ICO (UK) - The Money Hive Limited
|ICO (UK) - The Money Hive Limited|
|Relevant Law:||Article 4(11) GDPR|
Data Protection Act 1998
Privacy and Electronic Communications (EC Directive) Regulations 2003
|Parties:||The Money Hive Limited|
|National Case Number/Name:||The Money Hive Limited|
|European Case Law Identifier:||n/a|
|Original Source:||ICO (in EN)|
The UK DPA issued a €60,000 (GBP 50,000) fine against a loan broker for making unsolicited direct marketing text messages in violation of provision 22 of the UK Privacy and Electronic Communications (EC Directive) Regulations 2003.
English Summary[edit | edit source]
Facts[edit | edit source]
The Money Hive Limited (TMHL) is a company that calls itself "a short term loan lender and broker for other lenders and financial service providers". Mobile UK is an entity representing the interests of mobile subscribers in the UK. Mobile UK has a Spam Reporting Service, and subscribers can report a spam message by forwarding the spam message to Mobile UK.
In September 2020, numerous unsolicited text messages by Money Hive were reported. The Investigating Officer ascertained nine separate message scripts promoting high-interest payday loans. The messages contained links to websites operated by TMHL and were sent to people who had “previously applied online for a loan with a TMHL-operated website” but had left the process midway to due to any reason.
In response to the ICO’s letter seeking information and documentation about consent provided by the subscribers, TMHL stated the following:
• It had used the services of two platform providers to send the messages.
• Between 1 January 2020 to 8 September 2020, a total of 752,425 text messages were received by subscribers.
• TMHL divided consent into two categories: “a) Individuals consent to being notified of their loan application results via SMS; and b) individuals consent to future marketing from it and "select 3rd parties" via separate tick boxes.” It added that "a very small number of customers might not realise that the messages are direct responses to their loan application and consider them to be marketing texts".
The ICO considered the 'customer journey' documents provided by TMHL and noticed two opt-in statements. Opt-in 1 was accessible after a customer had clicked 'apply now' on the respective website and had entered their contact details. It had the following text, followed by three separate optional tick boxes for email/SMS/phone:
"LoanPig and our 3rd party partners would like to stay in touch with you via email and sms to send you reminders and occasional relevant offers, please tick below if you wish to receive this[. .. ]"
Before the ICO, TMHL gave evidence of subscribers having opted out of its messaging texts. It also explained the working of its messaging system and the number of messages being sent. On the aspect of messages containing links to third parties, TMHL stated that “they use alternative brokers to obtain a loan for their customers stating: "[t]his isn't promoting 3rd party websites and we are only paid a commission when the customer gets a loan, not for each lead sent for example so we consider this the same as sending a customer to an alternative lender's website where they may obtain a loan. To confirm, we do not receive any commission if the consumer does not apply online or find a product, so this is not marketing".” In addition, TMHL submitted to the ICO a “'Legitimate Interest Assessment' document in relation to these messages, which explained that their purpose was to provide an alternative short-term loan [through an alternative broker] when the individual's application to TMHL directly was unsuccessful.”
TMHL informed the ICO that they had started sending these messages from 12 March 2020. TMHL stated that it conducted regular due diligence, but it was on a face to face basis and there was no documentary record of the same.
Holding[edit | edit source]
The ICO concluded as following:
1. TMHL contravened Regulation 22 PECR by sending 752,425 unsolicited direct marketing text messages that were received by subscribers.
2. TMHL’s marketing was not solicited as “in order to proceed with the online application, individuals had no choice but to agree to receive an undefined number of contacts via text, email and telephone from TMHL and its third-party partners.” The same is also evident from the high number of complaints received regarding TMHL’s messages.
3. Messages sent by TMHL were direct messages and not service messages as the messages “advertised the availability of loan products from both TMHL and third-party providers [and] can be appropriately defined as falling within the definition of direct marketing as prescribed by Section 122(5) DPA18.”
4. A valid consent needs to be “freely given” and the organisation will have to demonstrate how “the consent can be said to have been given freely.” This was not the case with TMHL as it “did provide a separate set of optional opt-in boxes for individuals who might wish to agree to marketing in the future.”
5. No specific consent was present in this case as individuals “were not able to select the method by which they may wish to receive direct marketing, with agreement to being potentially contacted by text message, email and/or telephone, being a requirement.”
6. “Consent will not be "informed" if individuals do not understand what they are consenting to.” Consent will not be valid if “if individuals are asked to agree to receive marketing from "similar organisations", "partners", "selected third parties" or other similar generic description.” Moreover, “subscribers were denied the chance to select which, if any, of the potential third-parties it might wish to receive marketing messages about.”
7. TMHL could not rely on soft opt-in exemption under the PECR as “individuals were unable to opt out of receiving these particular direct marketing messages at the point at which their details were taken, since agreement to receipt of these messages was a condition of service.”
The contravention by TMHL was considered to be serious due to the high number of messages resulting in a total of 1,360 complaints. However, the contravention was not considered to be deliberate. Nevertheless, the ICO found TMHL to be negligent as it did not take “thorough steps to understand and implement marketing procedures that are compliant with the legislation.”
Thus, the ICO fined TMHL €60,000 (£50,000) for making unsolicited direct marketing text messages in violation of Regulation 22 PECR.
Comment[edit | edit source]
Share your comments here!
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the English original. Please refer to the English original for more details.