UK spam-texting tax consultancy slapped with £200k fine
Generic privacy policies won't get you valid consent, says ICO
A London firm that sent 14.8 million spam SMSes without consent has been fined £200,000 by the UK’s data protection watchdog.
Tax Returned Limited had attempted to send many more than that – some 22.7 million – but not all the texts were received. They were issued between July 2016 and October 2017, sparking more than 2,100 complaints from the recipients.
The firm told the Information Commissioner's Office that it had received valid consents to send the messages, which had been sent via a third-party service provider.
Tax Return Limited said it doesn't purchase any data for these types of messages, doesn't directly obtain consent and isn't involved the actual sending of the message – it's all done by the other biz.
The firm couldn't provide evidence for any consent having been given for some, while for others it claimed consent had been gathered via privacy policies on certain websites.
However, the ICO ruled (PDF) that the wording of the policies wasn't clear or precise enough for people to understand they would receive direct marketing messages advertising the firm's services.
In most cases, the policies didn't even mention Tax Returned Limited or the third-party service provider by name.
The ICO added that Tax Returned Limited couldn't point the finger at its third-party provider, pointing out that firms have to do due diligence and draw up contracts with those they are working with.
By not doing this, and failing to ensure it had the right to text the people it spammed, the firm broke the Privacy and Electronic Communications Regulation – landing it with a £200,000 fine.
"Firms using third-party marketing services need to double-check whether they have valid consent from people to send promotional text messages to them," said Steve Eckersley, ICO director of investigations.
"Generic third-party consent is also not enough and companies will be fined if they break the law." ®
Sponsored: Becoming a Pragmatic Security Leader