Prior to the “Brexit” vote in 2016, the pro-Brexit campaign, Vote Leave, sent almost 200,000 unsolicited texts in violation of the Privacy and Electronic Communications Regulations (PECR), according to a recent settlement it reached with the ICO. Under those regulations, as the ICO outlines in its PECR guidance, consumers must either have opted into receiving texts or they must already be an existing customer who “bought . . . a similar product or service” in the past.

Here, during an almost six month period in 2016, 32 consumer complaints were made about Vote Leave’s text messages. In response to the ICO’s questions about how consent to send the texts was obtained, Vote Leave explained that the numbers were obtained from consumers in three different ways. First, on its website. Second, those who had texted Vote Leave. And third, those who had entered a promotion. Vote Leave, however, indicated to the ICO that it had not kept records or any evidence of consent. The ICO concluded that the messages violated the PECR, and did not fall into a “pre-existing relationship” exception because Vote Leave had failed to provide “evidence to suggest that the exception” would apply.

Putting it Into Practice: Companies sending text messages should re-examine not only how they have obtained consent, but also ensure that records are kept of that consent.