The Information Commissioner’s Office (ICO) has fined Digital Growth Experts Limited (DGEL) £60,000 for sending thousands of nuisance marketing texts at the height of the pandemic.
Seeking to capitalise and profit from the pandemic DGEL sent the texts, of which 16,190 were received, between 29 February and 30 April 2020 promoting a hand sanitising product that it claimed to be “effective against coronavirus”. The messages were all sent to people who had not consented to receive them.
Andy Curry, Head of Investigations at the ICO, said:
“DGEL played upon people’s concerns at a time of great public uncertainty, acting with a blatant disregard for the law, and all in order to feather its own pockets. We will prioritise action on organisations carrying out similar activity.
“Direct marketing laws are clear and it is the responsibility of businesses to ensure they comply. Ignorance of it or attempting to rely on vague and misleading evidence in support of a marketing campaign simply does not wash.
“The sending of nuisance marketing texts are a significant concern to the public, and the ICO will continue to take action where our advice is not followed and where we find serious, systemic or negligent behaviour that puts people’s information rights at risk.”
Throughout the ICO’s investigation, DGEL was unclear and inconsistent in its responses, and it was unable to provide sufficient evidence that it had the consent it is required to have under the Privacy and Electronic Communications Regulations 2003 (PECR).
DGEL came to the attention of the ICO when complaints forwarded via short text 7726 to the GSMA’s Spam Reporting Service were incorporated into the ICO’s Monthly Threat Assessment, which is used to identify organisations in breach of PECR.
DGEL has also been issued with an enforcement notice ordering it to comply with the PECR within 30 days of receipt of the notice.
Notes to Editors
- The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
- The Privacy and Electronic Communications Regulations (PECR) give people specific privacy rights in relation to electronic communications. There are specific rules on:
- marketing calls, emails, texts and faxes;
- cookies (and similar technologies);
- keeping communications services secure;
- and customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.
- The ICO has the power under PECR to impose a monetary penalty on a data controller of up to £500,000.
- Civil Monetary Penalties (CMPs) are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
- Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).
- To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.