Cookies on Pinsent Masons website

Our website uses cookies and similar technologies to allow us to promote our services and enhance your browsing experience. If you continue to use our website you agree to our use of cookies.

To understand more about how we use cookies, or for information on how to change your cookie settings, please see our Cookie Policy.

ICO fines serve warning to businesses seeking to update customer databases ahead of GDPR

A UK watchdog has warned businesses of the risk of breaching privacy laws when seeking to update customer databases in line with new EU data protection laws.27 Mar 2017

The Information Commissioner's Office (ICO) said businesses must be careful not to engage in direct marketing activity that they have not obtained consent for if asking recipients to update their marketing preferences for future.

It said that is aware that businesses "will be reviewing how they obtain customer consent for marketing" as part of moves to comply with the General Data Protection Regulation (GDPR), which will apply from 25 May 2018.

The ICO's warning was issued as it confirmed that it had fined two businesses a total of £83,000 for breaching the UK's Privacy and Electronic Communications Regulations (PECR).

"Businesses must understand they can’t break one law to get ready for another," the ICO's head of enforcement Steve Eckersley said.

According to the ICO, airline operator Flybe and car manufacturer Honda separately breached PECR when they asked consumers to confirm whether they wished to receive marketing emails from them in future.

The watchdog fined Flybe £70,000 (15-page / 157KB PDF) after the company last year sent 3,333,940 direct marketing emails to customers who had previously opted out of receiving marketing emails from the airline.

The ICO deemed that the emails, which explained that those that updated their marketing preferences could be entered into a prize draw, constituted marketing messages and that the company did not have the consent to send them to the recipients. It said Flybe was responsible for a serious breach of PECR.

The ICO also fined Honda £13,000 (17-page / 163KB PDF) for a breach after the company was unable to show that it had consent to send 289,790 emails to consumers who it asked to update their preferences for receiving marketing communications.

Steve Eckersley, ICO head of enforcement, said: "Both companies sent emails asking for consent to future marketing. In doing so they broke the law. Sending emails to determine whether people want to receive marketing without the right consent, is still marketing and it is against the law."

"In Flybe’s case, the company deliberately contacted people who had already opted out of emails from them," he said.