Company fined £120,00 for breaching data protection rules on marketing consent

The Information Commissioner’s Office (ICO) has fined a creditor broker business, Digitonomy Ltd, for sending millions of marketing text messages to people without proper consent.

Following a number of complaints, it was discovered that Digitonomy Ltd was using affiliate marketing companies to send out millions of texts messages offering cash loans.

An example of the consent wording used by the affiliate marketing companies reads “you consent to us and our trusted partners contacting you by SMS, mail, email, telephone and automated message”.

Under the Data Protection Act 1998 specific permission from individuals is needed if you want to send them marketing messages via text.

This case shows the serious financial consequences for businesses if they do not comply with the UK data protection rules on consent.

Tips on how to comply with the consent requirements

1. Individuals must be given specific information about what they are consenting to. Simply stating you will share data with ‘third parties’ is unlikely to be sufficient.

2. Individuals should positively indicate their agreement for data sharing, for example, by ticking a box on a website. Passive behaviour, such as silence, is unlikely to constitute valid consent.

3. Individuals should be able to give their consent freely and exercise a real choice to opt-in to data sharing. Make sure you do not threaten negative consequences to individual who do not give consent, for example by only giving discount offers to those who opt in.

In May 2018, the General Data Protection Regulations (GDPR) will come into force. These new regulations will alter the way that data is managed and stored.

If you would like more information on data protection or the GDPR, please contact our Data Protection team.