ICO fines online recruitment agency £130,000 for unlawful marketing


2 mins

Posted on 20 Apr 2023

ICO fines online recruitment agency £130,000 for unlawful marketing

The ICO has fined Join The Triboo Limited (“JTT”) £130,000 for unlawful marketing through sending spam emails without valid consent

ICO investigations

The ICO found that online recruitment agency JTT sent 107 million spam emails to 437,324 people between August 2019 and August 2020. These emails were marketing emails and JTT had not obtained the individuals’ valid consent prior to sending them (in breach of the Privacy and Electronic Communications Regulations 2003). On average, the affected individuals received 244 emails in one year.

Data for the marketing campaign was sourced through five separate websites operated by JTT, and then collated for the campaign. On three of the websites, the consent statement was not specific, simply stating; “I agree with marketing activity”. The ICO found this did not inform individuals on what marketing activity would take place, via what means, nor who the marketing would be by or on behalf of. It also found the purported consent statement on the other two websites was neither specific nor informed.

ICO issues a fine

The ICO deemed JTT’s marketing campaign to be unlawful, and found it did not properly seek permission from the people it chose to bombard with marketing emails. It therefore did not have a lawful basis to send the marketing communications and therefore, due to the extent of the breach, the ICO issued a £130,000 fine. It also issued an enforcement notice to prevent JTT sending any unsolicited communications for direct marketing without obtaining valid consent in advance.

The ICO updated its direct marketing guidance last year, and it keenly scrutinises the practice, evidenced by it issuing over £2 million in penalties against companies responsible for nuisance calls, texts and emails, in 2022. Proper consents must be in place before any such marketing takes place.

What steps should recruitment companies take to avoid this issue?

Recruitment companies, like all other data controllers and data processors, must comply with applicable data protection legislation. They should audit their data processing activities, including marketing, to check that they are operating within the law.

If you need help with a recruitment or data protection issue, visit our page on legal services for the recruitment sector for more information or contact our specialists below who will be happy to help you.

Declan Bradley

Based in both the City and the UK's South West Declan is an Employment Lawyer with a focus on advising employers and senior executives across a range of industries including technology, media and finance. Declan has over a decade of experience as a UK lawyer, having worked at an international firm before joining Doyle Clayton in 2015.

  • Partner
  • T: +44 (0) 782 518 3655
  • Email me

View profile

Mike Hibberd

Mike is an employment and data privacy law expert advising both organisations and senior individuals on a wide range of human resources and related issues.

  • Legal Director
  • T: +44 (0)118 951 6765
  • Email me

View profile

The articles published on this website, current at the date of publication, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your own circumstances should always be sought separately before taking any action.

Back to top