• by Ray Schultz , September 6, 2018

An email service vendor has been fined £60,000 by the UK Information Commissioner’s Office (ICO) for sending 1.42 million emails without consent. The case shows that service providers also face penalties for privacy compliance failures.

Everything DM Ltd. used its direct marketing system, called Touchpoint, to send emails for clients in 2016 and 2017, the ICO contends. The emails gave the impression that they "were sent directly by the clients,” it adds.

The company could not prove that people had given consent to receive emails from itself or the clients, the ICO continues.

The ICO also charges that EDML relied on third parties for consent.

The company has been served with an Enforcement Notice requiring it to comply with the Privacy and Electronic Communications Regulations (PECR). GDPR is probably ust as tough as that older law.

“Firms providing marketing services to other organizations need to double-check whether they have valid consent from people to send marketing emails to them,” states Steve Eckersley, director of investigations for the ICO.