Information Regulator slaps first spam calling company with enforcement notice

South Africa’s Information Regulator has announced that it issued its first enforcement notice resulting from a direct marketing complaint.

The notice was issued to FT Rams Consulting — a training institution — after the Information Regulator found that it contravened various sections of the Protection of Personal Information Act (POPIA).

This comes after the regulator decided that a clause on marketing via telephone must be added to Section 69 of POPIA.

“The Regulator received a complaint from a data subject (a person about whom the personal information relates) following countless direct marketing messages received by them,” the watchdog said in a statement on Tuesday, 27 February 2024.

“Regardless of the multiple attempts to opt out and requests to be removed from the company emailing list, FT Rams Consulting blatantly ignored the pleas from the data subject and continued to send them marketing messages on email.”

Following its investigation, the regulator determined that FT Rams Consulting obstructed protecting the data subject’s personal information, thus breaching conditions for legally processing personal information.

It also found that FT Rams Consulting had contravened section 69 of POPIA, which regulates direct marketing through electronic communications.

It had been instructed to stop sending unsolicited direct marketing messages by any means of electronic communication to which any data subject has not consented.

FT Rams Consulting must ensure that the first communication they send to data subjects requests their consent, and it must only approach each data subject once for consent.

The regulator has ordered the company to provide evidence of its compliance with these orders to the Information Regulator.

It has 90 days to comply with the watchdog’s instructions, and non-compliance will result in a fine of up to R10 million or imprisonment for up to ten years.

“Our leniency regarding direct marketing through unsolicited electronic communications is going to be a thing of the past because responsible parties (public or private bodies) ignore the provisions of section 69 of POPIA and infringe on the rights of data subjects,” said Pansy Tlakula, chair at the Information Regulator.

The watchdog found that the company hadn’t adhered to sections 69 (1) and (2), and subsequently several other sections of POPIA by:

  • Directly marketing to the data subject without first obtaining their consent;
  • Persistently sending direct marketing communications to the subject via email; and,
  • Giving the subject the option to “Opt Out” but failing to cease communications when they did so.

Section 69 (1) of POPIA sets out that companies are prohibited from directly marketing to customers via any form of electronic communication without first obtaining their consent.

Section 69 (2) states that marketers can only request consent from a data subject once.

“This means that the first message which FT Rams Consulting was supposed to send to the data subject was one in which it requested the data subject’s consent,” the Information Regulator said.

“POPIA defines consent as voluntary, specific, and informed expression of will in terms of which permission is given for the processing of personal information.”

“If the data subject consented to receiving direct marketing messages, they also had to indicate the preferred means of communication which FT Rams Consulting could use to send direct marketing messages to them,” it added.

The watchdog said FT Rams Consultant failed to use the prescribed form to obtain written consent from the data subject.

The Information Regulator has also identified 14 other potential offenders on which it intends to issue enforcement notices.

Latest news

Partner Content

Show comments


Share this article
Information Regulator slaps first spam calling company with enforcement notice