A Welsh firm has been handed a £60,000 fine for spamming more than 270,000 pay-day loan texts around Christmas 2016.
The UK's data protection watchdog doled out the penalty to STS Commercial Limited – which is registered as an IT service provider – after finding that the biz didn't have consent to send the messages, which elicited 268 complaints.
The 274,423 messages, sent between November 2016 and January 2017, riffed on the festive season, with offers along the lines of: "This is Mia from CashKittyYou're APPROVED to apply TODAY100 for 11/weekGet paid before xmas, repay in JaneSee [URL]" [sic].
However, under the Privacy and Electronic Communications Regulations (PECR), firms can only send such direct marketing bumph if they have the right consent from the would-be recipients.
In this case, STS tried to rely on consent gained by a third party, but had failed to carry out sufficient due diligence checks to ensure the data complied with PECR – and neither could provide evidence to support any such consent.
The Information Commissioner's Office was alerted to this incident after an unrelated meeting with telephone networks revealed that unsolicited marketing activity had been identified across a network originating from Bridgend.
But it isn't the first time the firm has been on the ICO's radar – it was investigated in 2015 for sending masses of unsolicited texts.
The ICO said the firm and its directors had been "repeatedly reminded" of their obligations under PECR, sent direct marketing guidance and told about the commissioner's powers.
For failing to heed this advice, and for spamming the 270,000-plus people, the ICO handed down a £60,000 fine – slightly below the median value of £75,000 of all PECR fines handed out between 2010 and April 2018.
If it pays by 7 August, it can pay a reduced rate of £48,000. ®