Blog details

Two companies fined by the ICO, for sending millions of nuisance text messages during the COVID-19 pandemic.

Two companies fined by the ICO, for sending millions of nuisance text messages during the COVID-19 pandemic.

The ICO has issued fines to two companies for over 2.7 million spam messages sent out during the pandemic. 


Between May and July, 2020, two companies sent out a total of 2.7 million spam text messages in the midst of the global COVID-19 pandemic. This resulted in several thousand complaints, including a record 10,000 complaints from one of the two companies. A total of £330,000 in fines has been issued to the two companies by the ICO.


The first of the two companies fined by the ICO is a West Sussex-based company whose messages resulted in a record number of complaints.


A West Sussex-based company, Lead Works has incurred a fine of £250,000, and an enforcement notice from the ICO. The company sent more than 2.6 million nuisance text messages to customers between 16 May and 26 June 2020,  without their valid consent. These messages resulted in over 10,000 complaints, a record high. 


A lead company for financial and debt management products was also fined for sending messages attempting to profiteer from the pandemic. 


Valca Vehicle Ltd, a company in Manchester, has been fined £80,000. The Company currently operating as ‘Debtquity’, generating leads for debt management products, managed to send more than 95,000 text messages from June to July 2020 without the consent of the recipients. These messages were designed to appeal to individuals whose finances were adversely affected by the health crisis, and resulted in several complaints to the ICO. 

The companies fined by the ICO violated the PECR, and in the Commissioner’s opinion, attempted to profit from the health crisis. 


Regulation 22 of the Privacy and Electronic Communications Regulations (PECR) prohibits the sending of unsolicited communications by means of electronic mail, as well as text messages to individual subscribers, with very few exceptions.  Under the PECR, the ICO has the power to impose penalties of up to £500,000. The messages sent by these companies referenced the pandemic and lockdown, and in the Commissioner’s view, were a clear attempt to profit from and capitalize on the current health crisis. Some of these messages resulted in a record number of complaints. 


Both companies were fined and issued enforcement notices ordering them to stop sending those messages.


Andy Curry, ICO Head of Investigations, said “We have issued a number of fines recently to companies that have used the pandemic as a way of making money. Businesses think that they can exploit the pandemic in this way should think again. We can fine you and take action to recover that fine where necessary.” In addition to the fines, both of the companies involved have been issued enforcement notices and ordered to stop sending those messages. 


Does your company have all of the mandated safeguards in place to ensure compliance with the GDPR, PECR and Data Protection Act 2018? Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance.

Prev post
Transferencias de datos a Reino Unido: la Comisión Europea inicia un procedimiento para la adopción de dos decisiones de adecuación
March 10, 2021
Next post
La ICO multa a dos empresas por el envío de millones de mensajes de texto no solicitados durante la pandemia del COVID-19
March 12, 2021

Leave a Comment