ICO fines online recruitment firm for sending 107 million spam emails

The company sent out 107 million spam emails to 437,324 individuals between August 2019 and August 2020, and is the latest firm to be fined by the ICO over breaching marketing rules (the fine levied against the firm is £130,000/$161,000).

Andy Curry, Head of Investigations. Photo: ICO

Privacy and Electronic Communications Regulations 2003 make it illegal to send direct marketing to people without their explicit consent.

“It’s an issue many of us face – opening up our email inboxes and it being filled with emails we did not ask for or consent to. This shouldn’t just be considered a fact of life – it is against the law,” said John Curry, Head of Investigations at ICO.

On average, people received 244 emails from JTT each during the period in question.

Spam emails

JTT runs five websites, of which four are job advertisement websites. The data for the spam email campaign originated from these four sites:

uk.job-search.online;
uk.jobinaclick.net;
uk.jobs4you.website; and,
findajob.website.

The regulator has deemed the contravention of the rules in place deliberate, particularly given the fact that the firm is experienced and operating in a sector that poses a high risk to the rights and freedoms of individuals.

“JTT is an experienced host marketer and data supplier which has been operating in excess of 10 years, and so should have had a full understanding of the obligations imposed on them”.

“It’s an issue many of us face – opening up our email inboxes and it being filled with emails we did not ask for or consent to. This shouldn’t just be considered a fact of life – it is against the law.”
Andy Curry, Head of Investigations, ICO

“This company did not properly seek permission from the people it chose to bombard with spam emails. The company used job seeking websites as a key component in its unlawful campaign”, Curry added.

Faulty marketing calls

The fine imposed on Join the Triboo is one in a series of actions by the ICO in the last few months targeting marketing activities contravening rules.

In February It’s OK Ltd was fined £200,000 ($248,696) for making over 1.7 million unlawful calls over an 11-month period to people registered with the Telephone Preference Service (TPS). The TPS is the UK’s official ‘Do Not Call’ register for landline and mobile numbers, and it’s against the law to make live marketing calls to someone on this list.

The colume of calls meant that on average over three calls per minute were made – something the ICO called a “sustained and exploitative campaign”.

Some of the specific complaints illustrated the unpleasant nature of the campaign:

“They called my Mum (who is 82) & bambozzeled her into talking out an extended warranty on her 10-year-old washing machine – they talked into paying them £194 including VAT – I then sent them an e mail to cancel and they kept calling trying to get her to keep it – this is not ok”.
“They try to con you into thinking they are your washing machine insurers and it needs to be renewed and they need to check your bank details. I am insured with Domestic and General. When asked their name they hung up”.
“I have been mis-sold a Service Plan total cost of £194.40 for my washing machine. I was informed that my current service plan was due to expire and it needed to be renewed. I renewed it and I have been told that I am not eligible to receive an engineer visit for a service. It’s OK Ltd has received £194.40 from me a pensioner and will not provide a service. I think many people are scammed”.

In December, five businesses were fined a total of £435,000 ($537,636) for making close to half a million unlawful marketing calls to people registered with the TPS – with some calls appearing to be specifically directed at elderly vulnerable people.

In September, Halfords Limited was fined £30,000 ($37,000) for sending almost 500,000 unwanted marketing emails. This campaign connected to the government’s 2020 “Fix Your Bike” voucher scheme, worth up to £50 ($62) in any approved bicycle retailer or mechanics in England. Halford’s email campaign purported to inform people of the scheme, but also encouraged them to redeem the voucher at their chosen Halfords store. The ICO determined that Halfords could not rely on legitimate interest to send what was, in effect, a marketing email that would generate income for the company.

Marketing guide

The ICO released updated marketing guidance last year to help businesses who undertake this type of direct customer outreach. “Direct marketing has the potential to cause nuisance to people, and in some cases it can cause them harm and distress – which is why it’s important that you know how to comply with the law,” the ICO said.

In short, the ICO says that consent needs to be “specific” both in connection with the type of marketing communication as well as the organisation that’s sending it. It’s therefore important that organisations ensure that their language is easy to understand and read – and that the key information is not hidden in small print or in a privacy policy.

The ICO also makes very clear that “consent will not be valid if individuals are asked to agree to receive marketing from or on behalf of “similar organisations”, “partners”, “selected third parties,” or other similar generic descriptions.”

Privacy and Electronic Communications Regulations (PECR)

The Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act and the UK GDPR. They give people specific privacy rights in relation to electronic communications, with specific rules on:

marketing calls, emails, texts and faxes;
cookies (and similar technologies);
keeping communications services secure; and
customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.

Source: ICO

Read the PECR in full here.