The Information Commissioner’s Offce was first alerted to the activities “scientific customer acquisition” firm Koypo Laboratories in 2018, after it received a raft of complaints about the Islington company and its Simple PPI Claims brand sending unsolicited emails.
The regulator’s investigation found that affiliate websites, where Koypo claimed consent had been obtained, did not name the company or make it clear that people may receive marketing about PPI claims.
The sites relied on providing consent to “third parties” and “partners”, which was deemed as too general to demonstrate valid consent by the ICO.
In total, the company was found to have sent more than 21 million spam emails between March 1, 2017, and March 31, 2018.
In conclusion, the ICO report maintained Koypo did not “deliberately contravene” the Privacy & Electronic Communications Regulation (PECR) but “failed to take reasonable steps to prevent the contraventions”.
The firm has been ordered to pay a £100,000 penalty by September 4, although though as is standard practice, the fine will be reduced by 20% to £80,000 if Koypo coughs up before September 3.
ICO’s investigations group manager Natasha Longson said: “Spam emails cause nuisance and disruption to people’s lives. This firm failed to follow the rules about lawful marketing and so we took action. I would urge anyone bothered by nuisance emails, texts or calls to report them to the ICO.”
Following the fine, Koypo has assured the ICO that it has suspended its email marketing campaigns and instructed a law firm to develop procedures around compliant handling of data under PECR. It also runs a telemarketing operation.
Meanwhile, its website now claims that each day it generates 3,500-plus leads and analyses 525,000 data points.
‘Reckless’ firm called 270,000 consumers on the TPS
At last, ICO issues the first PECR penalty in six months
Rogues go free as nuisance call crackdown is sidelined
Half of last year’s £2m fines for PECR breaches unpaid
Show us the money: £7m in ICO fines still outstanding