Leads Works lands £250,000 fine for sending marketing messages without consent
What level of fine are you looking at for sending mass marketing messages without consent?
The key takeaway
Take great care over who you partner with on data marketing campaigns. They may not be as strong on data compliance as they (and in turn you) think they are. Running some basic due diligence checks is a must if they claim to be relying on marketing consents obtained themselves or through other third parties.
On 1 March 2021, West Sussex-based Leads Works Ltd (LWL) were issued with a £250,000 fine for sending 2,670,140 marketing text messages, between 16 May 2020 and 26 June 2020, to individuals without their consent in breach of Regulation 22 of the Privacy and Electronic Communications Regulations 2003 (PECR). The messages resulted in excess of 10,000 complaints over a period of 14 days.
LWL is a lead generation company which operates primarily in the “multi-level marketing” sector. It generates leads under the Avon cosmetics brand for the purpose of enlisting downstream recruits to sell Avon products. These leads are then passed directly to independent Avon sales representatives for further contact in terms of recruitment.
LWL first came to the attention of the ICO in connection with complaints about text messages seemingly sent by Avon Cosmetics. The investigation found that Avon did not send or instigate the texts.
LWL were contacted, but not investigated at that time. LWL then came to the attention of the ICO again during the COVID-19 pandemic, when a significant number of complaints were received about the following text message: “In lockdown and want to earn extra cash? Avon is now FULLY ONLINE, FREE to do and paid weekly. Reply with your name for info. 18+ only. Text STOP to opt out”. At this stage, complaints started to be received in significant numbers prompting the ICO to open an investigation in May 2020.
The ICO’s investigation
LWL provided information relating to the purchasing of their data sets and the contractual structure of their working relationships with their partners, as well as evidence of their GDPR policies and purported evidence of consumers opting in. In respect of the latter, LWL explained that they had received most of their data sets from one provider’s data capture website. This website consisted of a landing page to opt-in, a privacy notice and an option to unsubscribe. A link on the website presented individuals with a further list of 457 distinct organisations from whom individuals could expect to receive marketing communications. LWL was not included in this list. Furthermore, the ICO found the website to be vague and confusing and the consent statement lengthy and digressive. It also prevented individuals from submitting their details without checking “at least one” marketing channel. Unsurprisingly, the ICO concluded that the consent was not freely given, specific and informed.
In deciding to impose a substantial monetary penalty, the ICO took account of the seriousness of the contravention as well as other aggravating factors. For example, the ICO noted that the text messages misleadingly appeared to be sent by Avon Cosmetics Limited, when in fact they were not responsible for these. LWL subsequently accepted that it had deliberately failed to identify itself in the body of the texts as the sender. The ICO also highlighted that LWL had continued to run the marketing campaign both during and since the conclusion of the ICO’s investigation, with no attempt to amend or review its practices – this was despite having received a Notice of Intent from the ICO that its practices were deemed non- compliant. This resulted in an additional 28,000 complaints being lodged using a SPAM reporting tool in place from August 2020. To add to the ICO’s frustration, LWL repeatedly indicated that they were compliant with PECR and had a long- standing commitment to compliance, which was found to be blatantly untrue as a result of the investigation. The ICO stated, among other things, that LWL had not been completely open and transparent in relation to the enquiry and had failed to inform the ICO in its response to enquiries about marketing methods that it had also conducted email marketing. The ICO failed to find any mitigating factors.
Why is this important?
The ICO’s investigation and the penalty imposed shows the importance of obtaining freely given, specific, informed and unambiguous consent before sending any marketing communications to consumers. It also highlights the dangers of relying on third parties to obtain consent and of failing to be completely transparent with the ICO with an investigation and acting quickly when compliance errors are identified.
Any practical tips?
Be careful who you partner with to run your data marketing campaigns! The case underlines the need to carry out due diligence into their marketing practices, rather than simply relying on contracts terms. This is especially the case where your partner is relying on marketing consents derived from a third party’s database – always a compliance red flag!
And remember it’s the brand name, which is tarnished by aggravating marketing tactics, not the agency you partner with.