The cost of spamming: Recruitment firm fined for sending 107m emails

The cost of spamming: Recruitment firm fined for sending 107m emails

The Information Commissioners Office has issued a fine of £130,000 to recruitment firm, Join The Triboo Limited.

In a press release issued on 14 April 2023, the ICO stated that the recruitment firm sent over 107 million spam emails to 437,324 people between August 2019 and August 2020 – meaning each individual would have received an average of 244 emails from the company during that year alone.

Join The Triboo Limited had not obtained the individuals’ consent before sending these emails.

It is illegal to send direct marketing to anyone without their consent, as stipulated in the Privacy and Electronic Communications Regulations 2003.

Senior data protection and privacy expert, Becky White, says:

This decision highlights the importance that the ICO places on ensuring that where an organisation is relying on ‘consent’ as a lawful basis to send direct marketing messages, consent statements must meet the requirements of GDPR and PECR i.e., they must be freely given, specific, informed and contain an unambiguous indication from the individual via an affirmative action.

The ICO also clarified that organisations should always use clear and intelligible language to explain to individuals what they are consenting to, and consent will also not be valid where individuals are asked to agree to receive marketing from broad, generalized categories of third parties.  Organisations should therefore take this opportunity to review what mechanisms they are relying on to gather personal data from individuals for direct marketing purposes or risk the wrath of the ICO.

It also interesting to note that in this case the organisation in question engaged the services of a law firm to carry out a privacy assessment after the investigation concluded, but in this instance the follow up remediation was not far reaching enough to be considered a ‘mitigating feature’ by the ICO.  In theory however, this suggests that the ICO’s is open to incentivizing organisations to take steps to remedy compliance failures at any time prior to the levying of the monetary penalty notice.

If you have been contacted by the Information Commissioners Office, it could be worth considering carrying out your own legally privileged audit of your data protection practices with our Data Protection Health Check, a quick and easy way to address your GDPR compliance needs. You can also contact one of our Data Protection Solicitors, who are ready and waiting to support your business.


Our offices

A national law firm

A national law firm

Our commercial lawyers are based in or close to major cities across the UK, providing expert legal advice to clients both locally and nationally.

We mainly work remotely, so we can work with you wherever you are. But we can arrange face-to-face meeting at our offices or a location of your choosing.

Head Office

Floor 5, Cavendish House, 39-41 Waterloo Street, Birmingham, B2 5PP
Regional Spaces

Capital Tower Business Centre, 3rd Floor, Capital Tower, Greyfriars Road, Cardiff, CF10 3AG
Stirling House, Cambridge Innovation Park, Denny End Road, Waterbeach, Cambridge, CB25 9QE
13th Floor, Piccadilly Plaza, Manchester, M1 4BT
10 Fitzroy Square, London, W1T 5HP
Harwell Innovation Centre, 173 Curie Avenue, Harwell, Oxfordshire, OX11 0QG
1st Floor, Dearing House, 1 Young St, Sheffield, S1 4UP
White Building Studios, 1-4 Cumberland Place, Southampton, SO15 2NP
A national law firm

To access legal support from just £145 per hour arrange your no-obligation initial consultation to discuss your business requirements.

Make an enquiry