August 19, 2019

August 16, 2019

Subscribe to Latest Legal News and Analysis

UK’s ICO Brings Texting Enforcement Action, Fines Vote Leave 40,000 Pounds

Prior to the “Brexit” vote in 2016, the pro-Brexit campaign, Vote Leave, sent almost 200,000 unsolicited texts in violation of the Privacy and Electronic Communications Regulations (PECR), according to a recent settlement it reached with the ICO. Under those regulations, as the ICO outlines in its PECR guidance, consumers must either have opted into receiving texts or they must already be an existing customer who “bought . . . a similar product or service” in the past.

Here, during an almost six month period in 2016, 32 consumer complaints were made about Vote Leave’s text messages. In response to the ICO’s questions about how consent to send the texts was obtained, Vote Leave explained that the numbers were obtained from consumers in three different ways. First, on its website. Second, those who had texted Vote Leave. And third, those who had entered a promotion. Vote Leave, however, indicated to the ICO that it had not kept records or any evidence of consent. The ICO concluded that the messages violated the PECR, and did not fall into a “pre-existing relationship” exception because Vote Leave had failed to provide “evidence to suggest that the exception” would apply.

Putting it Into Practice: Companies sending text messages should re-examine not only how they have obtained consent, but also ensure that records are kept of that consent.

Copyright © 2019, Sheppard Mullin Richter & Hampton LLP.


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...