The Information Commissioner’s Office (ICO) has clarified the meaning of ‘informed consent’ to receive direct marketing, in a monetary penalty notice issued to Xerpla. The ICO fined Xerpla £50,000 for sending over 1.2 million unsolicited marketing emails to individuals between 6 April 2015 and 20 January 2017, advertising products and services for or on behalf of third parties.

The ICO found that Xerpla had infringed the UK Privacy and Electronic Communications Regulations (PECR) by not obtaining valid consent, as recipients were not sufficiently informed. Consent, to be valid, must be specific and informed, freely given and involve a positive indication to signify agreement.

The ICO stated that for consent to be informed individuals must first understand what they are consenting to. Therefore companies should use language that is clear, understandable and not hidden in another document such as a privacy policy or terms and conditions. Secondly, individuals should not be asked to agree to marketing from generic categories of organisations such as ‘similar organisations’, ‘partners’ or ‘selected third parties’. Thirdly, consent should not be based on a long exhaustive list of general categories of organisations because it will be difficult to show that the consent was specific enough to be valid.

The ICO fined Xerpla £50,000 for negligently breaching regulation 22 of PECR, by sending unsolicited emails to individual subscribers without consent.

Click here to read the monetary penalty notice in full.