Thursday 21 Jun 2018 @ 12:20
Information Commissioner's Office
Printable version

BT fined £77,000 by the ICO for five million spam emails

British Telecommunications plc (BT) has been fined £77,000 by the Information Commissioner’s Office after it sent nearly five million nuisance emails to customers.

The investigation found that the company did not have customers’ consent to send direct marketing emails. This is against the law.

ICO Head of Enforcement, Steve Eckersley, said:

“Organisations have a responsibility to ensure they are acting within the law. Where they do not, the ICO can and will take action. This particular investigation was prompted by a concerned member of the public.  We investigated the matter and uncovered the full extent of this activity which shows how important it is for people to report nuisance emails.”

The 4.9 million emails were sent between December 2015 and November 2016 promoting three charity initiatives: the BT ‘My Donate’ platform, Giving Tuesday and Stand up to Cancer.

During the investigation, BT accepted that emails for Giving Tuesday and Stand up to Cancer were unlawful but disputed the assessment that My Donate emails were direct marketing.

The Commissioner found that all of the emails sent constituted marketing and were not simply service messages. These messages were found to have been delivered to recipients who had not given the necessary consent and were therefore sent in breach of regulation 22 of the Privacy and Electronic Communications Regulations (2003).

The Information Commissioner found that although BT did not deliberately break the rules, it should have known the risks and it failed to take reasonable steps to prevent them.

Notes to Editors

  1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations (PECR) 2003.
  3. The Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act. They give people specific privacy rights in relation to electronic communications. There are specific rules on:
    • marketing calls, emails, texts and faxes;
    • cookies (and similar technologies);
    • keeping communications services secure; and
    • customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.​

We aim to help organisations comply with PECR and promote good practice by offering advice and guidance.

  1. The European Union’s General Data Protection Regulation (GDPR) is a new law which applied in the UK from 25 May 2018.
  2. Civil Monetary Penalties (CMPs) are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
  3. Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).
  4. To report a concern go to ico.org.uk/concerns.

 

Channel website: https://ico.org.uk/

Original article link: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/06/bt-fined-77-000-by-the-ico-for-five-million-spam-emails/

Share this article

Latest News from
Information Commissioner's Office

The General Election and my personal data - what should I expect?

31/05/2024 10:20:00

With a General Election set to take place on 4 July, we know many people have questions about how their data may be used during the election campaign. Personal information is an important part of political campaigning - it allows political parties to get crucial messages to voters and helps them to understand the key issues for different people.

PSNI facing a £750k fine following spreadsheet error that exposed the personal information of its entire workforce

23/05/2024 15:20:00

We have announced we intend to fine the Police Service of Northern Ireland (PSNI) £750,000 for failing to protect the personal information of its entire workforce

We warn organisations must not ignore data protection risks as we conclude Snap ‘My AI’ chatbot investigation

22/05/2024 09:10:00

The Information Commissioner’s Office (ICO) has concluded its investigation into Snap, Inc’s launch of the ‘My AI’ chatbot.

Car rental manager fined after unlawfully obtaining customer data

17/05/2024 10:20:00

A former Management Trainee at Enterprise Rent-A-Car UK Limited ("Enterprise Rent-A-Car") has been ordered to pay a fine after admitting he illegally obtained customer data between 18 March 2019 and 1 April 2019.

No regulatory wild west: how the ICO applies the law to emerging tech

16/05/2024 12:25:00

John Edwards, Information Commissioner, yesterday delivered a speech at the New Scientist Emerging Technogies summit.

Children’s services in Birmingham reprimanded after inappropriately disclosing a child’s personal information

15/05/2024 09:10:00

We have issued a reprimand to Birmingham Children's Trust Community Interest Company after the personal information of a child was inappropriately disclosed to another family.

Organisations must do more to combat the growing threat of cyber attacks

13/05/2024 11:15:00

We are calling for all organisations to boost their cyber security and protect the personal information they hold, amid the growing threat of cyber attacks.  

First-tier Tribunal ruling on Join the Triboo appeal

08/05/2024 09:10:00

We welcome the ruling from the First-tier Tribunal (General Regulatory Chamber) on an appeal from Join the Triboo Limited.

Registration opens for ICO annual conference

03/05/2024 13:25:00

The Information Commissioner's Office (ICO) will hold its annual Data Protection Practitioners' Conference (DPPC) online on Tuesday 8 October.