BT fined £77k for sending spam charity emails
ICO imposes penalty on telecommunications giant after it is declared guilty of failing to follow legal guidelines on sending of unsolicited charity appeal emails.
BT has been fined £77,000 by the Information Commissioner’s Office (ICO) after it unlawfully sent almost 5 million ‘nuisance’ emails that promoted three charity initiatives it supported to its customers.
The investigation found that the telecommunications company did not have its customers’ consent to send direct marketing emails to their supplied email accounts – an act which is against the law said Head of Enforcement at the ICO, Steve Eckersley.
”Organisations have a responsibility to ensure they are acting within the UK law – where they do not, the ICO can, and will, take action,” Eckersley warned. “This particular investigation was prompted by a concerned member of the public. The ICO investigated the matter and uncovered the full extent of this activity. It shows how important it is for people to report [instances of] nuisance emails.”
The 4.9 million emails were sent to customers between December 2015 and November 2016. The three charity initiatives that they promoted were the BT platform My Donate, along with Giving Tuesday and Stand Up to Cancer.
During the investigation, BT accepted that emails for Giving Tuesday and Stand up to Cancer were not send within the bounds of the law, but the company disputed the assessment that the My Donate emails constituted forms of direct marketing.
The ICO, however, found that all of the three emails that were mass-sent constituted marketing and were not simply ‘service’ messages. These messages were found to have been delivered to recipients who had not given the necessary consents, and were therefore sent in breach of regulation 22 of the Privacy and Electronic Communications Regulations (2003).
These regulations sit alongside the Data Protection Act. They give people specific privacy rights in relation to electronic communications. There are specific rules on:
- Marketing calls, emails, texts and faxes.
- Cookies (and similar technologies).
- Keeping communications services secure.
- Customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.
In its assessment the ICO found that, although BT did not deliberately break the rules, it should have been aware of the risks and that the company failed to take ‘reasonable steps to prevent them’.