ICO says ‘there’s nowhere to hide’ for companies bombarding people with nuisance texts

15 Sep 2016 12:48 PM

The fight against companies sending spam texts continues as the ICO issues a £30,000 fine to Manchester firm Carfinance247 Ltd. 

The penalty is the result of an investigation prompted by 912 complaints about the car finance brokerage firm’s text messaging tactics. Its four month marketing campaign involved 65,000 messages, all sent to members of the public without sufficient consent.

The law says that organisations must only send marketing text messages to individuals if they have agreed to receive them, except where there is a clearly defined customer relationship. Carfinance247 did not do this so they broke the law.

Messages, including the one below, were designed to drive people to a business website. 

"You have been accepted for Car Finance no upfront costs or credit checks, Drive away in a car within 24hrs at www.go-finance.com to stop txt stop" 

The www.go-finance.com domain is now defunct.

When challenged by the ICO, the company claimed another business had sent the messages without their knowledge. 

Steve Eckersley, the ICO’s head of enforcement said:

“Carfinance247 Ltd tried to hide behind another company and distance themselves from the marketing practices involved.

“Let me be clear - if your business has hired someone else to provide direct marketing then the responsibility for the campaign is yours. There is nowhere to hide. If you break the rules we will find you and fine you.”

Notes for editors

  1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

  2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

  3. The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit. The ICO has the power to impose a monetary penalty on a data controller of up to £500,000.

  4. The Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act. They give people specific privacy rights in relation to electronic communications.

There are specific rules on:

  • marketing calls, emails, texts and faxes;
  • cookies (and similar technologies);
  • keeping communications services secure; and
  • customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.

We aim to help organisations comply with PECR and promote good practice by offering advice and guidance. We will take enforcement action against organisations that persistently ignore their obligations.

  1. The rules on electronic mail marketing (which includes text messages) are in regulation 22 of PECR. In short, you must not send electronic mail marketing to individuals, unless:

  • they have specifically consented to electronic mail from you; or
  • they are an existing customer who bought (or negotiated to buy) a similar product or service from you in the past, and you gave them a simple way to opt out both when you first collected their details and in every message you have sent.

You must not disguise or conceal your identity, and you must provide a valid contact address so they can opt out or unsubscribe.

  1. Civil Monetary Penalties (CMPs) are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice. 

  2. Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).

  3. To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.