British Telecommunications plc (BT) has been fined £77,000 by the Information Commissioner’s Office after it sent nearly five million nuisance emails to customers.

The investigation found that the company did not have customers’ consent to send direct marketing emails. This is against the law.

ICO Head of Enforcement, Steve Eckersley, said:

“Organisations have a responsibility to ensure they are acting within the law. Where they do not, the ICO can and will take action. This particular investigation was prompted by a concerned member of the public.  We investigated the matter and uncovered the full extent of this activity which shows how important it is for people to report nuisance emails.”

The 4.9 million emails were sent between December 2015 and November 2016 promoting three charity initiatives: the BT ‘My Donate’ platform, Giving Tuesday and Stand up to Cancer.

During the investigation, BT accepted that emails for Giving Tuesday and Stand up to Cancer were unlawful but disputed the assessment that My Donate emails were direct marketing.

The Commissioner found that all of the emails sent constituted marketing and were not simply service messages. These messages were found to have been delivered to recipients who had not given the necessary consent and were therefore sent in breach of regulation 22 of the Privacy and Electronic Communications Regulations (2003).

The Information Commissioner found that although BT did not deliberately break the rules, it should have known the risks and it failed to take reasonable steps to prevent them.

Notes to Editors

  1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations (PECR) 2003.
  3. The Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act. They give people specific privacy rights in relation to electronic communications. There are specific rules on:
    • marketing calls, emails, texts and faxes;
    • cookies (and similar technologies);
    • keeping communications services secure; and
    • customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.

      We aim to help organisations comply with PECR and promote good practice by offering advice and guidance.
  4. The European Union’s General Data Protection Regulation (GDPR) is a new law which applied in the UK from 25 May 2018.
  5. Civil Monetary Penalties (CMPs) are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
  6. Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).
  7. To report a concern go to ico.org.uk/concerns.