14 DAY TRIAL // Eye-care company Optical Express sent unsolicited short text messages to its customers and has been notified by the Information Commissioner’s Office (ICO), Britain’s privacy watchdog, to refrain from this activity.
The notification came after 4,609 individuals complained about receiving text messages from the company promoting a competition for winning a free laser eye surgery.
Customers complained for a period of seven months
Consent from the customers was not given for using their phone number for any sort of marketing campaign, including one coming straight from the company.
Andy Curry, Enforcement Group Manager at the ICO, said that “using people’s data without their consent is not acceptable” because it constitutes a breach of the Privacy and Electronic Communications Regulations (PECR).
According to the Regulations, which came into force on December 11, 2013, direct marketing without the agreement of the recipient represents a contravention and the sender is notified to refrain from continuing the spamming activity.
Direct marketing is defined as “communication (by whatever means) of any advertising or marketing material which is directed to particular individuals.”
The complaints from Optical Express customers were received by ICO for a period of seven months, between September 10, 2013 and April 1, 2014. These came either directly or through the 7726 spam text reporting service.
Company has the right to an appeal
The Enforcement Notice from ICO was sent to Optical Express on December 19, 2014, and the company is expected to stop the spammy communication without the consent of the recipient within 35 days from receiving the notice.
The company has the right to appeal the decision and can file the papers in a period of 28 days from the sending date of the notification. ICO believes that no damage was done to the customers as a result of the spam delivery.
Optical Express was not fined for its activity, but behaving this way in the future is likely to attract a monetary penalty from the Information Commissioner’s Office.
In UK, entities that handle personal information must do it in agreement with the Data Protection Act and make sure that processing the data is done for limited purposes and is not excessive, not store it for a longer time than necessary, keep it secure, and refrain from transferring it to other countries without ensuring proper in-transit protection.