The Information Commissioner’s Office (ICO) has issued a £70,000 fine against Flybe and a £13,000 fine against Honda Motor Europe Ltd for breaching Regulation 22 of the Privacy and Electronic Communications Regulations (PECR) by sending emails requesting individuals to update their marketing preferences. The two cases confirm that:
- the interpretation by the ICO of what constitutes “marketing material” is very wide; and
- the ICO will take enforcement action against organisations that seek to circumvent the rules on direct marketing by disguising marketing messages as service messages.
Flybe sent emails with the subject line “Are your details correct?” and advised individuals to update out-of-date information and marketing preferences. The emails were sent to over 3 million individuals who had opted out of marketing messages.
On the other hand, Honda sent emails titled “Would you like to hear from Honda?” to 289,790 individuals on the database where no “opt in” or “opt out” information was held due to a design flaw in the system. Honda believed the emails were not classed as marketing but instead were customer service emails to help the company clarify customer’s marketing preferences.
In both cases, the ICO considered that the emails constituted direct marketing, even though they were phrased as servicing messages. The decisions confirm that organisations cannot email an individual to consent to future marketing messages without prior consent for that first email and so cannot be sent without prior consent to marketing.
This is potentially a significant area of future enforcement by the ICO. The General Data Protection Regulation (GDPR) will impose a higher standard of consent and require controllers to have clear records demonstrating that they have obtained that consent. In preparation for this change, many organisations, much like Honda, have been reviewing their customer databases and considering whether they need to update their records to ensure they meet this new higher standard. These ICO decisions may mean such organisations need to review their communication plans to ensure that they do not, in the ICO’s words, “break one law to get ready for another.”
Special thanks to Elizabeth Campion for her assistance in preparing this entry.