James Daley

By James Daley

Spam is an irritating and seemingly inescapable part of modern life. Almost every time you hand your contact details over to a business, chances are they’ll be packaging it up, selling it on, and before you know it, spamming you – directly or indirectly - with dozens, if not hundreds, of messages a day, advertising everything from easy credit to holidays to Viagra.

What gets me really angry is that we’ve had a regulator to tackle this kind of annoyance for over a decade. But the Information Commissioner’s Office (the ICO) has proved incredibly ineffective at getting companies to play fair when it comes to how they use your data. In fact, if one were cynical – heaven forbid – one might say that the ICO’s main achievement has been to ensure that companies now spend vast resources on creating lengthy privacy policies which no one reads.

Except myself and my colleagues of course. As part of our analysis at Fairer Finance, we look at hundreds of these policies every year. And while the idea behind them may be sensible – to get companies to be transparent about how they use your personal information – the result is often the opposite.

More is less

By giving customers endless painstaking detail about what may happen to their information, and how it will be stored, companies successfully ensure that next to one ever reads a privacy policy. All I really want to know is that if I give my details to a company, they won’t spam me, and they won’t leave them stored on a CD which one of their employees leaves on a train. But I don’t even need them to tell me that in a “policy” – I just want to know that they’ll do it, and if they don’t, there’s a regulator waiting to make them pay the consequences.

And if companies want my permission to send me emails, texts, letters – or get in touch in any way at all – they would simply ask the question straight up. No pre-ticked boxes, no small print. Nice and clear – no ambiguity.

Only around a third of banks and insurers play a straight bat when it comes to asking their customers permission to spam them.

Of the rest, most pre-tick boxes which give them the consent they need – meaning that they’re guaranteed to catch anyone who’s not paying attention.

The more devious ones deliberately try to bamboozle customers by making them untick one box, but then tick another somewhere else. If you’re not eagle-eyed, it’s all too easy to give them consent when you didn’t want to.

The very worst offenders don’t even give you a chance to opt out. Somewhere on their website, they’ll tell you that by buying a product from them – or even giving them information while you’re shopping around – you are giving them consent to send you spam, and to sell your details onto other companies who will spam you too.

Hall of shame

Companies are obliged to have some way to let you opt out. But many companies make it as hard as possible – often requiring that you write a letter. The AA, Aviva, Admiral, Esure, Swinton Sainsbury’s Bank and Tesco Bank are just a handful of the high street brands who were found falling short in our research.

To give the ICO some credit, its guidelines make it quite clear what good practice looks like – and it’s not the way that these companies do things.

But the problem is that the regulator shows no appetite to go after companies that play fast and loose with the rules. Its website suggests that it frowns on companies who act in this way – but hard nosed financial services companies are unlikely to respond unless there are hard sanctions or penalties imposed.

Banks and insurers would tell you that it’s only fair they can use your data to send you marketing material. You’re their customer – and there’s every chance that you might be interested in another product they’ve got to offer.

But for me it just doesn’t wash. Why should I be locked into a lifetime of spam just because I was once your customer?

Impossible to avoid

The problem with spam is that once your email address has been polluted, it’s a one-way street. We have to hand out our email address to so many organisations that it’s impossible to have the discipline to go round opting yourself out of consent that you may have once given. And frankly, if your email address has already been sold after you gave the initial consent, the likelihood of you being able to remove it from all the places its being used is limited.

The ICO needs to come up with something similar to the Telephone Preference Service – which goes some way to helping people avoid nuisance marketing phone calls.

Wouldn’t it be great if you could add your email address to a list which protected it from marketing spam? It may be all but impossible to stop the fraudsters and criminal marketeers – who buy and compile illegal lists of addresses. We have to rely on our spam filters to keep those people out of our inboxes. But much more could be done to protect us from being spammed by legitimate businesses.

In absence of any real protection, we’re forced to come up with coping strategies. Like most people, I’ve now got three or four personal email addresses – which have some kind of heirachy as to how often I check them. I’ve got my true spam email which I’ll give to anyone. And then another address for semi-reputable companies – all the way up to my main personal email which I try not to give to anyone accept my trusted friends and family. But even that seems to be polluted now.

If only the ICO was willing to start getting tough with companies, perhaps they would treat their customers’ privacy with a little more respect.