An Islington business has been fined £100,000 by the Information Commissioner’s Office (ICO) over PPI emails.

Koypo Laboratories on North Road, described as a “lead generator specialising in scientific customer acquisition”, was found to have sent more than 21 million spam emails without consent between March 1, 2017, and March 31, 2018.

The ICO was first alerted to its activities in 2018, having received a number of complaints about Koypo and its Simple PPI Claims brand sending unsolicited emails.

An investigation over the next two years found affiliate websites, where Koypo claimed consent had been obtained, did not name Koypo or make it clear people may receive marketing about PPI claims.

The sites relied on providing consent to “third parties” and “partners”, which was labelled too general to demonstrate valid consent by the ICO.

A report written by Andy Curry, ICO’s head of civil investigations, wrote a report on August 4 which says Koypo did not “deliberately contravene” the law, but “failed to take reasonable steps to prevent the contraventions”.

It must now pay £100,000 by September 4 for breaching Privacy and Electronic Communications Regulation (PECR) laws.

PECRs sit alongside the Data Protection Act and GDPR, giving people specific privacy rights in relation to electronic communications.

These include rules on cookies, security, privacy, location data, itemised billing, line identification, directory listings, and marketing calls, emails, texts and faxes.

If the ICO receives full payment from Koypo by September 3, the fine is reduced by 20 per cent to £80,000.

Natasha Longson, the ICO’s investigations group manager, said: “Spam emails cause nuisance and disruption to people’s lives.

“This firm failed to follow the rules about lawful marketing and so we took action. I would urge anyone bothered by nuisance emails, texts or calls to report them to the ICO.”

Koypo did not respond to request for comment.

However, it told the ICO that it has instructed a law firm to develop procedures around compliant handling of data under PECRs and has suspended its email marketing campaigns.