View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 22, 2023updated 23 Aug 2023 9:27am

ICO warns employees are misusing customer data to harass consumers

Businesses are illegally using personal data to harass customers with romantic or sexual messages, a survey from the regulator has found.

By Claudia Glover

A survey conducted by the UK’s Information Commissioner’s Office (ICO) has found that almost a third of British 18-34-year-olds have received unwanted romantic or sexual propositions from so-called ‘text pests’ after handing over their personal details to businesses. Only half of respondents, meanwhile, knew such practices are illegal. These findings were released alongside a call by ICO for additional evidence of these interactions from the public.

ICO warns employees are misusing customer data to hassle consumers (Photo by Tero Vesalainen/Shutterstock)

Under the terms of the UK Data Protection Act of 2018, it is illegal to retain or use personal data acquired for legitimate processing purposes for personal ends. ICO added that it was now writing to “major customer-facing employer” to remind them of their legal obligations in holding customer data and to ascertain what measures they already have in place to safeguard it. The actions available to the ICO for breaches of privacy and data protection laws include criminal prosecution and non-criminal enforcement measures.

ICO’s survey of 2,289 adults found that 17% of respondents had fallen victim to what the regulator calls “text pests”. Nine per cent of those surveyed, meanwhile, believed that the use of personal information provided for business reasons being used for romantic or sexual propositions is legal, while 24% believe it to be neither legal nor illegal, but a matter of personal judgement. Less worryingly, two-thirds believed that companies harassing individuals in this way was immoral.

Under the UK GDPR, individuals have the right to be informed about the collection and use of their personal data. “This is a key transparency requirement under the UK GDPR,” the ICO has previously stipulated. 

ICO appeal to victims

Alongside the research, the ICO also launched a bid for more evidence. The window to submit customer experiences will be open from 22 August to 15 September. People interested in engaging in the research can share their encounters via this online form.

“People have the right to order a pizza, or give their email for a receipt, or have shopping delivered, without then being asked for sex or a date a little while later,” explained Emily Keaney, ICO’s deputy commissioner for regulatory policy, in a statement. “They have a right to know that when they hand over their personal information that it will not then be used in ways that they would not be comfortable with. But our research today shows a disturbingly high number of people, particularly young people, are falling prey to these text pests.

“We’ve launched this call for evidence today because we want to hear directly from the public how this misuse of personal information has affected them,” added Keaney. “As the data regulator, we can then use this to inform our work protecting the public.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Read more: ICO publishes guidance on use of biometric data in the UK

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.