Well, looks like we will actually be going to court over the latest spam.

21 pages, FFS, waffling on about my connection to Dedicated Programmes (from which I buy the email address in question). Whether or not I am an individual subscriber is a matter of fact - it is whether I have a contract with a CP as an individual for the service, simple as that. Even if I was director and shareholder of DP, it would not matter if I, as an individual, had a contract for the service. As it happens, Simon, who runs DP is just a friend and I have never worked for or been a shareholder of DP, but none of that matters. He thinks the invoice was sort of made up - well yes, long before he sent his spam, after previous spams, Simon and I agreed that DP would actually charge me, and properly invoice me, for the email address which he had previously provided free (or in exchange for some help from me). That made it a clear contract, ensuring there was no doubt as to the fact that I contract as an individual for the service and as such am an individual subscriber.

Anyway, I'll have to go through in detail. He has quoted loads from my blog, which is, of course, a breach of my copyright for which I can sue him (sadly I can't in this case).

What is in no doubt is that this is distressing, and it is distress for which I am claiming. I have just checked my blood pressure after looking at this letter from the guy and it is through the roof. I am already on medication for blood pressure. I may take the meter with me when I go to court, as I have to be a bit careful. It will take me a while to calm down now! I can be pretty sure I will lose sleep over this now.

What I have to remember is, that even if the judge throws out my case for some reason, I will have learned something useful and at most paid his costs for getting to court. Small claims has limited costs, and the fact he refused to consider an arbitration call may even get the costs removed anyway, we'll see.

Case on the 15th!


  1. I have been musing the possibility of a claim under the tort of private nuisance for those situations in which the "individual susbcriber" aspect causes problems (no idea whether it does here or not) — private nuisance has been used before in the case of unwanted phone calls, so it would seem a logical extension to apply it in the case of unwanted email too.

    1. I am surprised he seems to have a couple of pages trying to prove I am somehow connected with DP, as if that changes the fact that I am an individual subscriber. Let's hope the judge understands this.

    2. The more he rages in an unimportant direction, the less credible he will make himself. Stay calm, and stick to your facts, and just dismiss the connections without getting involved in the argument. Some people take things too personally when they are sued (Indeed one of mine has said "In conclusion the Defendant believes this claim an elaborate and opportunistic 'try on' by the Claimant who is seeking to get something for nothing. The claimant has probably seen, or head about a 'jolly good wheeze' whereby easy money can be made by extorting funds from perfectly respectable and long established trading companies..." and goes on like that for a bit. Oh and asked the court to dismiss as an abuse of process. Like that would happen.

  2. Devil's advocate here (and very nitpicking I know) but has he _quoted_ content from your website or _copied_ it?

    1. Printed off PDFs off the blog, but as someone has pointed out to me: Copyright, Designs and Patents Act 1988, s.45(1): Copyright is not infringed by anything done for the purposes of parliamentary or judicial proceedings. So I can't sue - shame :-)

    2. If copyright doesn't apply, I would be interested to see a copy of the 21 pages you received....

  3. In my case (which is just on the verge of going to arbitration), claimed that as the spam was sent to a business, it doesn't apply under PECR (so similar to yours). My counter argument is that they addressed it to me personally (and had my full name in the email) causing it to be forwarded to my personal individual email box which was then downloaded to my personal computer and personal mobile phone over a broadband connection which is in an individual/personal name. I also pointed out that a director is still an individual person. I'm just waiting for their response now (annoyingly, Royal Mail has lost the documentation I sent to them a week ago - even though it was recorded delivery - so had to resend it via Special Delivery to be there before the mediation call).

    I'll be very very interested in any comments/information/outcome of your case.

    1. My understanding is that RevK is arguing that the spam was not sent to a business, but to his personal account, as opposed to arguing that, despite an address being used as a business address it still falls within the definition of "individual subscriber" for the purposes of PECR — although do read the recitals to the directive (2002/58/EC) and the article within that, if you have not already done so, for some broader context to the framework.

    2. Well, in this case, the email address is not, and never has been, published or used as a "business contact" in any way. There is an argument that a "business contact" can still fall under the definition of "individual subscriber" as it is not the usage or purpose of the address that matters but the status of the party to the contract - but in this case this really is "personal" in all ways and always has been. It was set up originally solely for my mate Simon to email me when mail clients did not auto complete and it was handy to be under his domain.

    3. I suspect that would come down to the definition of "subscriber". PECR says:

      "“subscriber” means a person who is a party to a contract with a provider of public electronic communications services for the supply of such services"

      I would certainly be inclined to argue that if you routinely use an IMAP client on your home computer to read your mail, then you are a "subscriber" by virtue of the spam arriving over your personal internet connection.

      I do wish they hadn't put all the "individual subscriber" nonsense in PECR though - it doesn't seem to achieve anything other than adding weasel-words that the spammers can use when caught red handed.

  4. As far as I can tell, a contract is not required to prove that you are an "individual subscriber" - PECR just defines an individual as "a living individual and includes an unincorporated body of such individuals" - the "unincorporated body" bit is quite interesting - lots of organisations/clubs/companies (think: sole trader) are unincorporated.

    It looks like my case is going to mediation - spammer sent me spam advertising "holidays for 2 adults". They haven't denied anything, they seem to be relying on a defense that they took "reasonable care" - that my domain is owned by an "organisation" and therefore wouldn't expect to be covered by PECR. Of course, the organisation the domain is owned by is unincorporated (not that I actually believe they checked any of this before spamming), but that aside, people with gmail addresses are presumably "individual subscribers" even though gmail.com is owned by an incorporated organisation.

    I am interested in whether taking "reasonable care" is a valid defense. As far as I see it, the court are awarding damages, not a punitive fine; they may have taken "reasonable care" to avoid causing me damage, but they failed, so I think the damages should still stand.

    I suspect it will come down to a judgement on whether the damages I'm claiming are a reasonable amount, whether "reasonable care" is a valid defense and whether they actually took "reasonable care" - my argument on this point will be that the ICO publish "direct marketing guidance" and they have not followed it at all so they can't claim to be following any kind of best practice; and even broadly treating an "organisation" as a company, it seems to me that "holidays for 2" are something that you would target at individuals, not companies.

    As for the level of damages, I will openly list all the costs that I have considered and explain that they are basically incalculable (at least without a lot of work) so I have made a ball-park estimate rather than a rigorous calculation.

    1. > I am interested in whether taking "reasonable care" is a valid defense

      Kind of. See Regulation 30(2) — debatable what this might mean in the context of the kind of email you have described.

    2. Oh damn, hadn't spotted that. Pretty much nails it then - if someone can prove "reasonable care" then it sounds like they would win. I can understand taking reasonable care allowing you to avoid a punitive fine, but it doesn't seem right that it absolves you of paying for the damage you caused.

      Still, in this case I'm pretty confident that they can't prove any kind of reasonable care - they have admitted to buying a mailing list and claim to have tried to ensure that they only spammed "organisations" (not just limited companies)*; but they have basically done what the ICO's guidance explicitly says you must not do, and I'd still argue that the type of product they are advertising is very clearly aimed at individuals rather than companies.

      * I don't for a minute actually believe that they vetted the addresses to only target organisations, but I wouldn't be able to prove this.

      Anyway, having never gone to either mediation or court before, I will be interested in seeing how this works. I find it odd that the spammer has asked for mediation even though they had originally refused to negotiate. I guess they were trying to call my bluff..

    3. Well, ask "how" they vetted them - I know of no test for an email address to be "individual" or "corporate".

    4. > they have basically done what the ICO's guidance explicitly says you must not do

      In that case, you might be able to persuade a judge (if it comes to that) that taking "reasonable steps" (or whatever the precise wording is) probably could not be made out where someone has directly contravened the relevant regulatory's guidance. My only nervousness in this is that I am not always sure that that particular regulator's guidance is in line with the law...

    5. > Well, ask "how" they vetted them - I know of no test for an email address to be "individual" or "corporate".

      They haven't specifically said how it was vetted, but they have said that (a) it's a .org domain and therefore obviously belongs to an "organisation" (even though .org has no such restriction, and certainly not even an implication that it would be an incorporated organisation, and (b).said that my whois records show that my domain is registered to an organisation - it is registered to my sole trader trading name, so not an incorporated org, and also no matter who its registered to, it has been used soley as a personal domain since it was registered in 2003 and never for any business purposes.

      So I guess the implication is that they vetted domains by their TLD and whois. None of this seems good enough to determine the status of the domain, and tells you nothing about the actual recipients. Also, its explicitly disallowed by the T&Cs of the Public Interest Registry's whois servers (which are responsible for .org domains): "under no circumstances will you use this data to(a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers"

    6. Excellent information for preparing there, exactly as you say above, in terms of being ready to explain to a judge if that point is made that the fact that domain was registered to an organisation has not bearing on the status of the subscriber, and that, if the judge were to check the domain name registration for gmail.com, yahoo.co.uk and so on, s/he would find that these too are registered to organisations.

    7. Although this is only going to mediation at the moment, I've taken the time to prepare a written statement with responses to each point of the defendant's defense - it's helped me organise my thoughts so hopefully when the mediator questions me I can provide sensible answers.

      It seems a bit odd to me that I don't appear to have the opportunity to present this kind of statement to the mediator prior to the appointment. This is my first time through the small claims process, so I might be missing something but as far as I can tell the process (on moneyclaim.gov) seems to be:

      1. Plaintiff files proceedings with an explanation. The explanation is very limited in length, so little opportunity to go into any detail.
      2. Defendant responds with their defense. Again, the the length of the defense is very limited, so very little detail is possible.
      3. Case goes to mediation and each party can discuss the case in more detail with the mediator.
      4. If mediation fails, the case goes to court and more detailed arguments and evidence can be put forward by both parties.

      Seems slightly odd that the process doesn't really seem to allow (or at least, encourage) more detailed reasoning to be put forward early on.

      In this case, the defendant's response to the notice before action was a offer of a pittance (5% of what I'd asked for) and when I turned that down they demanded that the case be argued in court, so neither of us have engaged in any more communication outside of the official court documents - not sure if this is the correct thing to do.

    8. My view to reasonable care is that they need to prove consent. Buying a list in, is, by the ICO's own guidelines, fraught with danger.
      Also as a sole trader I don't envisage any issue with the individual subscriber bit. I can show an Invoice to me, as a sole trader for my rackspace and everything from that point is mine.

  5. You may like this, I had some spam come through a few weeks ago and have been pestering the company to explain the reasoning they've used to believe their actions are legal and had no response, so I contacted them through facebook to prod them.

    Today I received this:

    "Hello Matthew,

    I hope that you are well,

    Thank you for your Facebook message as your email went to spam,

    I apologize for the email you received, however I can ensure you that it was not spam and just a genuine offer.

    You wont receive any more emails from us and we are sorry for the inconvenience."

    1. The problem here is people thinking that the spam they are sending is "genuine" and therefore ok and somehow more desirable to the recipient than everyone else's spam. Do people really think that it isn't spam if it isn't from the Nigerian Finance Minister or advertising v14gr4?

    2. Quite a lot respond like that. You need to push them a bit harder now to get some damages out of them now you have an admission that they sent the email...

  6. Good luck and I hope you have a slightly better judge that understands the costs and distress involved. Mine didn't get how spam could cost anything!

    1. As I'm a coder, I will be citing Joel Spolsky - well known and published programmer, who has said that an interrupting a coder causes 15-30 minutes of lost productivity. That automatically gives me 0.5*hourly_rate*number_of_spams. On top of that I'll argue that the distraction can lead to bugs, with an incalculable ongoing cost. Of course, if you're not self employed then its much harder to equate time spent with financial damage since people are usually not paid for their free time anyway.

      What surprises me about your case is that the judge doesn't consider the cost of running antispam systems as damages. In my case, I'm also going to point out that antispam systems cause false positives, and there is an associated (probably incalculable) cost associated with losing legitimate emails.

      I'm actually pretty surprised that the judge ruled against you given the scale of the problem - 120 emails in a single day to an address they have already been told to delist sounds pretty serious to me.

      Sadly I doubt the ICO will care, all they ever seem to do is write "strongly worded letters" reminding companies of their responsibilities. I reported a company to them for violating the DPA (ignored my subject access requests) a while ago, they wrote to the company, who ignored them, so they wrote again and were ignored, finally they told me my only course of action was to sue - presumably I wouldn't actually be able to do this since I couldn't prove damages from having my SAR ignored.

    2. > I'm actually pretty surprised that the judge ruled against you

      I'm not. My experiences in court have shown that judges are hopelessly out of touch with reality and yet consider themselves expert on all matters.

    3. Hindsight is great, definitely have all the arguments and counter-arguments carefully mapped out for the day. I was in Small Claims last week (witness, but interesting) and even though it was very informal, it's very easy to lose sight of things when your sat down in front of a judge being questioned.

      While I'm not sure that spam could be considered "an interuption" (wouldn't you keep your mail client closed?)
      But it an annoying conclusion that "spam costs nothing". If it does, why does the PECR exist?

      Perhaps what is needed is an invoice with two lines from the email provider (DP or whomever)

      email account (per year) - £12
      anti-spam (per year) - £50

      Would this not demonstrate to a judge the "loss" caused by receiving spam i.e. if people did not send you spam, you would not have to subscribe to an "anti-spam solution"

      Furthermore, we need a wiki for all the people that care about this, with standard emails and arguments and counter-arguments and judge comments and decisions.
      I may host one :)

    4. I have suingspammers.info, and happy to point it at such a wiki.

    5. Don't forget the cost of receiving the email as well, and storage.

    6. I decided to give it a go — let's see what happens with it: UK Anti-Spam Legal Resource: ukaslr.co.uk

    7. I've added a bit more to the case history section Neil.

      I'm not sure just how much to publish TBH. Whilst I want to help others claim against spammers, I equally don't want information out there that will helps people defending such claims. A tricky balance!

      I've started filing summary particulars through the moneyclaim system, and serving a full (much longer) particulars of claim based on the Nigel Roberts vs Media Logistics particulars with specifics pertinent to the case. I have also written a few skeleton arguments also.

    8. I don't think that is an issue Alex. We are not trying to trick spammers in any way - if we have a genuine case, and the law works, we win. If not, and we need to understand the ways in which we are getting the case wrong, we learn to get it right. If the law genuinely does not work, we need to get the law changed.

    9. I would agree with RevK's view here, although, of course, I will only add to the wiki things which are in the public domain (unless someone sends me something with their permission to add it); if others want to add their personal experiences, they are very welcome to do so.

    10. Hi Neil,

      I'm also doing a similar site http://privacyact.uk : I'm just waiting for 2 cases to wind up before I enlarge the site and make all the case details of all 9 cases "live".

    11. > I'm not sure that spam could be considered "an interuption" (wouldn't you keep your mail client closed?)

      I keep my email client open so I can be alerted, and respond to urgent emails. It seems legitimate for me to make the decision to have my work interrupted by genuine emails, but not want to be interrupted for spam. I'm sure a spammer would argue that I shouldn't have my personal and work email going into the same mailbox and therefore keep my personal mail closed during the working day. However, this ignores the fact that I may have urgent personal matters to attend to even when I'm at work, and I also don't see that someone should dictate how everyone works in order to mitigate their law breaking behavior.

      > Perhaps what is needed is an invoice with two lines from the email provider (DP or whomever)

      In Deanna's case, the judge ruled that the cost of running an antispam system would not constitute damages for an individual spam. I guess the cost of running the antispam system would need to be aggregated across all spammers.

    12. Nice one Neil. I've added some bits and pieces to it, but we need to keep the momentum and get this fleshed out.

      RevK: Would it be possible for you to mention Neil's wiki on your next spam post, and (since I'm being cheeky in good nature) since you are spearheading this campaign, to perhaps give it the once over and make some contributions yourself?
      Get your "recipe" out there so to speak :)

    13. WRT the "Current / previous cases", what is the best policy with cases settled with confidentiality clauses? E.g. the court mediation service demands that discussions held during mediation and the contents of the settlement are confidential. Is it allowable to publish these as "Settled out of court, terms of settlement confidential" or similar? There is some value in people knowing that a settlement has been reached (and possibly the original damages that were being claimed), even if the terms of that settlement can't be published.

  7. I'm sure you'll keep us updated as I, for one, would be very interested. I have two cases submitted with Money Claims Online and well over ten others waiting in the wings.

  8. Always good to hear, I've had quite reasonable success thus far, 1 at defence stage currently and one that's still awaiting service.
    Had one company be quite blase about it the other day, saying to refer all communication to their solicitors. I queried this, pointing out that it would cost them far more than the claim itself, and that if they wanted to ask their solicitors anything, they could do so, but I certainly wouldn't be! We shall see here, I'll give em some time and if no response file a case.

  9. These two blog posts may be of interest to anyone who is heading to court with a claim:


    Hope it's helpful


Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.

ISO8601 is wasted

Why did we even bother? Why create ISO8601? A new API, new this year, as an industry standard, has JSON fields like this "nextAccessTim...