The Information Commissioner’s Office (ICO) has issued a £60,000 fine to Digital Growth Experts Limited (DGEL) for sending direct marketing texts without consent in order to promote a hand sanitiser (claiming that it was effective against coronavirus).
16,190 individuals who had not given their consent received the texts over a two-month period. The ICO determined that DGEL had acquired the data from a number of sources, none of which constituted an adequate means of obtaining valid consent under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), which included:
- Data scraped from an online marketplace account belonging to its director.
- Data obtained via social media advertisements which purported to offer free samples and then automatically opted individuals into receiving direct marketing.
- Expressions of interest in “eBay” offers on the director’s account page.
The ICO decided that DGEL was in breach of PECR.
In assessing the amount of the fine, the ICO considered that DGEL had provided unclear and inconsistent explanations for its direct marketing practices and could not prove that it had received consent to send the text messages. An aggravating feature was that DGEL had sought to capitalise on public concern and benefit financially from the coronavirus pandemic. The ICO also issued DGEL with an enforcement notice ordering it to comply with PECR within 30 days of receipt of the notice.
The Head of Investigations at the ICO said in his blog:
“DGEL played upon people’s concerns at a time of great public uncertainty, acting with a blatant disregard for the law, and all in order to feather its own pockets. We will prioritise action on organisations carrying out similar activity”.
This enforcement action illustrates the importance of obtaining marketing leads lawfully and retaining evidence of individuals’ consent to receive e-marketing.
It should also be noted that directors can be personally liable for unlawful direct marketing in some circumstances.
For more details around the law on electronic marketing generally, see our post ‘What Does GDPR Mean For Marketing‘.
If you would like to discuss any aspect of data protection then please contact Matt Worsnop by email at email@example.com or by phone on 0116 281 6235.
Categorised in: Covid-19, IT & Telecoms, NewsTags: Coronavirus, Data Protection, GDPR, General Data Protection Regulation