Vanquis Bank Limited fined £75k for breach of direct marketing rules

Wake Smith Solicitors 17 October 2017

Vanquis Bank Limited has been fined £75,000 by the Information Commission Office (ICO) for breach of the Data Protection Act (‘DPA’) and electronic communications (EC Directive) Regulations 2003) (‘PECR’).  There are some interesting lessons to be learned for other organisations, particularly in the light of the forthcoming GDPR (General Data Protection Regulation) and new Data Protection Act changes.

Matters first came to the ICO’s attention when it received 15 complaints from individuals about unsolicited marketed text messages.  That placed it in the ICO’s ‘monthly threat assessment’ as a priority to investigate.  So far as text messages are concerned, the ICO are keen to ensure that Regulation 22 PECR and its guidance is complied with.  Organisations cannot send, or instigate the sending of marketing text messages unless the recipient has notified that sender that he consents to messages being sent by it, or at its instigation.   Consent will not be specific enough if individuals have previously been asked to agree to receive marketing messages from ‘selected third parties’ or ‘trusted parties’ or other similar generic description.  The Bank’s defence was that data had been purchased from a global marketing company and that the contractual agreement stated that they or their suppliers have obtained all appropriate consents as required under PECR.  By this time further complaints relating to unsolicited direct marketing texts had been received.  The Bank was required to prove the consent.  They were unable to do so for all complainants.  They also relied on indirect consent but were unable to evidence that specific consent had been given.  The ICO was satisfied that the Bank did not have consent under PECR.

By then there were complaints about direct marketing emails.  Again the Bank was unable to provide any evidence for clear and specific consent.  Indirect consent had been obtained through various affiliates and sub-affiliates and was insufficient for the purposes of the ICO’s direct marketing guidance.

Having found breaches of the DPA and PECR, the ICO was satisfied that the contraventions were serious.  Over 10 months 870,849 direct marketing text messages was sent without individuals consent and in 5 months 620,000 direct emails was sent without consent.  The Bank did not deliberately intend to contravene Regulation 22 PECR.  However, they were negligent.  There are some useful pointers from the decision:-

  • The ICO found that the issue of unsolicited text/email messages has been widely publicised by the media as being a problem. Organisations, particularly of the Bank’s size, should have been aware of its responsibilities;
  • Reasonable steps could have been taken to prevent the contraventions. The ICO publishes guidance regarding PECR and direct marketing.  Guidance makes it clear that particular care must be taken when relying on ‘indirect consent’ and it is not acceptable to rely upon assurances given by third parties without undertaking proper due diligence;
  • The contract between the Bank and the third party was insufficient. The Bank failed to take reasonable steps to ensure that the consents obtained were clear, specific and valid.  Reasonable steps that could have been taken included ensuring that data lists were not bought unless there was proof of opt-in consent specifically naming or clearly describing the organisation; and carrying out small sampling exercises to assess the reliability of data purchased.

In the circumstances the appropriate, reasonable and proportionate fine levied under current legislation was £75,000.

By way of reminder, current fine limits are £500,000.  Following GDPR which takes direct effect on 25 May 2018 and the passing of the new Data Protection Act which is currently in draft form, the level of fines will increase to a maximum of €20m or 4% annual global revenue, whichever is the greater; although the maximum fines are intended to relate to serious breaches.

For further information please contact Holly Dobson on 0114 224 2121 or at [email protected]

Tags

Archive

December 20245November 20245October 20246September 20245August 20245July 20243June 20243May 20245April 20242March 20247February 20242January 20248December 20236November 20232October 20233September 20232August 20234July 20232June 20235May 20237March 20234February 20235January 20233December 20225November 20224October 20224September 20223June 20221May 20227April 20223March 20223February 20223January 20224December 20214November 20213October 20214September 20216August 20212July 202111June 20218May 20216April 20212March 20218February 20218January 20219December 20208November 202013October 20208September 20208August 20203July 20208June 202016May 202011April 20206March 202016February 20208January 202011December 20199November 20199October 201911September 20195August 20194July 20196May 20198April 20196March 20193February 20195January 20194December 20186November 20185October 20182September 20185August 20184July 20189June 20184May 201810April 20185March 20184February 20184January 20183December 20175November 20178October 20177September 20179August 20175July 20176June 201710May 20175April 20178March 201711February 20176January 201710December 20169November 20167October 201610September 201610August 20166July 20167June 20163May 20162April 20166March 20162February 20164January 20165December 20153November 20155October 20156September 20156August 20157July 20157June 20157May 20156April 20159March 20156February 201510January 20156December 20145November 20144October 20142September 20143May 20144March 20146February 20144January 20142December 20132November 20133September 20134July 20132June 20132May 20133April 20131March 20133February 20133January 20136December 20121November 20123October 20122August 20122July 20128June 20123April 20123March 20121January 20124December 20112November 20111October 20112September 20113August 20113July 20117June 20119May 20117April 20115March 20119February 20118January 20111December 20101October 20102September 20102August 20103July 20106June 20101May 20102April 20106March 20102February 20103January 20102December 20095November 20092October 20092September 20092August 20091July 20095June 20095May 20093April 20093March 20093February 20091January 20092November 20082October 20082September 20081August 20083July 20081January 20082

Featured Articles

Contact us