Data protection and direct marketing

Businesses that use and rely on third party marketing lists should take note of a First-tier Tribunal (Information Rights) decision relating to breach of the Privacy and Electronic Communications Regulations 2003. The tribunal upheld the Information Commissioner’s Office (ICO) enforcement notice requiring a company to stop sending unsolicited marketing texts to individuals whose details were obtained under data supplier agreements. The company used personal data provided by several suppliers to send text messages to individuals, without their prior consent, marketing its laser eye surgery. The ICO received 7506 complaints from individuals about this.

This decision serves as a reminder that third party marketing lists must be treated with great caution and the business buying or renting the list must make rigorous checks before relying on them. It also reinforces the need for businesses to inform individuals who their personal data will be shared with and for what purposes, and to obtain prior consent in relation to email and text marketing.

The ICO has also recently issued a record monetary penalty notice of £200,000 to a company for making automated marketing calls without the recipients’ prior consent. The company made or instigated over six million calls as part of a massive automated call marketing campaign offering “free” solar panels. In just over two months (from October to December 2014) the ICO received 242 complaints from recipients. When assessing the level of the penalty, the ICO also took into account that the company did not identify themselves, nor provide an address or freephone contact number.