So Tax Returned Limited
Will be going into liquidation today and reappearing tomorrow as Tax Returning Again Limited
A London firm that sent 14.8 million spam SMSes without consent has been fined £200,000 by the UK’s data protection watchdog. Tax Returned Limited had attempted to send many more than that – some 22.7 million – but not all the texts were received. They were issued between July 2016 and October 2017, sparking more than 2,100 …
Don't have laws like those in my country (plenty of stupid ones, though). If a spammer sends a message we can complain to something like the Better Business Bureau (only more ineffective), then get an apology from the spammer similar to "sorry, we thought you would be interested in our INCREDIBLE AMAZING OFFER, please allow 20-40 years to be removed from our third-party emailer". Rinse, repeat.
My "favorite" spam is a regular "It is time to buy curtains" -- yeah, I need my curtains changed every two days.
Liquidation. A previous El Reg article covered this very issue
https://www.theregister.co.uk/2018/05/25/millions_of_pounds_of_ico_fines_go_unpaid_as_directors_dissolve_firms/
For information, a quick search found this FOI request.
https://www.whatdotheyknow.com/request/unpaid_monetary_penalties
Briefly, from August 2015 to January 2018 the ICO issued PECR fines of £7,058,500.
The amount unpaid and still owing was £4,945,189.
So it is unlikely (but possible) that this fine will be paid.
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/12/london-company-fined-after-148m-spam-texts-sent/
The Trustpilot reviews for Tax Returned Limited are interesting:
https://uk.trustpilot.com/review/www.taxreturned.co.uk
I assume the bit in the article that refers to "Tax Return Limited" is a trypo (should be Tax Returned Limited?) rather than deliberate ofuscation somewhere along the line?
The most recent annual accounts suggest there's more than enough money in the bank to pay off the ICO penalty and carry on. Just a routine cost of doing business.
Looking at the ICO penalty notice, and the associated freely available Companies House data, I find this company name and number and officers:
TAX RETURNED LIMITED
Company number 08828062
Registered office address
First Floor, Winston House, 349 Regents Park Road, London, United Kingdom, N3 1DH
Directors:
Bradley Jonathan SACHER
https://beta.companieshouse.gov.uk/officers/R3IxpeJQ736uvPdTbnyyreS6q5c/appointments
Darren Martin Zwiers
https://beta.companieshouse.gov.uk/officers/h-5TQAYV9vhWat9zexzurJGlYAU/appointments
There is a firm of accountants at that address - small companies often use their accountants office as their registered address, so I'd guess the company uses those accountants.
I was once confused why a recruiting agency was using the address of company that I had worked for (before it collapsed) as their own, then I remembered we had rented space from the accountants who occupied most of the building.
Correct; as another expert has already noted, it's quite common (and often reasonable) to have distinct "trading addresses" and "registered offices". Registered offices frequently end up being accountants, or similar.
That's one of many reasons you need to be careful who you're doing business with, hence my comment/query re Tax Return(ed) Limited.
A "company number" is meant to uniquely identify any particular England+Wales registered company. Even if a company changes its name or changes its address (as frequently happens) the company history should be traceable back via the Company Number; these are all published and freely available pieces of information (at the moment - this time next year, they'll probably be "unnecessary EU red tape").
Quite why company name/company number/registered office isn't a big part of the latest banking proposals for "safer transfers" is a mystery to me - these are readily checkable by bankers and public and could help prevent many of the "I paid £x000 into someone else's bank account and it wasn't the right recipient" stories which hit the meejah from time to time.
Capping the ICO's maximum fine to £500,000 makes absolutely no sense when criminal activity abides by no such limitation.
In this case, the proceeds of what appears to be a systematic breach of the law are in the order of £4 million (or more). Deduct from that the cost of setting up the multi-million spam campaign -- say, £30,000 (max) -- and that's £3,970,000. Now deduct from that the ICO's pathetic £200,000 fine and the net total is £3,770,000.
So long as those planning a data abuse enterprise do the math -- and even a dumb-ass with a calculator could manage the task in a couple of minutes -- and factor in a potential ICO fine as just another overhead, there's no disincentive at all.
The ICO should be given the authority to impose a fine equal to the offender's estimated profit plus 50%. And if the estimate's wrong, well, the law breakers can go to law to argue how unfairly they're being treated.
"For anything that happened since May 2018, ICO could now enforce max fines of € 20M or 4% of turnover, whichever is *larger*, so it will be possible to hurt those scammers much harder."
Which is good, because I keep getting spam mail to $orkplace address.
And when the senders squawk that I must have signed up for it, I'm going to point out that I'm not named "Andrew", "Annabelle", "Annette" or "Aaron", as most of the salutations on the messages are headed - I've had this address more than 20 years, which in most cases is longer than the companies in question have existed.
"The firm couldn't provide evidence for any consent having been given for some, while for others it claimed consent had been gathered via privacy policies on certain websites.
However, the ICO ruled (PDF) that the wording of the policies wasn't clear or precise enough for people to understand they would receive direct marketing messages advertising the firm's services."
Now this is annoying. This seems to suggest that the ICO thinks that if the wording of the policies was clearer then this would be acceptable.
This is PECR and although I don't have the inclination to read through the regulations again just for this post, I'm pretty sure you need to get actual tick box (not pre-ticked) consent for communicating via MS, Phone and email, not just a policy stating you can, however clearly written it is.