Morrisons supermarket chain fined for not respecting email opt-outs
The supermarket chain Morrisons has been fined by the ICO £10,500 for not respecting customer opt-outs from marketing emails. The case, in breach of the Privacy and Electronic Communications Regulation (PECR), was initiated by a complaint from a customer who had previously opted out from receiving emails by using the unsubscribe link. The company had sent out a message titled ‘Your account details’ asking individuals who had opted out to change their preferences to start receiving money off coupons and extra More Points. The email also advised how to opt back in to receive direct marketing. The company had sent 236,651 of such emails, but says that only 130,671 were successfully received.
When the ICO contacted the company during its investigation, it said that the penalty for non-compliance could be up to £500,000. The ICO says in its decision that ‘organisations cannot email an individual to [gain] consent to future marketing messages. That email would be in itself sent for the purposes of direct marketing, and so is subject to the same rules as other marketing emails.’
Morrisons told the ICO that the incident was a result of an update to their systems earlier in the year as they had received queries from customers stating that they were not receiving emails.
Morrisons was not available to comment to Privacy Laws & Business but has told the Sun newspaper that they were disappointed by the decision. A spokesperson for the supermarket said: “We sent out an information message to a small percentage of our customers that aimed to provide some helpful information about our service. We did this with the best of intentions and we’re disappointed that this was deemed to be ‘marketing material’.”
In March this year, the ICO fined Honda and Flybe for sending ‘servicing emails’ to customers who had opted out of receiving marketing emails http://www.privacylaws.com/Publications/enews/UK-E-news/Dates/20171/3/Flybe-and-Honda-fined-for-not-respecting-marketing-opt-outs/
PECR rules will change to match the EU proposal to revise the current e-Privacy Directive. Get the latest information about this topic at the Privacy Laws & Business 30th Anniversary International Conference, Cambridge 3-5 July 2017, in a session by Pal Vaczi, Senior Privacy Lawyer, BT, chaired by Giovanni Buttarelli, European Data Protection Supervisor. To see the programme and to register, go to www.privacylaws.com/ac30
See the Morrisons monetary penalty at https://ico.org.uk/action-weve-taken/enforcement/wm-morrison-supermarkets-plc/