The ICO's investigation concluded that Tempcover failed to comply with Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), which makes it unlawful to use a customer's contact details to instigate unsolicited marketing communication without gaining their 'freely given' consent through a specific medium of communication or a soft opt-in mechanism. This is permitted under Regulation 22(3) PECR where customers have not specifically consented to email communication but the organisation collects the contact details for 'the marketing of similar goods and services' and 'provided that customers are given the ability to opt-out of that marketing'.Customers looking for an insurance quote on Tempcover's website were prompted to insert their details and agree to the terms and conditions and privacy policy without the ability to opt out of marketing campaigns. Tempcover therefore tried to use 'legitimate interest' as basis for their unlawful actions.
The ICO found that Tempcover's actions "essentially made agreement to marketing a condition of service" as they were automatically registered for SMS and emails when providing their contact details for the purpose of obtaining a quote. Their consent was not freely given. Therefore, legitimate interest could not be relied upon when consent to direct marketing was not freely given.
The inability to choose a preferred medium of communication for direct marketing purposes meant that consent was not 'specific' enough for PECR and could not be relied upon.
In its the decision to impose such a high fine, the ICO considered the aggravating factors that Tempcover would have financially benefitted from their marketing campaign and that it ought to have known the risks of unsolicited direct marketing as Tempcover had its own 'training materials which made specific reference to PECR and the need to comply with data protection legislation.' However, Tempcover's implementation of new measures allowing customers to opt out were considered as a mitigating factor by the ICO.