The Information Commissioner’s Office (ICO) issued a Monetary Penalty Notice (MPN) to Monetise Media Limited (MML) in the sum of £125,000 for a breach of the Privacy and Electronic Communication (EC Directive) Regulations 2003 (PERC).
Monetise Media Ltd v Information Commissioner [2024] UKFTT 959 (GRC)
Background
MML operates an online marketing platform. The platform brings together advertisers who have products and services to sell and affiliates who process the personal data of people who may want to buy the products and services. MML does also advertise its own products on the platform. One of the products advertised during the period in question included financial services under the name, Lemon Loans.
Two affiliates, Evolution Marketing (UK) Limited and AudienceServ GmbH, sent over 4 million marketing messages in relation to Lemon Loans. The ICO found that these messages were sent without valid consent, as individuals were either automatically opted-in or the wording of the opt-in was too broad to be considered valid consent.
MML accepted that the messages were sent without valid consent but denied instigating the messages in accordance with Regulation 22 of the PERC. MML appealed to the Tribunal.
Regulation 22(2) of the PERC states:
“a person shall neither transmit, nor instigate the transmission of, unsolicited communications for the purposes of direct marketing by means of electronic mail unless the recipient of the electronic mail has previously notified the sender that he consents for the time being to such communication being sent by, or at the instigation of the sender.”
MML argued that they did not instigate direct marketing communications and that all they did was allow advertisers to register the products on the platform in a similar way to a manufacturer putting a product in a wholesaler.
The Tribunal disagreed with MML’s analysis. They found that not only did MML facilitate the transmission, but also paid affiliates commission for doing so. They therefore did instigate the transmission of unsolicited communications within the meaning of Regulation 22(2) of the PERC.
In deciding upon the amount of the MPN, the ICO considered the volume and duration of the contravention. They then considered any mitigating/aggravating factors. The Tribunal generally agreed with this approach but noted that when calculating the seriousness of the contravention, the ICO had used the wrong figure for the volume of messages. Whilst the ICO did notice this mistake and reduced the fine by £5,000, there was no rationale behind this decision, and they did not go back and recalculate the starting figure. The Tribunal also disagreed with the ICO’s analysis that the breach was deliberate.
The Tribunal agreed that the breach was serious but reduced the penalty to £85,000 considering the volume of messages and the mitigating factors.
Comment
This is a useful reminder that it is possible to appeal a decision made by the ICO. It is also a helpful reminder of the way in which penalties are calculated for breaches of the PERC.
How can we help?
Ruby Ashby is a Senior Associate in our expert Dispute Resolution team, specialising in data breach claims, inheritance and Trust disputes and defamation claims.
If you need any advice, please do not hesitate to contact Ruby or another member of the team in Derby, Leicester, or Nottingham on 0800 024 1976 or via our online enquiry form.
Contact us