EE fined by ICO for sending unlawful texts

EE has been fined £100,000 by the ICO for sending 2.5 million unconsented direct marketing messages to its customers. We explain what companies should watch out for when sending direct marketing messages.

 The messages, sent in early 2018, encouraged customers to access and use the ‘My EE’ app to manage their account and also to upgrade their phone; the second batch of messages was sent to customers who had not engaged with the first.

The telecoms company stated during the investigation that it had sent the text messages to provide service information so they were not covered by electronic marketing law. However, the ICO ruled that the messages contained direct marketing, as they contained promotional material.

 When can a company send direct marketing messages? 

Andy White, ICO Director of Investigations said: ”These were marketing messages which promoted the company’s products and services. The direct marketing guidance is clear: if a message that contains customer service information also includes promotional material to buy extra products for services, it is no longer a service message and electronic marketing rules apply. … EE Limited were aware of the law and should have known that they needed customers’ consent to send them in line with the direct marketing rules. … Companies should be aware that texts and emails providing service information which also includes a marketing or promotional element must comply with the relevant legislation or could face a fine up to £500,000.”

Dr Bostjan Makarovic, Aphaia Partner, comments: “Companies sending direct marketing emails or text messages must either obtain explicit consent or enable opt-out both at the point of gathering contact details and in each individual message they send. Moreover, if relying on opt-out, any marketing is restricted to similar goods and services that are offered by the same company.”

EE acknowledges and accepts the ICO’s findings and decision, moving forward they are working on improving their process. “We’re committed to ensuring our customers are fully aware of their options throughout the life of their contract, and we apologise to the customers who received these messages.”

Do you require assistance with GDPR and Data Protection Act 2018 compliance? Aphaia provides both GDPR adaptation consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing.

Leave a Comment

(0 Comments)

Your email address will not be published. Required fields are marked *