Grove Pension Solutions Ltd is a UK-based company that helps people get “pension releases,” i.e. getting money out of their pensions. The company uses a vendor to conduct lead generation. That vendor would identify individuals who had given consent to get messages on a variety of third party websites (including for example, None of the individuals had a relationship with Grove, and the consents did not specifically name Grove. Grove sent almost 2 million messages to individuals following this process, after obtaining advice that doing so was compliant with applicable laws.

The ICO disagreed, and in its Monetary Penalty Notice, indicated Grove had violated UK law, which holds that companies cannot send unsolicited direct marketing emails unless certain exceptions apply. None of those exceptions were applicable in this instance, however, according to the ICO. In reaching its conclusion the ICO stressed that “indirect consent” is not sufficient for texts, emails or automated calls; this includes the insufficiency of a reference to getting messages from third parties generally (as was done here). The ICO recognized that Grove’s actions were not done deliberately to violate the law, that the total number of complaints were minimal, that the time frame was fairly contained, and that Grove cooperated with the ICO.  For these reasons, a monetary penalty of £40,000 was deemed sufficient.

Putting it Into Practice: This case is a reminder that companies should take care to ensure that they have obtained appropriate consent for sending marketing messages.