Earlier this month, the Information Commissioner’s Office (ICO), issued a fine against Vanquis Bank after it sent almost 1.5 million spam emails and texts to recipients who had not consented to being sent the marketing messages. 

The fine resulted from the bank's breach of Regulation 22 of the Privacy and Electronic Communications Regulations (PECR). 

Regulation 22(2) of PECR states "... a person shall neither transmit, nor instigate the transmission of, unsolicited communications for the purposes of direct marketing by means of electronic mail unless the recipient of the electronic mail has previously notified the sender that he consents for the time being to such communications being sent by, or at the instigation of, the sender."

"Consent" within the meaning of PECR, requires the recipient to have notified the sender that he/she consents to messages being sent to them by the sender. 

General consent such as 'your details may be passed to similar organisations or selected third parties’ cannot be relied upon. 

Appropriate consents were not obtained by the bank in this case.  Vanquis acquired the marketing lists used to send the messages from third party organisations and had not checked whether the correct level of consents had been obtained. 

Using marketing lists acquired from third parties is particularly high risk. This enforcement action highlights the need for brands and marketers to do thorough due diligence to ensure that they have the necessary consents before any communications are made.  

ICO Head of Enforcement Steve Eckersley said: “There are rules in place to protect people from the irritation, and in some cases anxiety and distress, spam texts and emails cause. People need to be properly informed about what they are consenting to."