The UK’s electronic communications watchdog has just clamped down on a company accused of mass spamming.
Intelligent Lending Limited has been fined £130,000 (about $170,000) over the matter of close to 8 million unsolicited SMSes that it sent over a six month period in 2015.
The messages looked like this:
Ocean now offers a credit card powered by XXXXXX. www.oceanXXXXXX.co.uk/XXXX To opt out txt STOP to 81818.
According to the Information Commissioner’s Office (ICO), the spammers claimed that they’d complied with the letter and the spirit of the rules by buying in a list of mobile phone numbers for consumers who had already consented to receive SMS ads.
The ICO disagreed, arguing that consent couldn’t be that vague:
Consent within the meaning of [the relevant regulation] requires that the recipient has notified the sender that he consents to messages being sent by […] the sender.
Indirect, or third-party, consent can be valid but only if it is clear and specific enough.
The onus, said the ICO, is on the sender who buys in a mailing list to determine that the consent given by the people who are on that list is “sufficiently clear and specific” for the purpose at hand.
Just how specific this consent needs to be isn’t explicitly stated, but we’re assuming that if you’ve agreed to receive ads about hiking boots, then a sender who subsequently targets you with special offers for rucksacks or tents would probably be be in acceptable territory.
On the other hand, we’re guessing that a sender who tried to sell you credit – or plumbing services, or property investment opportunities – on the back of your interest in hiking would be overstepping the mark.
At any rate, in this case, the ICO judged that the sender didn’t have consent, and therefore knowingly contravened the UK’s rules about electronic messaging.
What you can do to help
There’s a popular, and understandable, perception that it’s just too hard, and not worthwhile, to try to report spam messages to the authorities, especially SPASMS (which is what we jocularly call spam that arrives via SMS).
However, there’s an easy way to make your voice heard in the UK: you can report SPASMS by simply forwarding them to the phone number 7726. (That short-code number is easy to remember: it spells out
In this case, reports to 7726 made a big difference.
The ICO treated this as a serious contravention because close to 2000 people actively flagged the messages as spam. (1896 used the 7726 short-code; 25 reported the messages directly to the ICO.)
If you’re a business, you can help at the other end of the messaging chain by taking your electronic marketing responsibilities seriously.
When it comes to the concept of “consent,” make as certain as you can that your recipients really have agreed to hear from people like you about the products and services that you’re trying to sell.
As fellow Naked Security writer Mark Stockley wryly put it, “Don’t ask if you can borrow someone’s bicycle and then take their car instead.”