In an unusual reversal for the Information Commissioner’s Office, direct marketing company Xerpla Ltd has successfully appealed against an ICO fine of £50,000 against it for allegedly sending out over 1.25 million unsolicited marketing emails. The First-tier Tribunal found that in fact recipients had consented to receive such emails from Xerpla as part of signing up to its two websites, one offering discounts/deals and the other offered news of promotional competitions. The ICO argued that the consent given had not been sufficiently “informed” to comply with PECR (the Privacy and Electronic Communications Regulations), but the Tribunal disagreed – the types of communications that subscribers were likely to receive from Xerpla, including offers from third parties, was obvious from the context, i.e. the nature of the two websites. The Tribunal also took note of the small number of complainants – just 14 – as an indication that most subscribers had regarded the emails that they had received as legitimate. The £50,000 fine was therefore quashed.
Before direct marketers get too excited, however, it should be noted that the Xerpla case was rather unusual – its mailing lists being purposely generated by subscriptions to its own websites, rather than bought in from third parties for example. More fundamentally, the Tribunal made its ruling based upon the pre-GDPR definition of consent, which the new Regulation has now tightened – requiring for example “a clear affirmative act”. So the ruling should not be taken by direct marketers as an indication that they can relax when it comes to obtaining proper consent.
Xerpla subscribers consented to, and knew they were consenting to, the direct marketing of third party offers for all kinds of products and services (including all kinds of competitions). That is why they subscribed to these sorts of website: they knew both the ‘who by’ and the ‘what for’, as demonstrated by the very low rate of complaints.