Information Commissioner’s Office fines for unsolicited marketing texts & selling customer’s details

Meet the team:

Share this post: linkedin Twitter facebookshare Email
Posted in:Corporate and Commercial|December 8, 2015 | Join the mailing list

Two recent fines, issued by the Information Commissioner’s Office (ICO), should act as a warning for businesses that are not up-to-speed on the law regarding data protection and direct marketing.

One fine of £200,000 was issued to Help Direct UK Ltd under the ICO’s new enforcement powers, brought in by the Privacy Regulations 2015 (the “Regulations”).

Help Direct UK Ltd sent thousands of unsolicited texts as a marketing exercise, in breach of the new Regulations. The unsolicited texts prompted 6,758 complaints in one month. The fine is the first instance where the ICO has used its new powers.

The ICO took action after Help Direct UK Ltd remained in breach of an earlier ICO enforcement notice, requiring it to comply with the Regulations. It is reported that the ICO “considers unsolicited text marketing a matter of significant public concern”.

A second fine of £130,000 has been issued by the ICO to Pharmacy2U, for selling 21,500 of its customer’s details, without their informed consent. This is the first fine ever issued for an activity which breaches the first data protection principle within the
Data Protection Act 1998 (the “Act”), regarding the fair and lawful processing of data. 

When customers registered, Pharmacy2U provided them with the option to sign out of marketing emails, but its privacy policy (where it explained the steps to opt out of personal data being sold to third parties) was not readily accessible.

The fine to Pharmacy2U is a warning to data controllers (i.e. those persons who are responsible for holding and handling people’s personal data). Data controllers should ensure that data handling information should be clear, prominent, and explain how the data
will be used and who it will be shared with. Furthermore, there must be a simple way for people to express how they wish their personal data to be used.

With the ICO being granted new powers and a willingness to act in ways in which it has not done before, all businesses who are data controllers for the purpose of the Act need to ensure they are compliant with the Act’s principles. Additionally, businesses
should take note of the ICO’s warning regarding compliance with the Regulations. So, if you are thinking of sending unsolicited marketing texts, think twice.

Should you have any queries regarding data protection or direct marketing, please contact Stephen Foster, Partner and Head of the Corporate and Commercial Department at or by telephoning 0161 833 9211.

The information and opinions contained in this article are not intended to be comprehensive, nor to provide legal advice.  No responsibility for its accuracy or correctness is assumed by berg or any of its partners or employees.  Professional legal advice should
be obtained before taking, or refraining from taking, any action as a result of this article.

Join our mailing list

More from berg


"berg made it easy. Contract drafted, signed and exchanged in 3 days."

Andrew Lenney, MD, We Are Leads

“Ian, your hard work and, in particular, your commercial advice have been invaluable. At times it has felt like everybody was conspiring against us; the Courts, fate, the other side, and you have been steadfast. I am also grateful to Michael Miller who was excellent”.

Commercial Litigation client, anonymous