Information Commissioner's Office
London company fined after 14.8m spam texts sent
London-based firm Tax Returned Limited has been fined £200,000 by the Information Commissioner’s Office (ICO) for sending out millions of unsolicited marketing text messages.
The ICO’s investigation found that, between July 2016 and October 2017, the company broke the law by sending 14.8 million marketing text messages without valid consent through a third party service provider.
As the instigator of the campaign, Tax Returned should have taken reasonable steps to make sure the data they obtained complied with the Privacy and Electronic Communications Regulation (PECR), which includes getting specific, prior consent from people receiving the messages.
The firm also claimed that some of the consents were received through generic third party consent found on privacy policies of certain websites.
However, the ICO found that the wording of the policies was not clear enough and that neither Tax Returned nor the third party service provider were listed on most of those privacy policies.
The ICO has also served an enforcement notice on Tax Returned, ordering the firm to stop its illegal marketing activity.
Steve Eckersley, ICO’s Director of Investigations, yesterday said:
“Spam texts are a real nuisance to people across the country and this firm’s failure to follow the rules drove over 2,100 people to complain.
“Firms using third party marketing services need to double-check whether they have valid consent from people to send promotional text messages to them. Generic third party consent is also not enough and companies will be fined if they break the law.”
People can report nuisance calls, texts and emails at ico.org.uk. Spam texts can also be reported by forwarding them to 7726.
If you need more information, please contact the ICO press office on 0303 123 9070, or visit the media section on our website.
Notes to Editors
- The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
- The Privacy and Electronic Communications Regulations (PECR) give people specific privacy rights in relation to electronic communications. There are specific rules on:
- marketing calls, emails, texts and faxes;
- cookies (and similar technologies);
- keeping communications services secure; and
- customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.
The ICO aims to help organisations comply with PECR and promote good practice by offering advice and guidance. The ICO will take enforcement action against organisations that persistently ignore their obligations.
- The ICO has the power under PECR to impose a monetary penalty on a data controller of up to £500,000.
- Civil Monetary Penalties (CMPs) are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
- Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the ICO.
- To report a concern to the ICO, visit ico.org.uk/concerns.
Latest News from
Information Commissioner's Office
Blog: Openness by Design: ICO’s access to information strategy is published for consultation15/01/2019 14:25:00
Gill Bull introduces the ICO’s proposed strategy for the next three years and invites comments to help inform a final version to be launched later in 2019.
SCL Elections prosecuted for failing to comply with enforcement notice10/01/2019 12:10:00
SCL Elections Ltd, also known as Cambridge Analytica, has been fined £15,000 for failing to comply with an enforcement notice issued by the Information Commissioner's Office (ICO).
Law changes on pension cold calling10/01/2019 09:20:00
Cold calls about pensions are now illegal in some circumstances following a change in the law.
ICO begins action against care homes for failure to pay new data protection fee18/12/2018 14:10:00
The Information Commissioner’s Office (ICO) has begun formal enforcement action against care homes that have failed to pay the data protection fee.
India-UK Future Tech Festival12/12/2018 15:15:15
Elizabeth Denham's speech to the India-UK Future Tech Festival in New Delhi.
Six month prison sentence for motor industry employee in first ICO Computer Misuse Act prosecution12/12/2018 12:20:00
A motor industry employee has been sentenced to six months in prison in the first prosecution to be brought by the Information Commissioner’s Office (ICO) under legislation which carries a potential prison sentence.
A statement from Information Commissioner, Elizabeth Denham in support of International Human Rights Day 201811/12/2018 09:10:00
This year is the 70th anniversary of the signing of the Universal Declaration of Human Rights (UDHR), which exists to create equal dignity and worth for every person.
Blog: Sleigh-ing the Christmas GDPR myths07/12/2018 14:10:00
In the latest of our series of GDPR myth-busting blogs, a new post by Deputy Commissioner (Policy) Steve Wood tackles some misconceptions which have sprung up around how the new data protection law might affect your Christmas.