The Information Commissioner’s Office (ICO) has fined AFK Letters Co Ltd (AFK) £90,000 for making more than 95,000 unsolicited marketing calls to people registered with the Telephone Preference Service (TPS), in a clear breach of electronic marketing laws.
AFK Letters is a company which writes letters seeking compensation and refunds for its customers.
Between January and September 2023, AFK used data collected through its own website and a third-party telephone survey company to make 95,277 marketing calls without being able to demonstrate valid and specific consent from the people contacted. Despite AFK claiming it could not provide evidence of consent because it deleted all customer data after three months, when challenged by the ICO, it was also unable to provide consent records for several calls made within a three-month timeframe.
One of the complainants about the company stated that they had not consented to receive the calls:
“…claimed she had information showing I might be due a refund in relation to my solar panels as the supplier had gone bust (which isn’t true.) She knew my name… I explained I had not consented to receive such a call which was an intrusion and asked her to remove me from the list.”
AFK’s third-party data supplier was using consent statements which did not specifically name AFK when asking the public for consent to be called. Additionally, AFK’s own privacy policy only mentioned contact by email, and did not state that people would also receive phone calls.
An ICO investigation found that AFK failed to comply with Regulation 21 of the Privacy and Electronic Communications Regulations (PECR), which requires organisations to have clear, informed and specific consent before making unsolicited direct marketing calls.
Andy Curry, Interim Director of Enforcement and Investigations at the Information Commissioner’s Office, said:
“AFK made calls to those registered with the Telephone Preference Service, and failed to keep proper records of consent for those it was calling as well as failing to properly disclose to people what they would be consenting to. This is a fundamental requirement of responsible and legally compliant direct marketing.
“This fine should serve as a clear warning to and learning for other organisations: if you cannot demonstrate valid consent for people on the Telephone Preference Service, you should not be contacting people. If people are being asked for consent to be contacted, it should be absolutely clear what this is for.
“It is vital that other companies utilising direct marketing have robust systems in place to protect people’s privacy and comply with the law.”
The ICO reminds people to report nuisance calls and check that their TPS registration is up to date. Organisations are also urged to review their direct marketing processes to ensure they comply with data protection law.
