Monday, 19 January 2015

Apologetic Vision Direct

I get a lot of spam, and a good proportion of it is from legitimate British businesses.  It costs me time and effort to remove it from my mail box, time, effort and processing power to run the spam filtering software (which is only partly effective), causes me to miss important emails, breaks my concentration and is generally quite annoying.  The fact that British businesses are doing this is quite surprising given that spamming is unlawful in the EU.  In particular, The Privacy and Electronic Communications Act 2003 says that:
  1. You can't send marketing mail to someone you've never done business with unless they have explicitly told you that they consent.  Consenting to a third party doesn't count (e.g. the "do you consent for our partners to send you marketing emails" tick boxes aren't allowed).
  2. If you've previously done business with someone then you can send them marketing emails about "related products" so long as they either opted in, or did not opt out.  However, the ICO's guidance says that where an opt-out system is used, the opt-out mechanism must be very clear and prominent at the point where the contact details were collected.
The "legitimate business" spam I get is split between both groups.  The first group are definitely acting unlawfully; the second is not so clear-cut since I can't necessarily prove that I opted out (or that I wasn't given the option to opt out), but given that I always look for the opt-out box and try to ensure it always gets ticked whenever I hand over contact details, I think I can argue that if I didn't opt out, the option was not clear and prominent.

I've been sending notices to both groups for a while, pointing out that they are acting unlawfully, and for the most part I've had no response and continue to receive spam from them.  Where organisations have ignored these notices, I've filed complaints with the Information Commissioner's Office.  Unfortunately, the ICO's response seems to amount to writing to the offending companies and doing nothing else.

As of the start of the year, I have started sending preaction notices to legitimate British companies who's spam ends up in my inbox.  This opens the door to me being able to file a court case against them if I so wish.

VisionDirect is one company who I have made purchases from - I have bought contact lens solutions from them, and usually purchase a year's worth of solutions at a time.  As a result, they have also been spamming me for at least 2 years.  The frequency of emails varied, but it was as much as one email a week towards the end of last year, offering me things that are extremely tangentially related to contact lenses - e.g. "win 2 LUXE London Fashion Weekend tickets".

I've previously complained to VisionDirect and my complaints have been met with absolutely no response (and continued spamming).  I sent them a preaction notice on Tuesday, and less than a week later I've now had a apologetic phone call from them.  They did confirm:
  1. They're aware that the ICO guidance is to use an opt-in rather than opt-out system, but have chosen to ignore it.
  2. They claim there would have been an opt-out box that I hadn't ticked.  This can't have been very prominent if I missed it.
  3. Their excuse for opting people in by default is so that they can send contact lens reorder reminders.  Given that they know from my order that I wouldn't need to reorder for a year, I'm not sure why they think this justified sending me 4-5 emails a month.
They have said they will review their systems.  Whether or not this actually happens or is just something they said to make me happy is another question.

Thank you VisionDirect for finally unsubscribing me from your spam list, and if you review your marketing practices so that you're not continuing to act unlawfully then that's great.  It's a shame that you ignored the previous emails and it has taken the threat of court action for you to take note.


  1. Interestingly all you're required to do is to communicate that you wish to be unsubscribed. As long as you can prove you have withdrawn consent, then any further emails would be contrary to the PECR.

    1. Of course there are often no published email addresses to contact spammers via - they usually require you to either use a "contact us" form on their website, or some kind of web based unsubscribe system, neither of which leave me a paper trail to prove what I've done. Contacting an email address means I have a copy of the mail in my Sent Mail box, and mail server logs to show their server accepted it.

      Seems a bit unfair that spammers have my email address and are spamming it, but they won't let me email them!