On November 28, 2012, the UK Information Commissioner’s Office (“ICO”) issued monetary penalties totaling £440,000 to two owners of a marketing company that sent millions of unlawful spam SMS text messages over a period of three years.

Following an 18 month investigation, Christopher Niebal and Gary McNeish, the owners of Tetrus Telecoms (“Tetrus”), have been ordered to pay £300,000 and £140,000, respectively. The ICO received more than 400 complaints in relation to Tetrus, which sent as many as 840,000 illegal SMS text messages a day, earning a daily income of £7,000 to £8,000. During the course of the investigation, the ICO raided Tetrus’ premises and Niebel’s home. Tetrus also faces criminal prosecution for having failed to register as a data controller as required by the Data Protection Act 1998. The penalty for failing to register is a fine of up to £5,000 if prosecuted in the magistrates’ court, or an unlimited fine if prosecuted in the Crown Court of England and Wales.

Under the UK electronic direct marketing rules, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (the “Privacy Regulations”), marketers are prohibited from sending unsolicited electronic communications (including emails and SMS text messages) without prior consent, or disguising or concealing the sender’s identity. The spam messages sent by Tetrus breached both of these provisions of the Privacy Regulations.

The ICO’s website has a dedicated section on unwanted marketing calls, texts and faxes which allows the public to lodge complaints online. Information Commissioner Christopher Graham stated today that the ICO will continue its “crackdown” on spamming using “the full force of the law.” The ICO has been empowered to issue fines of up to £500,000 for serious breaches of the Privacy Regulations since January 2012. The monetary penalties against Tetrus are the first issued using these powers, but the ICO has announced that it is considering issuing penalties against three other companies believed to have similarly breached the Privacy Regulations’ marketing rules.