Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
The Information Commissioner’s Office (ICO) has concluded investigations into a Bradford-based credit loan company after 285 complaints were made over unwarranted ‘nuisance’ text messages.
Provident Personal Credit Ltd reportedly employed third party vendors to send 999,057 text messages to promote their services. The text messages were unwarranted as the recipients had not agreed to receive such correspondence for marketing purposes.
Unless an organisation obtains clear and direct consent from a recipient they are, by law, not permitted to “transmit, nor instigate the transmission of, unsolicited communications for the purposes of direct marketing by means of electronic mail”.
The text messages were sent with the intention of promoting the company’s brand, Satsuma Loans. However, in doing so, Provident breached Data Protection (DPA) and Privacy and Electronic Communications Regulations (PECR).
The ICO’s monetary penalty notice provides that consent must be “freely given, specific and informed indication signifying the individual’s agreement.” This was reportedly not obtained by Provident, and in the ICO’s investigations, the company could not prove they had any evidence of prior consent.
The 285 complaints were made over a 6-month period. Individuals received texts like the below:
Provident did not send these texts themselves; they paid a third-party vendor to do it for them, who then instructed their own third party vendors to send some of the texts.
During the six-month period, Money Gap Group Ltd reportedly sent 868,393 of these texts, and Sandhurst Associates Ltd sent the remaining 130,664. The texts promoted Provident’s services and provided a web link to direct them to Provident’s credit loan agreement website.
The ICO concluded their investigations and found that Provident had breached regulation 22 of PECR and were responsible for the 999,057 unsolicited communications. Although the company did not send these texts themselves, the ICO found that Provident paid third parties to send them, with the aim of promoting Provident, and to direct people to its website in order to obtain more customers.
The ICO therefore believes Provident is the sufficient instigator of the unsolicited messages.
As the instigator of these promotional text messages, it’s Provident’s responsibility to obtain consent. The ICO recognises that such consent was never obtained and the company knew, or ought to have reasonably known, that in instructing the third parties to send the mass messages they would be breaching PECR and DPA regulations.
Provident cannot shift responsibility to the third party and must undertake proper due diligence.
The £80,000 fine was issued to encourage both Provident and others to comply with PECR regulations in seeking consent before sending out mass electronic correspondence. Methods of direct marketing must not be abused as no-one wants to constantly receive an abundance of adverts and promotions by text or email.
Steve Eckersley, heard of ICO’s enforcement department, thinks the warning is clear:
“The law is clear. You can’t send marketing texts to people who have not signed up to receive them. Being bombarded with texts you didn’t ask for and don’t want is an intrusion into people’s privacy, an irritation and, in the worst cases can be upsetting.”
Eckersley has little tolerance of companies who abuse their position as a data controller by “sending nuisance texts, whether they do it themselves or employ someone else to do it for them.”
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020