E-Marketing: Do Recipients Want Your Emails?
Businesses are reminded of the financial and reputational risks of sending unsolicited emails, after Halfords was hit with a £30,000 fine for an email marketing campaign that breached regulations.
The Information Commissioner’s Office (ICO) fined Halfords after it sent almost 500,000 unsolicited emails. The recipients – none had previously opted into marketing; all had bought a bike from the retailer in the last three years - were offered a free bicycle assessment and were invited to use their government ‘Fix Your Bike’ repair scheme vouchers at its stores.
Halfords denied any rule breach and attempted to rely on ‘legitimate interests’ instead of consent. However, the Privacy and Electronic Communications (EC Directive) Regulations 2003 explicitly requires an individual’s consent to receive electronic marketing communications. The ICO made clear legitimate interests as a lawful basis was not available as an alternative to actual consent under e-privacy rules.
Whilst the regulations also provide for a ‘soft opt-in’ exemption, this was not available in this case. The soft opt-in may allow an organisation to e-mail existing customers even if they haven't specifically consented to electronic mail. This was not available to Halfords as the recipients had either opted out or not opted in already and there was no unsubscribe link when they received the email.
The ICO described Halfords’ breach as a “serious contravention” of the 2002 regulations. An important message that comes through from its formal decision is that Halfords was clearly aware of the risks of contravening the regulations. Halfords’ breach was negligent but it was not found to have been deliberate (a finding reflected in the fine).
What does this mean?
Businesses need to exercise caution when conducting email campaigns to ensure they comply with the 2003 Regulations, the General Data Protection Regulations (GDPR) and related laws. If they fail to comply, they risk violating people’s rights to privacy and complaints are likely to follow – with the risk of an investigation, a fine and reputation damage.
The ICO is consistently demonstrating its willingness to investigate complaints and levy fines in the event of a privacy breach. The watchdog can issue fines of up to £500,000 so Halfords’ fine was relatively low.
If you have any concerns that your e-marketing campaign may breach the rules, always consider taking advice from specialist data protection and privacy solicitors or commercial lawyers.
If you would like us to cover an issue in the next NGM Tax Law Newsletter, we would be pleased to hear from you