On November 26, 2021, the Court of Justice of the EU (“CJEU”) held in Case C-102/20 that the display of advertising messages in an electronic inbox in a form similar to that of an actual email constitutes direct marketing, and therefore is subject to EU Member States’ rules on direct marketing (see press release here

According to a leaked draft, on November 4, 2021, the Council of the European Union (“Council”) and the European Parliament (“Parliament”) agreed a number of amendments to the following three chapters of the draft ePrivacy Regulation, which will replace the ePrivacy Directive 2002/58/EC and has been pending since January 2017):

  • Chapter III (End-Users’ Rights

The UK Information Commissioner’s Office (ICO), which enforces data protection legislation in the UK, has fined a company £20,000 (approximately 24,000 USD / 23,000 EUR) for not exercising sufficient due diligence when buying and using marketing databases.

The ICO found that over 580,000 individuals’ contact details had been obtained by The Data Supply Company Ltd (“TDSC”) from sources such as financial institutions and competition websites, and then sold on to third parties.  This had led to at least 21,045 unsolicited text messages and 174 complaints.

Because the data was used for direct electronic marketing (by email, SMS, etc.), TDSC was not entitled to rely on its data sources’ generic consent requests, such as “We may share your information with carefully selected third parties where they are offering products or services that we believe will interest you”, nor even fuller notices that disclosed “long lists” of general categories of possible recipients of the data.
Continue Reading UK Company Fined For Buying And Selling Non-Compliant Marketing Databases

The UK’s data protection regulator, the Information Commissioner’s Office (“ICO”), has imposed a fine of £350,000 on Prodial Ltd (“Prodial”) for making over 46 million unsolicited automated telephone calls to generate leads in relation to payment protection insurance refunds.  This is the highest fine issued by the ICO to date.
Continue Reading Company Receives Record Fine from UK Regulator For Cold Calling

By Helena Marttila-Bridge and Colin Warriner

On 10 September 2013, the UK’s Information Commissioner (ICO) released new guidance on direct marketing.  The paper canvasses the marketing rules found in the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, with the aim of helping companies to comply with the law when engaging in direct marketing activities.  Those activities remain broadly understood, and include the delivery of all promotional materials, including those with only a small marketing element, materials promoting not-for-profits like charities or political parties as well as market research activities if their real purpose is promotional.  Direct marketing also encompasses traditional forms of marketing (e.g., telesales, mailshots) as well as newer methods (e.g., online marketing and social networking).  However, the ICO suggests that advertising not targeted at particular recipients, such as website advertising that appears the same to all site visitors, is not covered by the direct marketing rules.

Continue Reading The ICO Publishes New Guidance on Direct Marketing

On 20 March 2013, the UK Information Commissioner’s Office (ICO) announced that it had issued a fine of £90,000 against DM Design, a Glasgow-based kitchen and bedroom fitting company, for breaching the Privacy and Electronic Communications Regulations (PECR) by making thousands of unwanted direct marketing calls.  This fine, made two years after the ICO was first granted the power to issue fines of up to £500,000 for serious breaches of the PECR, apparently marks the start of a new enforcement campaign against companies breaching the PECR.  The ICO stated in its announcement that the fine against DM Design will not be “an isolated penalty,” and confirmed that twelve other companies also are now under investigation for direct marketing breaches, and that two of these will apparently receive “significant penalties” over the coming weeks.

Continue Reading ICO Issues Fine of £90,000 for Breach of PECR