I’ve written previously about the use of affiliate marketers in the Gambling sector, which I’ve come to realise is a significant issue across the industry. It seems nobody has a bigger problem than industry giant Ladbrokes, despite a commitment to “being a leader of our sector in responsible business practice”.
In a 9 month period from Nov 2014 to July 2015 , I received 3 marketing text messages and 7 emails on behalf of Ladbrokes, all sent without consent. I complained to Ladbrokes on several occasions, with Legal Counsel Stuart Reid, in a rare response to my correspondence, offering the following analysis of one example of the spam:
“The marketing email to which you refer was sent to you by one of Ladbrokes’ marketing partners, a company called Emailmovers (www.emailmovers.com). Emailmovers acquires personal data from user activity on its own websites and from third party sources. It is therefore Emailmovers, and not Ladbrokes, that controls the list of email addresses to which the relevant email was sent.
Emailmovers advises that you gave your consent to receiving marketing emails at 14:41 on 28 July 2009 via www.loanandgo.co.uk; and that it is for this reason your email address was captured and ‘opted in’ to receiving marketing communications from Emailmovers. We understand, further, that your email address is included on two separate databases that are made available to Emailmovers”.
To put that another way, Ladbrokes (and their marketing partners) believe that because I apparently applied for a loan in 2009, I’m an appropriate, willing and therefore lawful target to receive marketing some 6 years later. That particular piece of marketing and comment came after several requests to Ladbrokes explaining quite clearly that I didn’t wish to receive to marketing enticing me to gamble.
As I previously highlighted, the ICO regard an organisation using affiliates as “instigating” the marketing, a natural and reasonable interpretation, which of course means in these circumstances Ladbrokes had responsibility – and liability – under the Privacy and Electronic Regulation Communications (PECR).
I therefore asserted my rights in accordance with Regulation 30 of PECR and claimed damages from Ladbrokes for these repeated contraventions of PECR. Even after one settlement in relation to the first batch of spam, subject to a confidentially agreement that was broken by Affiliate marketer Matt Jacobs, when he wrote to their partners to call me a “troublemaker”, the messages continued. I therefore submitted a further Small Claim’s Court claim.
Somewhat amusingly, they couldn’t even muster the energy to hoist the white flag on the more recent claim, completely failing to respond to the Court leading to a judgement in default. Their reluctance to open to their post continued, meaning my requests for payment were also ignored. I therefore instructed Bailiffs to collect the debt, who after 3 visits to HQ, finally managed to secure my full claim and costs, displayed below for reasons best described as tacky smugness.
On a more serious note, such is their lack of control of their web of affiliate marketers, that even after such a settlement, further marketing messages have continued to come in – an astonishing 20 emails in the 10 days after my cheque arrived.
I’ve repeatedly sought the advice of the Head of Responsible Gambling at Ladbrokes, Graham Weir, as to how I might stop these latest invasions of privacy. His initial response was for me to opt out of the latest emails, advice which I pointed out was contrary to the ICO’s own advice not to respond to unknown links (so as not to confirm a live email address). He then told me to follow the ICO’s advice, before the Legal Department wrote to tell me to follow the unsubscribe links on the two examples I’d forwarded them, whilst not taking an interest in the other 18 examples I had offered to send them. All the emails were displayed as being from Ladbrokes.
Once again, they outlined their apparent ongoing disagreement with the ICO’s views on Affifilate marketing, noting
“We did not send, and were not responsible for, either of these two messages…We strongly refuse any suggestion that our marketing activities contravene relevant legislation”.
Perhaps someone is taking upon themselves to unlawfully market Ladbrokes without any inducement? Or perhaps Ladbrokes are taking the piss.
A quick Twitter search for Ladbrokes Spam brings shows a similar attitude of distancing themselves from the affiliates who are doing their unlawful dirty work, along with examples of them spamming self excluded customers and children.
Even aside from the blatant breach of PECR, quite how that fits with Ladbrokes stated commitment to Responsible Gambling, I couldn’t tell you.
The man who could tell us that, the aforementioned Graham Weir, has repeatedly failed to give me any assurance that he can control the rabid affiliate marketers. In my case, unable to offer any advice as how they may stop their aggressive affiliate campaign, they instead served me a Trespass order from entering their shops. As well as being rather ironic, this entirely missed the point.
I briefly wondered whether Mr Weir’s position was derived from ignorance as opposed to an arrogant disregard of the rules, but then I located his following comments to a Gambling Commisison consultation on proposed tighter marketing rules to stop unwanted marketing, where he acknowledged the problem, noting:
“We do however encounter some difficulties when we acquire customer lists through normal legitimate sources e.g an existing customer may have opted into to receiving third party communications on a list that we, or one of our agencies acquire using a different email from the one associated with their Ladbrokes account. In such circumstances they might then receive a marketing communication from us.
We believe that the way in which customers opt “in to” and “out of” sharing their information in the current context of data protection frameworks and the obvious lack of a centrally managed (by our regulator) database that people might opt into is very likely to result in frequent failures”.
His comments appear to show a remarkable level of comfort in knowing his organisation will continually fail to adhere to individuals wishes by using third party marketing consents in a manner contrary to the ICO’s Direct Marketing guidance. It’s simply a stone cold commercial decision to ignore people’s direct, express wishes, presumably on the basis they may have previously failed to (un)tick a box when applying for a loan 6 years ago.
This issue is something the ICO appear well aware of, noting on it’s website regarding spam texts
“The top most reported category was gambling, with 155 concerns. This topic is often in the top three most reported sectors and we are continuing to work closely with the Gambling Commission on this issue”.
This referenced “close work” the Gambling Commission has been going on since at least last summer, although clearly with limited success given the number of complaints is broadly the same as the January before and likewise higher than 2 of the previous 3 months. Despite the Sector being top of the Spam text chart, and regularly being in the top 3, there hasn’t been a single piece of Enforcement action against any gambling firm. Perhaps even more surprisingly given the ongoing abuse, nor is there a gambling firm on the list of companies under monitoring. I’ve made an FOI request to better understand the lack of action, but notwithstanding that response, I’d strongly suggest some stronger action might be required here.
Meanwhile, the Gambling Commission, despite confirming that they hold Licence holders responsbile for the actions of their affiliates, have shown no interest, perhaps because they don’t act as a complaints handler and thus have a documented compliance approach that makes no mention of acting on any information they receive regarding non compliance. They look and act like an organisation funded for failure, with ambitions to match.
As a final thought, it’s not just PECR Ladbrokes seem happy to disregard. I made 2 Subject Access Requests last year, both of which were completely ignored, meaning I had to wait 40 days to then get the ICO to chase them to provide a response. A more recent SAR was met with asking me to justify why I wanted the data (I explained), followed by a further 30day wait and then a request for a fee (admittedly compliant, if unsatisfactory).
As a privacy professional it’s pretty disheartening, but not uncommon, to see an organisation completely ignore their obligations when it’s easier to, especially when they gain commercial advantage for doing so. Most organisations will make mistakes, mis SAR deadlines and generally seek to stretch the boundaries in matters of marketing – but when an organisation willfully disregards its obligations, it would be nice to see some strong regulatory action. In the meantime, I’d encourage those blighted by spam to take individual action, a route I intend to revisit in respect of the recent score of unwanted emails.