February 24, 2020

February 24, 2020

Subscribe to Latest Legal News and Analysis

UK ICO Settles with Marketer Over Unsolicited Email Messages

Grove Pension Solutions Ltd is a UK-based company that helps people get “pension releases,” i.e. getting money out of their pensions. The company uses a vendor to conduct lead generation. That vendor would identify individuals who had given consent to get messages on a variety of third party websites (including for example, soapboxsurvey.co.uk). None of the individuals had a relationship with Grove, and the consents did not specifically name Grove. Grove sent almost 2 million messages to individuals following this process, after obtaining advice that doing so was compliant with applicable laws.

The ICO disagreed, and in its Monetary Penalty Notice, indicated Grove had violated UK law, which holds that companies cannot send unsolicited direct marketing emails unless certain exceptions apply. None of those exceptions were applicable in this instance, however, according to the ICO. In reaching its conclusion the ICO stressed that “indirect consent” is not sufficient for texts, emails or automated calls; this includes the insufficiency of a reference to getting messages from third parties generally (as was done here). The ICO recognized that Grove’s actions were not done deliberately to violate the law, that the total number of complaints were minimal, that the time frame was fairly contained, and that Grove cooperated with the ICO.  For these reasons, a monetary penalty of £40,000 was deemed sufficient.

Putting it Into Practice: This case is a reminder that companies should take care to ensure that they have obtained appropriate consent for sending marketing messages.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...