law and the Privacy and Electronic Communications Regulations. The guidance covers the circumstances in which organisations are able to carry out marketing over the phone, by text, by email, by post or by fax.

A summary of how each firm broke the law can be found below:

Barrington Claims Limited

Barrington Claims Limited was found to have made over 15 million automated marketing calls about PPI between February 2016 and May 2016.

Complaints to the ICO were made about the frequency and persuasive nature of the calls. Concerns reported included:

“I am currently home just post op, major surgery, and I am finding these calls annoying and distressing as I have to have the phone free for district nurses and they are waking me up when I need to be sleeping.”

“I have a toddler and an autistic seven-year-old. Unwanted phone calls on the landline wake sleeping kids up, cause anxiety and can lead to my son becoming distressed. It’s not okay.”

The firm was unable to provide the ICO with evidence that it had the consent of the people who were called.

Automated marketing calls can only be made to people who have previously notified the caller that they agree to such communications being sent by, or at the instigation of the caller. Consent must be freely given, specific and informed.

Newday Limited

Newday Limited, based in London, instigated the sending of around 44.7 million spam emails promoting its financial products between April 2015 and January 2017.

It used other firms to send the emails to people who had subscribed to websites operated by those companies.

But an ICO investigation found Newday Limited had not carried out the proper checks to ensure people had consented to receive the emails.

Goody Market UK Limited

Liverpool-based Goody Market UK Limited, which operates an insurance comparison website, has been fined for sending 111,367 spam text messages.

It has also been ordered by the ICO to stop illegal marketing or face further legal action.

The spam texts were sent using people’s information sourced from another firm and purchased on behalf of Goody Market by a data broker.

Goody Market UK was unable to provide the ICO with evidence that people had agreed to receive marketing messages, as it had relied on verbal assurances from the data broker that the details had previously been used for text messaging purposes.

TFLI Limited

TFLI Limited, based in Bollington near Macclesfield, has been fined for sending around 1.19 million spam text messages promoting a loan website.

There were 793 complaints made about the text messages, sent using personal details provided by other companies.

An ICO investigation found TFLI Limited was negligent in failing to take responsibility for ensuring people had agreed to receive the messages.

Notes to Editors

  1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
  3. The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit. The ICO has the power to impose a monetary penalty on a data controller of up to £500,000.
  4. The European Union’s General Data Protection Regulation (GDPR) is a new law which will apply in the UK from 25 May 2018. The Government has confirmed the UK’s decision to leave the EU will not affect the commencement of the GDPR. The Government is introducing measures related to this and wider data protection reforms in a Data Protection Bill.
  5. The Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act. They give people specific privacy rights in relation to electronic communications. There are specific rules on:
    • marketing calls, emails, texts and faxes;
    • cookies (and similar technologies);
    • keeping communications services secure; and
    • customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.

      We aim to help organisations comply with PECR and promote good practice by offering advice and guidance. We will take enforcement action against organisations that persistently ignore their obligations.
  6. Civil Monetary Penalties (CMPs) are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
  7. Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).
  8. To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.