Two firms were fined £225,000 after sending millions of unsolicited marketing texts and emails
Two UK companies have been fined a combined £225,000 for sending millions of unsolicited marketing messages in breach of electronic communications law.
The penalties were issued by the Information Commissioner’s Office following investigations into unlawful marketing activity carried out in 2023 and 2024.
Allay Claims Ltd, based in Newcastle-upon-Tyne, was fined £120,000 after sending more than 4 million marketing text messages between February 2023 and February 2024. The messages promoted PPI tax refund services and were sent without valid consent. The regulator found that the company could not rely on the “soft opt-in” exemption, as recipients had not been given a clear and simple opportunity to refuse marketing when their details were collected.
The investigation established that the messages were clearly promotional in tone, encouraging recipients to make further claims and directing them to external landing pages. They were not service updates, as the company later suggested, but direct marketing communications designed to prompt action. During the investigation period, more than 46,000 complaints about these messages were submitted through the 7726 mobile reporting service. Complaints continued even after the company became aware of regulatory concerns.
ZMLUK Limited, formerly Zuru Media Ltd and based in Bristol, was fined £105,000 for sending more than 67 million marketing emails between January and July 2023. The emails promoted a wide range of products and services, including energy-saving and solar-related offers. They were sent using personal data sourced primarily from third parties, without recipients having provided valid consent.
Individuals signing up through the data source were presented with a list of 361 partner companies and were not given any meaningful way to choose which organisations could contact them. The regulator concluded that this approach did not allow for informed or specific consent. Although the emails were sent on behalf of another company, ZMLUK was found to be responsible as the sender and failed to carry out adequate checks on how consent had been obtained.
Andy Curry, Head of Investigations at the Information Commissioner’s Office, said that nuisance marketing messages are more than a minor irritation and can cause real distress. He emphasised that businesses must only send marketing communications to people who have freely and knowingly agreed to receive them, adding that vague or third-party consent is insufficient under the law.
Under Regulation 22 of the Privacy and Electronic Communications Regulations, organisations may only send marketing texts or emails with valid consent, unless all conditions of the soft opt-in exemption are met. The regulator said it would continue to take enforcement action where organisations fail to comply.