ICO Enforcement Updates (PECR) - June 2023

Join the Triboo Limited – Unsolicited marketing e-mails - £130k fine and enforcement notice

On 12 April 2023, the ICO issued an enforcement notice and fined Join the Triboo Limited (JTT), a job search website provider, £130,000 for sending over 107 million unsolicited direct marketing emails to 437, 324 individuals between August 2019 and August 2020 without the appropriate consents in place. Each individual received on average 244 emails during the relevant period.

JTT came to the ICO’s attention in 2020 during an investigation into another company, Leads Work Limited (LWL), which resulted in a monetary penalty against LWL for unsolicited direct marketing messages. LWL had told the ICO that it purchased its data from a number of suppliers including JTT, which sourced the data from the websites it operated. The ICO then subsequently decided to investigate JTT’s practices further even though the ICO had not received any specific complaints from individuals themselves.

JTT advised the ICO that personal data was collected from a registration form on its websites which contained two checkboxes, firstly asking for a broad consent to receive marketing communications (“I agree to marketing activity: Yes/No”) and secondly asking for consent to transfer personal data to a list of third parties contained within the privacy policy. This privacy policy also explained that JTT carried out marketing for third parties which may operate in any business sector and also that individuals may be contacted by email within certain (broad) categories. 

The emails which JTT sent between August 2019 to August 2020 were all hosted marketing emails whereby JTT hosted the marketing of third party companies to its own distribution lists, relying on the consent individuals gave to receive marketing from JTT.  The emails appeared to come from the company being hosted with the only reference to JTT being contained in a small disclaimer at the foot of the email. The emails varied in content but included claims management, insurance, real estate, utility switching and online courses.

The ICO found JTT to be in breach of Regulation 22 PECR as the consents were not “specific” as to the type of marketing communication to be received, and the organisation or specific type of organisation that would be sending it and as a consequence, were also not “informed”. 

Consent will not be valid if individuals are asked to agree to marketing from or on behalf of “similar organisations”, “partners”, “selected third parties” or other generic descriptions.
This decision is a timely reminder for organisations to think carefully about their marketing consent language particularly if they carry out hosted marketing activities on behalf of other companies.

Ice Telecommunications Ltd - Unsolicited marketing calls - £80k and enforcement notice

On 16 May 2023 the ICO issued an enforcement notice and fined b2b telecommunications solutions provider, Ice Communications Ltd (Ice) for making 72,682 unsolicited direct marketing calls to businesses registered with the CTPS (Corporate Telephone Preference Service) or TPS (Telephone Preference Service) between 13 September 2021 and 31 January 2022.

It is against the law for companies to make live marketing calls to anyone signed up with the CTPS or TPS unless the individual has consented to receive the call.

The ICO received 30 complaints regarding Ice, and the TPS stated that it had written to Ice on 19 different occasions about these complaints, but received no response.

During the ICO's investigation, it was discovered that Ice could not provide contracts with third-party suppliers of marketing lists that showed CTPS and TPS numbers were being suppressed. Additionally, Ice continued to make illegal calls even while under investigation.

Consequently, the ICO imposed a fine of £80,000 on Ice and issued an enforcement notice, ordering Ice to cease making calls to numbers registered with the CTPS and TPS.

UK Direct Business Solutions Limited - Unsolicited marketing calls - £100k and enforcement notice

On the 16 May 2023 the ICO fined business energy consultancy, UK Direct Business Solutions Ltd (UKDBS) for making 410,369 unsolicited direct marketing calls to businesses registered with the CTPS or TPS between 1 March 2020 and 31 October 2021.

The ICO received 96 complaints regarding UKDBS, and the TPS contacted the company 17 times, providing details of the complaints. Complainants highlighted the rude and argumentative nature of the calls.

During the ICO's investigation, UKDBS was unable to provide evidence that it screened the details it sourced from the internet against the TPS register or had any reference to electronic marketing laws or the TPS/CTPS register in its training materials.

As a result, the ICO imposed a fine of £100,000 on UKDBS. These fines reinforce the ICO’s insistence of protecting customers and businesses from unwanted direct marketing calls.