Leave.EU are back in the news. This time in connection with a “spam sandwich”. Hopefully that’s whetted your appetite… although if you’ve ever tried spam, then perhaps not.

Anyway, this is all about an interesting case in the First-tier Tribunal (Information Rights), which saw Arron Banks’ Brexit campaign group Leave.EU and one of his companies (Eldon Insurance Services Ltd, trading as GoSkippy) on the losing side of their appeal against various ICO enforcement notices relating primarily to unsolicited marketing emails.

During the Brexit campaign, Leave.EU signed up a number of willing subscribers to its political newsletter. What these subscribers didn’t Bank on was receiving a whole host of advertising for Eldon’s insurance products wedged between the political news – hence the so-called “spam sandwich”.

In the appeal, the Tribunal said that whilst the campaign group might have had the right to send the newsletter, as that was what people had signed up for, it didn't have consent to send marketing for Eldon’s insurance products and were therefore in breach of the Privacy and Electronic Communications Regulations (or “PECR”), which set out the rules on e-marketing.

For those interested in the mechanics of the e-marketing rules (if not, look away now), several key points, or perhaps useful clarifications, came out of the appeal:

  1. If you obtain consent to send someone a political (or any other type of) newsletter, this consent cannot act as a Trojan Horse for any unsolicited marketing you may want to send. The marketing material for Eldon’s insurance products ultimately “infected” the newsletter.
  1. There is no “primary purpose test”. Just because the majority of an email may be “news”, this doesn’t legitimise the inclusion of unsolicited marketing, regardless of how much or how little there may be of it.
  1. It is not enough for a marketer to include a line in their privacy policy saying they may send people “what we feel may interest you”. This wording is far too ambiguous to be relied on.
  1. Eldon was also culpable on the basis that it had “instigated” the sending of the marketing message. Whilst Leave.EU had sent the message, Eldon had some degree of control over the marketing content (through Mr Banks' influence), and this represented a “positive form of encouragement to transmit the offending material”.

The above principles are not new, but it is useful to have a Tribunal decision that refers to all these points so emphatically (especially one that includes a reference to a “spam sandwich”).

The upshot is that businesses need to ensure that their consent/sign-up language is broad enough, but also clear enough, to cover the content that they wish to send. References to a “newsletter” are, and have always been, ambiguous – the term implies “news”, but it is often used as a catch-all to include marketing.

Care also needs to be taken to ensure subscribers understand whose marketing is being sent. Is it the sender’s? A third party’s? Or both? Just whose spam sandwich is it anyway?

(Credit to @hopkinsrobin who gave a great summary of this appeal case at the recent 11KBW information law conference and who has a great post on the wider issues coming out of this case on the Panopticon blog.)