Reading:
Morrisons fined £10,500 for breaching data privacy rights
Share:
Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
The 4th largest supermarket chain in the U.K. has been fined by the Information Commissioner’s Office (‘ICO’) for breaking data protection laws in regards to how personal information is being used when sending marketing emails.
The ICO undertook an investigation into the supermarket chain after allegations were made by an individual that WM Morrison Supermarkets PLC (‘Morrisons’) were sending emails that customers had previously opted out of.
The Commissioner wrote to Morrisons on 28th November 2016 notifying them of the complaint made against them.
The investigation found that Morrisons intentionally sent 130,671 emails to customers who had previously opted out of receiving marketing emails relating to their ‘Morrisons More’ card.
The ICO warned that civil monetary penalties of up to £500,000 could be issued for breaching the Privacy and Electronic Communication Regulations (‘PECR’). Regulation 22(1) states: “this regulation applies to the transmission of unsolicited communications by means of electronic mail to individual subscribers.” Regulation 22(2) states that a person shouldn’t send “unsolicited communications for the purpose of direct marketing via email” unless they’ve obtained the consent of the recipient.
Regulation 22(3) lists exceptions to the general rule. A person may send emails for direct marketing where:
The emails were reportedly sent between 24th October and 25th November 2016 titled ‘Your Account Details’.
The email invited customers to change their marketing preferences to start receiving money-off coupons, extra ‘More Points’ and the latest news from Morrisons. This appears to have had the intended effect of making customers opt-in to their marketing emails so they could receive the listed benefits above.
However, this was done wrongfully to start with because customers had already opted-out of these emails, and Morrisons seem to have circumvented those wishes.
Morrisons tried to argue that, because they were receiving multiple queries from customers stating they weren’t receiving emails, they had chosen to send the ‘Your Account Details’ email to opted-out customers to advise them of their marketing preferences.
Unfortunately, Morrisons weren’t able to prove that the customers receiving the emails had consented to the same. Therefore, the ICO found that Morrisons had in fact breached Regulation 22 of the PECR.
Deputy Commissioner, Simon Entwisle, noted the importance of a customers’ free will over their personal data:
“It is vital that the public can trust companies to respect their wishes when it comes to how their personal information is used for marketing. These customers had explicitly told Morrisons they didn’t want marketing emails about their More card. Morrisons ignored their decision and for that we’ve taken action.”
Email marketing is only allowed to be sent to individual customers if they’ve given their permission. Emails of this nature should clearly indicate:
Companies and organisations must check they’re not sending emails to any customer who has opted out and explicitly asked not to receive them. In this case, Morrisons breached these provisions as customers who had “opted out” of receiving the marketing emails still received them.
Morrisons has been fined £10,500 for breaking the PECR.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
