Global One 2015 – €11,700 Fine (United Kingdom, 2021)

Global One is a charity that aims to impove health, sanitation and agriculture. The Information Commissioner's Office received 539 complaints from individuals who received unsolicited text messages from Global One. These complaints occurred between April 30th, 2020 and May 22nd, 2020, when 573,000 marketing texts were sent overall. The texts did not offer individuals the opportunity to opt-out of further marketing. Global One had entered into an agreement with a third party (X) that was to provide them with a marketing strategy. The third party (X) informed Global One that it would start an SMS campaign to gain donations. Global One says it assumed that this would be carried out using a marketing list that belonged to the third party (X). However, the third party (X) themselves commissioned another third party (Y) to deliver the test messaging campaign. The third party (Y) claimed that the list of contacts they compiled and used was compliant with relevant laws. However, there was no evidence of consent being provided for such direct marketing messages. Global One nevertheless claimed to have undertaken due diligence, whilst the third party it contracted with (X) claimed that it only advised Global One of various other agencies who could do the marketing. The Information Commissioner's Office held that Global One infringed Articles 22 and 23 PECR. Global One relied on consent obtained by another organisation (Y) to send these text messages. However, the ICO's view is that third parties cannot rely on consent provided to an organization when the consenting individuals did not know how their data would be used by third parties. Organisations can generally only send marketing messages to individuals who specifically consented to receiving them. Indirect consent collected by a third party is only authorised where it is freely given, specific and informed (Article 4(11) GDPR). As there is no evidence of individuals consenting to third party marketing, the ICO conc