Cab Guru fined £45,000 for sending hundreds of thousands of unwanted text messages

Cab Guru Limited has been found liable for breaking data protection and electronic communication rules by sending out hundreds of thousands of unwanted text messages to market their services.

The company was set-up by a number of licensed taxis and private hire firms to make an app for customers to book cabs through their smartphones… the app allowed people to compare fares and how long taxis would take to pick them up.

Ti help market the new venture, the Cambridge-based company sent text messages that advertised their app to hundreds of thousands of people. While the stunt may have worked for some, hundreds took to complaining and reporting the unsolicited marketing messages.

About the breach

The Global System for Mobile Communications Association (GMSA) received 165 complaints over Cab Guru’s texts between 27^th May and 5^th June 2016. The Information Commissioner’s Office also received complaints through their Online Reporting Tool.

Cab Guru said it sent out 706,650 text messages using telephone numbers provided by its five shareholder firms. The 165 complaints made to the GMSA were all about the same message people received, which read:

One complainer shared his thoughts over regularly receiving unwanted messages like the one above:

“I’m sick of opting out of messages I did not opt in to, normally it’s from “hacked” phones but this time it was from a named company so they should be accountable. I read everything I sign up to and never allow marketing or my information to be passed to 3^rd party’s not required.”

We totally agree – why do companies think it is acceptable to bombard people with messages and only stop when they specifically opt out?

How they broke the law

It is the responsibility of the company sending out such messages to obtain consent before marketing their services this way. The Privacy and Electronic Communications Regulations clearly enforce this, as does the Data Protection Act in Section 55A that prohibits an organisation from sending text messages to people for direct-marketing purposes unless the organisation has first obtained consent from the recipient.

In this case, Cab Guru said they did not obtain consent from the recipients themselves but through the associated cab companies who provided the company with the list of numbers. Cab Guru said:

“…all the customers are asked [by the associated cab companies] for their consent to receive text messages (usually that occurs as part of the initial telephone conversation when the customers’ orders the cab).”

However, upon investigation, the ICO found that this consent was a compulsory term of use when ordering a taxi, rather than a separate choice.

A hefty fine imposed

Cab Guru Limited, as the company who sent the messages, were unable to provide satisfactory evidence of consent for sending the direct-marketing messages. As a result, they were fined £45,000.00 by the ICO.

The ICO’s enforcement group manager, Andy Curry, warned against organisations misusing personal data to promote and market services:

“Just because an organisation might have a person’s mobile phone number in its records, that doesn’t mean it can call or send them marketing messages without their consent. This also applies to any associated companies… Most mobile users hate receiving unsolicited spam texts and the ICO will continue to take action against firms which send them.”