Brand owners preparing for tighter rules on marketing consent – contained in the new EU data protection laws – have been sent a chilling warning after both airline Flybe and car giant Honda have been whacked with fines for contacting customers who were off limits, under the guise of updating their databases.
While the Information Commissioner’s Office said it recognises that companies will be reviewing how they obtain customer consent for marketing to comply with the EU General Data Protection Regulation (GDPR) coming into force in May 2018, head of enforcement Steve Eckersley said: “Businesses must understand they can’t break one law to get ready for another.”
The warning follows an ICO investigation which discovered Exeter-based airline Flybe deliberately sent more than 3.3 million emails to people who had told them they did not want to receive marketing emails from the firm.
The emails, sent in August 2016 by Flybe, with the title ‘Are your details correct?’ advised recipients to amend any out of date information and update any marketing preferences. The email also said that by updating their preferences, people may be entered into a prize draw.
The airline has now been fined £70,000 for breaking the Privacy & Electronic Communication Regulations (PECR).
A separate ICO investigation into Honda Motor Europe revealed the car company had sent 289,790 emails aiming to clarify certain customers’ choices for receiving marketing.
The firm believed the emails were not classed as marketing but instead were customer service emails to help the company comply with data protection law. Honda could not provide evidence that the customers’ had ever given consent to receive this type of email, which is also a breach of PECR. The ICO fined it £13,000.
ICO head of enforcement Steve Eckersley said: “Both companies sent emails asking for consent to future marketing. In doing so they broke the law. Sending emails to determine whether people want to receive marketing without the right consent, is still marketing and it is against the law.
“In Flybe’s case, the company deliberately contacted people who had already opted out of emails from them.”
Related stories
GDPR compensation to dwarf £30bn bill for PPI claims
Half of all firms still not compliant with 1998 data laws
Data compensation claims ‘could run into millions’
Major ICO recruitment drive to prevent GDPR meltdown
Cancer Research UK aims to be GDPR compliant by July
Dogs Trust signs deal to secure GDPR compliance
Ten crucial steps to tackle GDPR compliance anxiety
Final data countdown: 16 months to save your business
Read it and weep: ICO offers latest GDPR guidance
Consumers back GDPR to make their data safer
7,000 data protection officers needed for UK firms
EU data reforms: the top 5 issues for marketers