Late last year I received several text messages inviting me to open accounts with several different gambling companies. I had not consented to receive such messages and none of the messages contained opt outs, meaning the messages were sent contrary to the requirements of the Privacy and Electronic Communication Regulations (PECR). As someone who has learned the hard and expensive way that it’s not a good idea to try and put one’s money where one’s mouth is, the receipt of these unsolicited text messages encouraging gambling were very much unwanted.
One such text was marketing Betfair, and as you can see from the screenshot, the text was displayed as being from the name of the company it was promoting.
In response to the text, I contacted Betfair to remind them of their responsibilities, and particularly to flag the potential for damage and distress that this kind of serious breach of PECR could conceivably cause. Betfair’s eventual response, from Rhodri Smith (Legal Counsel) noted
“The text message was not sent by Betfair – it was sent by a third party. We did not instruct the third party to contact you, and your mobile number was not known to us. It is likely that the third party obtained your consent for marketing (and mobile number) from another website. We will inform the third party to stop sending marketing communications to you”.
At this point, one may note that from that text message, Betfair (and only Betfair) were able to identify the sender of the message and able to instruct him to stop sending messages. I would assume the hyperlink within the message was a unique code allocated to the given affiliate for the purposes of tracing commission. The message also appears to contain a “Freebet” offer, which presumably was also sanctioned by Betfair.
When I chased further details of the alleged consent that it was “likely” I had provided, Betfair informed me the third party was insistent he had consent to contact me, although they would not expand upon this. They subsequently did provide the details of the third party, who transpired to be a gentleman in Israel. Betfair also provided me his address and Gmail email address, inviting me to take the matter up directly with him and essentially saying it was nothing more to do with them.
Having google’d the third party’s details, there appeared to be an individual with the same distinctive name who was employed as “Head of Affiliate” for one of Betfair’s major rivals. I had previously held an account with the rival company, so it crossed my mind that the individual may have obtained my details from the Competitor database for his own ends. That would of course constitute a criminal offence under Section 55 of the DPA.
I thus flagged to Betfair that there was the potential that the third party could have obtained a customer list from his employers but they did not acknowledge my comments. After discovering the same third party was responsible for the other marketing messages I had received, I eventually reached an agreement not to pursue a claim against him personally for any impropriety or unlawful processing of my data.
Notwithstanding that agreement, I continued to maintain that as the Affiliate was marketing Betfair, Betfair were morally and lawfully responsible for the text message. I reminded Betfair of the wording of Regulation 22 of PECR, which states
“a person shall neither transmit, nor instigate the transmission of unsolicited communications for the purposes of direct marketing…”
The third party who sent the message was an accredited Affiliate partner of Betfair’s, who was being financially incentivised to encourage people to open accounts with Betfair. The Betfair Affiliate terms required the individual to comply with PECR, which implies that Betfair were happy for their affiliate marketers to market their product electronically.
When I challenged Betfair on this point, their Legal Counsel confirmed this was the case, by noting
If a third party wants to send a text message about a Betfair promotion, the third party must make it clear that the text message is being sent by a third party (not Betfair). The third party is also responsible for ensuring that they have relevant consent and comply with all applicable laws on direct marketing. On this occasion, the person who marketed to you gave the impression that they were Betfair, and they didn’t make clear that the message was sent by a third party. As mentioned above, this is a breach of our Affiliate Affiliate Programme Terms and Conditions where it states at Clause 3.1(n):- “you will ensure that all communications originating from you relating to Betfair make it clear that such communications are sent by and on behalf of you (and not from or on behalf of Betfair)”. Following your email, we have reminded the third party about the rules set out in the Affiliate Programme Terms and Conditions.
I do recognise that the third party has acted outside of the requirements of their affiliate Terms, but I believe that a breach of the Affiliate Terms is between Betfair and their third party. It almost feels like Betfair are saying that precisely because of their lack of controls and due diligence, they are not liable. However, you cannot simply outsource your liability to comply with PECR. You must not allow your line to be used in unlawful marketing.
In anycase, it is apparent that Betfair have been benefitting from the arrangement in the form of customer referrals and the third party has been financially rewarded for this. The individuals such as myself who have suffered the breach of privacy and unlawful marketing do not seem to interest Betfair. Indeed, despite the breach of the Affiliate Terms it seems Betfair simply reminded him of his responsibilities.
If a gaming company allow an affiliate to send messages without consent, and without an opt out, this very much the kind of breach of a kind likely to cause both damage and distress. Given the intention of the message is clearly to encourage individual to gamble, it does not take any intellectual gymnastics to construct a set of circumstances whereby financial damage would occur. The distress of receiving repeated texts, even from organisations whom you may have self-excluded yourself from is also hopefully equally clear.
The ICO’s guidance on Direct Marketing doesn’t directly address affiliate marketing, although their guidance around so called viral marketing draws some interesting parallels. I therefore sought a view from the ICO on the meaning of the phrase “to instigate” a message under PECR, and they confirmed
“you would be instigating if you encourage [emphasis added], incite, or ask someone else to send your marketing message”.
In response, Betfair maintained that they have not instigated the message, because
“The affiliate’s marketing is separate from the merchant’s own marketing. We do not ask or instruct third party affiliates to provide affiliate marketing services. Where third parties wish to provide affiliate marketing for Betfair, they must comply with Betfair’s Affiliate Programme Terms and Conditions…”
I interpret Betfair’s position to be that they don’t encourage affiliate marketers on the basis that they don’t directly instruct them to market Betfair. Rather, Affiliate marketers may take it up themselves to market Betfair (at which point Betfair will be of course reward the Affiliate) . I find that an exceptionally weak position and contend that they have encouraged the sending of the message by incentivising their affiliates to send messages. If there was no Affiliate scheme instructing people what they should do if they “wish” to send text message promoting Betfair, there would be no text message.
If I’m wrong and Betfair successfully argue they didn’t instigate the message, then the marketing industry will have discovered a very easy route around complying with PECR – just use affiliate marketers (ideally individuals outside of the EEA) to do your dirty work.
A further defence offered by Betfair was they had my consent to market me because I agreed to receive marketing when I opened my account with Betfair. I have no reason to doubt that was my marketing preference, but as Betfair themselves explained, I opened my account in 2003, so to rely on that consent would also be a particularly expansive interpretation of PECR’s description of consent “for the time being”. In anycase, as Betfair confirmed previously, my current telephone number was not known to them, so they do not have consent to market the telephone number I received the marketing on.
At no point did Betfair directly address the additional breach of a lack of opt out within the message, but they did also present a further contradictory argument that if I wanted to opt out of marketing, all I needed to do was log into my Betfair account (from 2003) and amend my marketing preferences. So Betfair, a company who are supposed to promote responsible gambling, think it is a reasonable (and lawful) policy to require former customers, presumably including problem gamblers, to log into their accounts. Quite aside from wildly misunderstanding their requirements under PECR, that is a revealing insight into their attitude to responsible gambling and general customer service.
In light of Betfair’s refusal to accept any liability for the message sent in their name, marketing their product, I have commenced action in the Smalls Claims Court. Betfair told me their large internal team of lawyers wouldn’t be handling the matter and that
“any proceedings will be handled by external lawyers and we will seek to recover those legal costs, in full, from you”.
As a matter of principle, that’s one gamble I’m willing to take.