The ICO has fined Digitonomy Ltd £120,000 for sending millions of marketing texts without proper consent. The company is an FCA-authorised credit broker, which generates leads for its business through affiliates sending marketing texts directing readers to websites offering loans. Between April 2015 and February 2016, the company instigated the sending of nearly 6 million texts, and over 1,400 complaints were made about spam messages encouraging people to apply for loans and directing them to the company’s websites. The company said it did not purchase third party data but used affiliate marketing channels. These affiliates relied upon various consent wording, including: “You consent to us and our trusted partners contacting you by SMS, mail, email, telephone and automated message”. There was no evidence the recipients had consented to receiving the messages. Under the DPA 1998, companies must have specific permission for unsolicited direct marketing texts. The ICO found the company did not have consent within the meaning of the Privacy and Electronic Communications (EC Directive) Regulations 2003, but that it did not deliberately contravene it. It said the company ought to have known there was a risk the contraventions would occur, and that it is not acceptable to rely on assurances of indirect consent without undertaking proper due diligence.