6/9/22
ICO has fined UK retailer Halfords £30k for sending 498,179 direct marketing emails unlawfully.
The email contained an offer related to a “Fix Your Bike” government scheme, which provides a voucher for up to £50 towards the cost of repairing a bike.
We can’t help notice that Halfords may still be quids in. If 0.12% of those people emailed took up the offer and claimed £50 from the government scheme, and then gave that money to Halfords, then Halfords would have made £30k. If 1% of recipients took up the deal, Halfords would have got £250k. So, we wonder how much of a deterrent the fine is.
Halfords had decided that the email was a service message, as there was no direct cost to the recipient. They said they were informing people of the government offer.
The emails were sent under the lawful basis of “legitimate interest”.
Halfords PECR Data Protection Fine
However, the ICO noted that Halfords would financially benefit from people taking up the offer with them, therefore the emails were unsolicited direct marketing.
This causes problems under the Privacy and Electrionic Communications Regulations (PECR), which sit alongside GDPR and the UK Data Protection Act.
The email did not contain an unsubscribe link, which means that soft-opt-in could not have been applied, although we found the ICO report unclear on whether the accounts would otherwise have the soft-opt-in option, given a percentage had recently purchased a bike from Halfords. It is also unclear what percentage had actually subscribed to such information.
ICO online guidance states: “Routine customer service messages do not count as direct marketing – in other words, correspondence with customers to provide information they need about a current contract or past purchase (eg information about service interruptions, delivery arrangements, product safety, changes to terms and conditions, or tariffs). General branding, logos or straplines in these messages do not count as marketing. However, if the message includes any significant promotional material aimed at getting customers to buy extra products or services or to renew contracts that are coming to an end, that message includes marketing material and the rules apply.”
As such, the ICO suggests that the lawful basis of “consent” would have been necessary, where people would have had to take action to opt in.
Halford’s emails were sent on 28th July 2020, so it has taken more than 2 years for this fine to be agreed.
Halfords was only aware of 7 people complaining, 3 of which were direct to the ICO.
If you need help with data protection matters, simply contact our specialists here: