Jan 132011
 

When do spam and credit checks go hand in hand? Easy: When the spam is from an otherwise legitimate mail order company, and their unsubscribe link takes you through an account sign up process before you can actually unsubscribe – an account sign up process which includes a credit check because, after all, by signing up you are applying for a credit account with them.

The company concerned is Very, a catalogue company which is a Shop Direct Ltd brand along with Littlewoods and a few others. Recently, I started receiving marketing emails from Very which, as far as I am concerned, are unsolicited, making them unequivocally spam. Being a fairly well known, legitimate company, though, I decided to give them the benefit of the doubt and tried unsubscribing by following the link in their emails. However, I discovered that in order to do so it is necessary to apply for an account with them, for which a credit check is required.

A more detailed outline of events, including a brief history that shows how they got my email address, follows.

Some years ago (2006, I believe) I purchased some items of clothing from lxdirect.com, a Littlewoods website that no longer exists. I did not purchase as a Littlewoods mail order catalogue customer, paying over however many weeks, it was just a straightforward transaction whereby I placed an order on their website, provided my credit card details, and waited for the goods to arrive – much as you would when ordering from Play, SendIt or Amazon and countless other online retailers.

For a couple of years after making that purchase, every few months I received a Littlewoods catalogue in the post. I had no intention of opening an account with them, so I just ignored it – if they wanted to waste paper printing those behemoth sales brochures and posting them to me, that was entirely up to them. Eventually, they stopped sending them.

That really should be where this story ends, but it turned out to be just an interlude.

When I make purchases online, there are a few things I do. Firstly, with very few exceptions, I use a unique email address for each company I buy from. Secondly, with very few exceptions, I untick (or tick as appropriate, depending on their wording) the box that says “Would you like us to send you marketing emails?” And thirdly, I always – without exception – untick (or tick as appropriate, depending on their wording) the box that says “Can we pass your details on to other companies for them to send you marketing emails?”

You can be assured that lxdirect.com would not have been one of the exceptions to the first two so, firstly, it was definitely a unique address, secondly, I opted to not receive their marketing emails and, thirdly, I opted to not receive marketing emails from other companies.

Imagine how annoyed I am now, therefore, since I started receiving marketing emails from Very to the email address I used for that lxdirect.com transaction.

On the face of it, that Very are sending marketing emails to an address provided to lxdirect.com suggests that lxdirect have ignored my choice to not receive marketing emails from other companies. However, with lxdirect.com being a Littlewoods website, and Littlewoods being a brand of Shop Direct Ltd, along with Very, it’s not another company but part of the same company. Even if that is the case, though, they are still ignoring my other choice – that I don’t want them to send me marketing emails themselves. Either way, then, the company is in the wrong.

As I explained in the summary at the top, on the basis that Very are actually a well known, legitimate company (rather than a bona-fide low-life scumbag spammer trying to sell me v1ag.ra, breast enlargements, or informing me of a fantastic opportunity to be conned out of my savings), I initially gave them the benefit of the doubt and clicked the ‘unsubscribe’ link in their missive.

That link took me to an account login page on Very’s website, on which I was asked to enter my email address (i.e. the one subjected to their spam) and specify whether I have a password. Since I’ve never actually purchased from Very themselves, I don’t, so I selected the appropriate option. Upon clicking ‘Continue’, I found myself on a page entitled “Account application”, the first page of a form, on which I was asked for my name and date of birth.

My name and date of birth, on a page entitled “Account application” – just so that I can stop them sending me junk email? That’s clearly not right – the relevant legislation doesn’t actually say they shouldn’t be asking for this, per se, but it does state what the requirements are for marketing emails to be compliant:

(c) the recipient has been given a simple means of refusing (free of charge except for the costs of the transmission of the refusal) the use of his contact details for the purposes of such direct marketing, at the time that the details were initially collected, and, where he did not initially refuse the use of the details, at the time of each subsequent communication.

Ignoring the fact that I shouldn’t be receiving Very’s marketing emails in the first place, in simple terms what that says is that the emails they are sending must include a simple means of unsubscribing. For example, a link that says “unsubscribe” which does just that, allows you to unsubscribe quickly and easily.

With that point in mind, I decided to proceed anyway, using the logic that once I had an account with them I can change my email preferences so that they don’t send their rubbish my way any longer, and then close the account. However, in order to do that, I figured I wouldn’t need to give my real details – the only important one being the affected email address – so for the purposes of this my name became “Mr Information Commissioner” and my date of birth one chosen at random. I clicked ‘Continue’.

The next page asked for a house number or name and a postcode, with a ‘Find Address’ button. The address I wanted to enter was this one:

Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

In other words, the address of the Information Commissioner’s Office, to go with my choice of name. Unfortunately, the look-up system didn’t seem to work with Wycliffe House and SK9 5AF, but after a few attempts it gave me a form to enter the address in full.

Which I did.

The next page asked for more contact details – confirmation of the email address, telephone numbers (only the ‘evening’ one being compulsory) and password. So I re-entered the address they had spammed, put in 0303 123 1113 – the number for the ICO – as both the evening and daytime telephone numbers, chose a password, ticked the box to say I didn’t want to receive offers from third parties (which must be ironic, under the circumstances), and clicked ‘Continue’.

How long have I lived at this address? The Information Commissioner has been around a while now, so I hit 10+ years.

Do I want shopping insurance? I won’t be shopping with Very, anyway, so “No”.

Do I accept the website’s terms and conditions? I won’t be able to continue if I don’t, so “Yes” (well, tick).

It was time to click ‘Continue’ again. After which I was presented with this:

As we cannot locate this address on our system, we are unable to carry out a credit search.

May I suggest you contact Equifax Credit File Advice Centre at PO BOX 1140, Bradford, BD1 5US and provide details of your full name, date of birth, current/previous address.

In other words, I hadn’t yet reached the point where I could unsubscribe from Very’s marketing emails, yet I had to undergo a credit check – which couldn’t be carried out for the Information Commissioner’s Office.

So much for “a simple means of refusing … the use of” my contact details, as per section 22 of The Privacy and Electronic Communications (EC Directive) Regulations 2003. Not only is the process of unsubscribing from Very’s marketing emails anything but the simple one that act calls for, but there is a fundamental flaw in the process as shown by my approach of using the contact details for the ICO:

A failed credit check means no account, and no account means no way to unsubscribe from their emails.

Granted, what I encountered was a failure to carry out a credit check, rather than failing a credit check – but given that the whole process is to create an account with credit facilities (even though all I wanted to do was unsubscribe), it’s not unreasonable to assume that a failed credit check would mean no account is created.

I commented about this on my Twitter account, very briefly in four posts saying:

11/1/11@3:12pm Hmm. Spam from Very (very.co.uk) to an address used by a related company several years ago. (Opted at the time for no marketing emails)

11/1/11@3:13pm What’s particularly irritating about this, though, is that in order to “unsubscribe” you have to actually sign up for an account with Very.

11/1/11@3:14pm Tried doing so with the Information Commissioner as my address but their system didn’t recognise it, so it couldn’t do a credit check.

11/1/11@3:15pm That’s right – in order to not receive spam from Very, I have to give my real details and undergo a credit check. How wrong is that?

A little later, I noticed this reply from Very’s official Twitter account:

11/1/11@7:05pm @VinceMH Email us at Network@VBeryHq.co.uk & we’ll try to get you off the list. x

My reply:

11/1/11@9:42pm @verynetwork No. How about I send a complaint to the ICO instead? The emails and unsub requirements seem to me to warrant it.

That may seem harsh given their willingness to ‘help’ but the point is that their offer misses the point by quite a margin – not only are they in breach of the aforementioned act by emailing me – and how many others? – but their unsubscription procedure is badly out of line with their legal requirements and needs to be changed forthwith.

VinceH