A price worth paying? Conservatives fined £10,000 for spam emails

On 3 June, the Information Commissioner’s Office (ICO) announced that it had fined the Conservative party £10,000 for sending direct marketing emails without consent.

The party had sent over one million emails during an eight-day period in July 2019, soon after Boris Johnson had become Prime Minister. The personalised emails, purporting to be from the new PM, urged supporters to join the party. However, not all of the recipients had consented to receive such messages. The ICO received 51 complaints, and the party was unable to show that any of these individuals had consented to receive marketing emails.

Given the failures uncovered by the ICO’s investigation, it is likely that there were many more recipients who had not consented to receiving the emails. Nevertheless, during the period in which it was under investigation, the party undertook a further email marketing push as part of its successful 2019 general election campaign, sending another 23 million emails. Again, it is likely that not all recipients would have provided consent.

It is a breach of the Privacy and Electronic Communications Regulations to send marketing emails to individuals without valid consent. There is a limited exception which allows commercial organisations to send marketing to their own customers who have not opted out, but this would not apply to political parties.

On the surface, therefore, this looks like a simple case for enforcement action. However, it took the ICO nearly two years to issue the fine, during which the party benefited from continuing to send huge volumes of potentially unlawful marketing emails. Part of the reason for this lengthy delay was the party’s own repeated failures to respond to the ICO. Although this latest action is against the Conservative party, the ICO has previously highlighted concerns about the data protection practices of all the UK’s major political parties.

Businesses which work hard to comply with the laws made by our politicians may be forgiven for wondering whether a £10,000 fine in this case is really a meaningful deterrent. Or, to borrow a famous quote from a past Conservative chancellor, perhaps the fine for breaking the rules was merely ‘a price worth paying’.

Photo credit:  Ink Drop / Shutterstock.com
EmailTwitterFacebookLinkedIn
Disclaimer: Nothing in the Legal Insights section and this blog is intended to provide legal or other professional advice and, if readers are interested, they should consider taking separate legal or other professional advice accordingly.

Jon Belcher

Specialist in Data Protection & Information Governance

E: [email protected]
T: +44 (0)845 257 9449