Dennis Publishing is a publisher of popular magazines such as PC Pro, Computer Shopper and Men’s Fitness. Dennis Publishing obtained my personal information when I signed-up to a trial of their PC Pro magazine. Funnily enough, they also obtained my personal information in a completely separate process, when they obtained my corporate e-mail address from a mailing list operator.
To cut a long story short, I had the following issues with Dennis Publishing’s processing of my personal data:
- That when I signed-up to their PC Pro magazine, they failed to satisfy Regulation 22 of the PECR prior to targeting me with unsolicited electronic marketing e-mails.
- They failed to obtain my consent prior to disclosing my personal data to a third-party for the purpose of direct marketing. I settled out of court with the third-party.
- They failed to comply with my Subject Access Request within 40 days. The ICO upheld this complaint and Dennis Publishing complied once I had paid the fee.
- They failed to comply with an unsubscribe request. I unsubscribed but found myself subscribed again.
- They obtained my work’s e-mail address from a mailing list operator and in doing so, they failed to satisfy a condition for processing because the mailing list operator had failed to obtain my consent to disclose my personal data to a third-party for the purpose of direct marketing – Article 14b 95/46/EC.
The issues dragged on for quite a while, with Dennis Publishing’s Legal Team first dismissing that they had done anything wrong, and then with their lawyers Simons, Muirhead & Burton LLP, also arguing that their client had complied. However, Dennis Publishing eventually settled all claims out of court.
On a plus note, it does appear that Dennis Publishing has made a serious effort to become compliant. For example, at one point, they claimed to have over a million customers who had agreed to their information to be sold to third-parties for the purpose of direct marketing. It would appear that Dennis has now dumped this database.
By the way, I complained to the ICO about Dennis Publishing’s million-strong mailing list thinking that they’d be all over it but they didn’t do anything but give me excuses. This is typical of the ICO. They won’t do anything about marketing e-mails unless enough people complain. This is why I’ve started taking companies to court.
Under the GDPR, consent has to be freely given, specific, informed and unambiguous. As such, it is now absolutely clear that consent will no longer be obtained from inactivity or by default.
DPA 2018 Update
Section 168 of the DPA 2018 also confirms that “non-material damage” includes distress. This makes it far easier to claim compensation in the small claims court.
On Dennis Publishing’s website it states: ‘A lot of companies talk about their values, but at Dennis we simply live by them’. I’ve contacted Dennis Publishing’s privacy team twice to get an acknowledgment that they’ve viewed the article before I publish but no one got back to me.
Dennis Publishing’s privacy team got back to me to say:
Thank you for your correspondence.
A response to your communication was prepared and sent to you by our legal representatives on 26th June. A copy can be found attached for your reference.
Simons, Muirhead & Burton LLP did contact me but only to confirm that they were no longer involved in the case.
I contacted Dennis Publishing’s main contact e-mail address but they didn’t reply.
As Dennis Publishing’s privacy team clarified that they had received my e-mail, they’ve had the opportunity to object so I’ve now published it.