Information Commissioner's Office
EU campaign firm fined for sending spam texts
A company which sent more than 500,000 texts urging people to support its campaign to leave the EU has been fined by the Information Commissioner’s Office (ICO).
Better for the Country Ltd, best known for campaigning under the name Leave.EU, broke the law by not having the consent of the people it sent text messages to.
The ICO has fined the organisation £50,000 for failing to follow the rules about sending marketing messages.
Stephen Eckersley, ICO Head of Enforcement, said:
“Political parties and campaign groups must follow the same rules as anyone else. That means they must have people’s permission before sending them text messages.
“Better for the Country did not have permission to send these messages. After considering all the options we decided that enforcement action was necessary.”
During an ICO investigation, Better for the Country said that they had obtained the list of phone numbers from a third party supplier.
Organisations buying marketing lists from third parties must make rigorous checks to satisfy themselves that the third party has obtained the data fairly and lawfully and has the necessary consent.
In this case that meant the individuals should have been given an explanation which clearly made them aware that they could receive promotional messages from the organisation’s political campaign.
Many of those who were sent texts by Better for the Country Ltd had consented to receiving messages about areas including leisure, home improvements and insurance but there was no specification about EU politics.
Mr Eckersley said:
“The consent wasn’t clear. Local and national government was as specific as it got, there was no mention of leaving the EU.”
Examples of the text messages sent and the consent agreed to are available in thepenalty notice.
This is not the first time the ICO has taken action over political campaigning that falls short of the law.
March 2016 – The ICO fined David Lammy MP for making nuisance calls.
December 2015 – Telegraph Media Group fined £30,000 for sending hundreds of thousands of emails on the day of the general election urging readers to vote Conservative.
November 2013 – In the run-up to the Scottish Referendum, the Better Together campaign signed an undertaking after sending 300,000 text messages to individuals without adequately checking whether they had consented to being contacted.
Notes to editors
- The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act (FOIA) 2000, Environmental Information Regulations (EIR) 2004 and Privacy and Electronic Communications Regulations 2003.
- The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit. The ICO has the power to impose a monetary penalty on a data controller of up to £500,000.
- Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
- fairly and lawfully processed;
- processed for limited purposes;
- adequate, relevant and not excessive;
- accurate and up to date;
- not kept for longer than is necessary;
- processed in line with your rights;
- secure; and
- not transferred to other countries without adequate protection.
- The Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act. They give people specific privacy rights in relation to electronic communications.
- There are specific rules on:
- marketing calls, emails, texts and faxes;
- cookies (and similar technologies);
- keeping communications services secure; and
- customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.
- We aim to help organisations comply with PECR and promote good practice by offering advice and guidance. We will take enforcement action against organisations that persistently ignore their obligations.
- There are specific rules on:
- Civil Monetary Penalties (CMPs) are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
- Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).
- To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns/.
Latest News from
Information Commissioner's Office
Blog: Community groups and COVID-19: what you need to know about data protection27/03/2020 13:20:00
A blog by Ian Hulme, Director for Regulatory Assurance at the ICO.
Council employee fined £400 for illegally deleted audio file16/03/2020 10:25:00
A council employee has been fined £400 for an offence under the Freedom of Information (FOI) regulations.
Data protection and coronavirus12/03/2020 15:25:00
We all share the same concerns about the spread of the COVID-19 virus. The need for public bodies and health practitioners to be able to communicate directly with people when dealing with this type of health emergency has never been greater.
Blog: Don’t get caught out when it comes to pupil photos10/03/2020 15:10:00
Blog posted by: Andrew Laing, ICO Head of Data Protection Complaints, 09 March 2020.
Combining privacy and innovation: ICO Sandbox six months on10/03/2020 12:25:00
It’s been an exciting, interesting and challenging first six months for the ICO Sandbox – both for those externally involved in the various projects and for the ICO staff working on the scheme. Ian Hulme discusses the progress so far.
The ICO and the Office of the Australian Information Commissioner sign Memorandum of Understanding06/03/2020 12:25:00
James Dipple-Johnstone (Deputy Commissioner) yesterday commented on the signing of the Memorandum of Understanding.
International airline fined £500,000 for failing to secure its customers’ personal data04/03/2020 13:05:00
The Information Commissioner’s Office (ICO) has fined Cathay Pacific Airways Limited £500,000 for failing to protect the security of its customers’ personal data.
Scottish company hit with maximum fine for making nearly 200 million nuisance calls03/03/2020 09:10:00
The Information Commissioner’s Office (ICO) has fined CRDNN Limited with the maximum £500,000 fine for making more than 193 million automated nuisance calls.