Fortis Insolvency Limited – Unsolicited Text Messages – £30,000 fine and enforcement notice
On 28 June, the ICO issued an enforcement notice and fined Fortis Insolvency Limited (FIL) £30,000 for sending 558,354 unsolicited marketing SMS messages without valid consent in breach of Regulation 22 of PECR. FIL is a company within the financial sector offering advice to individuals and companies who are facing financial issues.
SMS messages are a type of “electronic mail” and as such, the rules under PECR which apply to email marketing also apply to texts (as well as video messages and direct messages via social media). In short, Regulation 22 requires that organisations do not send unsolicited text marketing messages to individuals unless they have provided their prior consent or they are an existing customer who bought (or negotiated to buy) a similar product or service from the organisation previously and the organisation gave them a simple way to opt out both at the time their details were initially collected and in every message sent (i.e. the soft opt in exemption). Sole traders and some partnerships are treated as individuals. However, these rules do not apply to text marketing messages sent to individuals at corporate entities (e.g. a company, government body or limited liability partnership) although it is recommended good practice to keep a “do not text” list of any businesses that object and to screen any new marketing lists against that.
Mobile users can report the receipt of unsolicited marketing texts to Mobile UK’s Spam Reporting Service and the ICO is provided access to this data which is used to identify organisations in breach of PECR.
In this case, FIL came to the attention of the ICO as a result of this complaints data from Mobile UK. One text which had been received by an individual indicated the refusal of a loan application but with a further offer of a debt relief plan. On further investigation, the ICO discovered that 810 complaints had been made to Mobile UK over a 12 month period regarding FIL’s text messages (although none had been reported on the ICO’s website). All of the messages sent during the investigation period included links to FIL’s website, with instructions for how individuals could opt out.
FIL confirmed that the data used to send the marketing texts was made up from multiple sources, namely one of FIL’s websites or from three third party websites. The ICO concluded that on FIL’s own websites, the individuals needed to proactively enter their details before FIL contacted them and on this basis, the text messages would be treated as solicited and therefore outside of PECR. However, with respect to the data provided by the third party websites, the ICO found that there was no opportunity to opt in or out of marketing on these sites, no mention that any contact would be made by text and no mention of FIL as a third party who would receive and use the data for marketing purposes.
FIL tried to argue that these texts were also solicited by the individual but the ICO concluded that the individuals entering their details on these third party sites were not sufficiently informed that by doing so they were requesting solicited marketing from FIL – as such they would be viewed as unsolicited marketing and subject to PECR and consent would be required which in this instance, had not been obtained. The ICO considered that the number of complaints submitted to the Mobile UK service relating to FIL (8353 in all) and the fact that these continued after the ICO had notified FIL about its investigation were an aggravating factor in determining the fine.
To read more please see the enforcement notice published on the ICO’s website.
For further information, please contact:
Ruth Boardman, Partner, Bird & Bird
ruth.boardman@twobirds.com