SPAM, Consent, and Dorset Cereals

My SPAM campaign rumbles on, the flow of UK Based SPAM mercifully now stopping to a trickle. But wait! One pings into my inbox, from Dorset Cereals inviting me to “Win a spectacular cottage getaway!” on Friday the 24th of April.

I’m obviously less than pleased, so immediately send them a NBA informing them that they have sent me a commercial email contrary to the PECR, and then an exchange of emails takes place, cumulating in the latest one which accuses me of lying and deliberately signing up to their mailing list.

They claim; “We have not failed to comply with s22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003. The email which was sent to your email address on 24th April was, to the very best of our knowledge, sent with the consent of the recipient. We’d speculate, based on comments you make on your public blog, that you did personally sign-up on the 17th (and that you did so with a view to identifying any possible grounds on which to raise a spurious and opportunistic claim for monetary compensation) – and that we did therefore, until hearing from you on the 24th April, have your unequivocal consent.”

Now as many people know, that if I made a court claim based upon a claim that was not true, I would be guilty of perjury. To even make a claim such as this in a NBA is dodgy grounds, but the purpose of a NBA is to establish if there was consent in place. If I *had* signed up for the mailing list at some point in the past, then I would of course, then have been able to hold my hands up and say “whoops – my bad”, but that’s not the case here.

Dorset Cereals (Who are ABF Grain Products Limited) are going to be on the receiving end of a small claims action now once I’ve sorted some stuff out at work and have some free time again.

So, back to the other topic here – consent. Does anyone think that accepting blind input into a form on a website establishes consent? I don’t think so, as anyone could enter anybodys email address and sign it up. The provisions within S22 (2) for giving consent are quite clear; “Except in the circumstances referred to in paragraph (3), a person shall neither transmit, nor instigate the transmission of, unsolicited communications for the purposes of direct marketing by means of electronic mail unless the recipient of the electronic mail has previously notified the sender that he consents for the time being to such communications being sent by, or at the instigation of, the sender.”

They also refused to provide me with the IP address that supposedly signed the email address up to the list (I can only speculate that perhaps that IP address resolves to a known location of theirs, or to outside the UK), but as they’re playing the DPA game and claiming they cannot provide it, well, that’ll have to wait till we’re in court.

The key phrase is “previously notified the sender” which implies that there should be direct contact indicating consent. Their signup form is also flawed from the point of the PECR by featuring a pre-ticked opt-in box (Roddy Mansfield vs John Lewis told us that such action would not signify consent). The ICO says that best practice is to provide an unticked box.

If you’re considering data capture for a newsletter or other commercial venture, then I would strongly advise using double opt-in. Generate a single email to the subscriber with a unique link, and if they don’t respond to it within a time frame, discard the email address. That’s the safest way to obtain, and confirm consent. Don’t do what Dorset Cereals have done.

And if any other companies think that I would stoop low enough to sign up to your mailing list so I can sue you – I take this matter very, very seriously, and would caution you to be careful in your claims with me. If I’ve contacted you, it’s because I have a real and honest opinion that I have never signed up to your list.

Posted in SPAM


Leave a Reply


Powered by WordPress. Designed by Försäkra Online.