UK Data Protection: Beware of the Consequences of Unsolicited Marketing Emails

October 12th, 2022 | Posted by Claude-Etienne Armingaud in English | Europe | Marketing | Privacy

Sending unsolicited marketing emails could prove costly to UK organisations, as bike and car accessory retailer Halfords have recently discovered.

Last month, Halfords were handed a fine of £30,000 by the Information Commissioner’s Office (ICO) for sending around half a million unsolicited marketing email messages to customers who had not previously opted-in to marketing (see here).

The fine was issued under the Privacy and Electronic Communications Regulations (PECR), which gives people specific privacy rights in relation to electronic communications and restricts how unsolicited direct marketing is carried out.

An investigation carried out by the ICO found that the retailer broke the laws governing electronic communications by sending out emails relating to a government voucher scheme that gave people £50 off the cost of repairing a bike at any participating store or mechanic in England. The email not only pointed customers to the government website, it also invited them to book a bike assessment and to redeem their voucher at their chosen Halfords store. The ICO concluded that the insinuation of Halfords having a direct connection with the government scheme encouraged its customers to redeem the voucher in its stores and that Halfords was therefore advertising its own services.

PECR prevents organisations from sending emails or messages to people unless they have consented to it or they are an existing customer who has bought similar products or services in the past (known as the “soft opt-in” rule).

Halfords argued that the email constituted a service message and should not be categorised as direct marketing, but the ICO maintained that the email did constitute direct marketing because it satisfied the definition of such under Paragraph 35 of the ICO’s Direct Marketing Guidance (see here).  In addition, the ICO concluded that the soft opt-in rule could not apply because the targeted customers had already opted out. 

Andy Curry, Head of Investigations at the ICO said: “This [decision] sends a message to similar organisations to review their electronic marketing operations, and that we will take necessary action if they break the law.”

First publication: K&L Gates Cyber Law Watch in collaboration with Keisha Phippen

You can follow any responses to this entry through the RSS 2.0 Responses are currently closed, but you can trackback.