New ICO fine sends out fresh warning over email consent

DataIQ News

The Information Commissioner's Office has sent out yet another warning to companies which use generic online privacy policies to gain consent for future marketing activity after dishing out a £50,000 fine to the London company behind two marketing websites, and

Xerpla sent nearly 1.26 million emails promoting products and services as far ranging as dog food, wine, competitions and boilers on behalf of other companies.

But an ICO investigation found that Xerpla did not have the right consent needed from people to send the emails, even though they had subscribed to both sites.

When subscribing to the sites, customers had been told their details could be shared with other organisations by way of a generic statement in a privacy policy. This did not legally qualify as people giving their consent to receive the messages because it was not clear and specific enough. Both websites have now gone offline.

The ICO tightened the rules on email consent following a  2015 ruling by the First-Tier Information Rights Tribunal, which effectively outlawed the use of third-party information unless it can be proved prospects have opted in to receive marketing from other brands.

ICO head of enforcement Steve Eckersley said: “There are rules in place to protect people from the irritation, and in some cases anxiety and distress, spam texts and emails cause.

“People need to be properly informed about what they are consenting to. Telling them their details could be passed to ‘similar organisations’ or ‘selected third parties’ cannot be relied upon as specific consent.

“[Xerpla] should have taken responsibility for ensuring they had obtained clear and specific consent for the sending of the messages. They didn’t and that is unacceptable.”