Global food delivery company HelloFresh, whose annual revenues top €6bn, has been fingered by the UK Information Commissioner’s Office for a blatant and sustained breach of data protection law after being caught sending 79 million illegal emails and 1 million spam texts over a seven-month period.
The regulator launched an investigation into the UK division in March 2022 following complaints made directly to the regulator, as well as to the 7726 spam message reporting service.
The probe uncovered that HelloFresh’s marketing messages were sent based on an opt-in statement which did not make any reference to the sending of marketing via text. And while there was a reference to marketing via email, this was included in an age confirmation statement which was likely to unfairly incentivise customers to agree, the ICO ruled.
Customers were also not given sufficient information that their data would continue to be used for marketing purposes for up to 24 months after cancelling their subscriptions.
In total, between August 23 2021 and February 23 2022 there were 80,893,013 direct marketing messages sent, comprising 79,779,279 emails and 1,113,734 SMS messages received by subscribers.
Following the investigation, the ICO found that the company (Grocery Delivery E-Services UK ) contravened regulation 22 of the Privacy & Electronic Communications Regulations (PECR) 2003 and it has now been served with a fine of £140,000.
ICO head of investigations Andy Curry said: “This case marked a clear breach of trust of the public by HelloFresh. Customers weren’t told exactly what they’d be opting into, nor was it clear how to opt out. From there, they were hit with a barrage of marketing texts they didn’t want or expect, and in some cases, even when they told HelloFresh to stop, the deluge continued.
“In issuing this fine, we are showing that we will take clear and decisive action where we find the law has not been followed. We will always protect the right of customers to choose how their data is used.
“The investigation that led to this fine began following complaints filed by the public and shows just how important it is that if you are being contacted with nuisance calls, texts or emails, that you report it straight away.”
HelloFresh is the latest in a long line of major brands which have been whacked for breaches of the PECR rules; joining Halfords, Virgin Media, Unite Union, We Buy Any Car, Sports Direct and Saga on the hit list.
Related stories
Nuisance call complaints soar 60% as rogues return
PECR wrecker recruitment firm hit with £130,000 fine
Wheels come off at Halfords over PECR email cock-up
ICO proves even a tiny PECR can be reputation wrecker
Virgin Media fined for illegal email marketing campaign
Unite union fined for abusing data rights of members
Top brands fingered and fined for being PECR wreckers