ICO warns UK firms to respect customers’ data wishes as it fines Flybe and Honda
Two companies have been fined a total of £83,000 for breaking the rules about how people’s personal information should be treated when sending marketing emails.
An investigation by the Information Commissioner’s Office (ICO) found Exeter-based airline Flybe deliberately sent more than 3.3 million emails to people who had told them they didn’t want to receive marketing emails from the firm.
The emails, sent in August 2016 by Flybe, with the title ‘Are your details correct?’ advised recipients to amend any out of date information and update any marketing preferences. The email also said that by updating their preferences, people may be entered into a prize draw.
The airline has now been fined £70,000 for breaking the Privacy and Electronic Communication Regulations (PECR).
A separate ICO investigation into Honda Motor Europe Ltd revealed the car company had sent 289,790 emails aiming to clarify certain customers’ choices for receiving marketing.
The firm believed the emails were not classed as marketing but instead were customer service emails to help the company comply with data protection law. Honda couldn’t provide evidence that the customers’ had ever given consent to receive this type of email, which is a breach of PECR. The ICO fined it £13,000.
Steve Eckersley, ICO Head of Enforcement, said:
“Both companies sent emails asking for consent to future marketing. In doing so they broke the law. Sending emails to determine whether people want to receive marketing without the right consent, is still marketing and it is against the law.
“In Flybe’s case, the company deliberately contacted people who had already opted out of emails from them.”
The ICO recognises that companies will be reviewing how they obtain customer consent for marketing to comply with stronger data protection legislation coming into force in May 2018.
Mr Eckersley warned:
“Businesses must understand they can’t break one law to get ready for another.”
Any company unsure of the best way to prepare for the change in consent under GDPR should contact the ICO for advice. The ICO has published detailed guidance for firms carrying out direct marketing by phone, text, email, post or fax. Advice and guidance on data protection law reforms are available on the ICO’s website.
This article first appeared at ICO.org and is published with kind permission.