The UK’s data protection authority, the ICO, recently fined marketing firm Everything DM Ltd for sending almost 1.5 million marketing emails without obtaining sufficient consent as required by the UK’s Privacy and Electronic Communications Regulations. In particular, the company sent messages on its clients behalf, the messages appeared to the recipient to come from the client, not Everything DM Ltd, yet Everything DM could not establish for the ICO that either it or its clients had obtained consent. Of concern to the ICO was that Everything DM merely “relied on the consent of third parties but didn’t take reasonable steps” to make sure that the appropriate consents were in place.

Everything DM has paid a £60,000 fine, and the ICO has served them with an enforcement notice to comply with the law in the future.

Putting it Into Practice: This case is a reminder that the regulators -including the ICO- are looking closely at whether company’s are using information in compliance with the law. We anticipate we may see more such actions in the future.