Direct marketing emails can quickly get a company into trouble. Two companies in the UK found themselves on the wrong end of compliance with the Privacy and Electronic Communications Regulations 2003 (PECR).
The Information Commissioner’s Office (ICO), tasked with enforcing PECR, recently issued a fine against Flybe and Honda for violating the direct marketing provisions under the regulations.
Flybe is a regional airline carrier based in Exeter.
In August 2016, Flybe sent out emails with the subject: “Are your details correct?” The email requested recipients to amend any out-of-date information and update their marketing preferences. It also enticed participants to update their preferences to be entered for a prize drawing.
After a complaint to the ICO by an email recipient, an ICO investigation ensued and found that Flybe sent emails to 3.3 million customers who explicitly opted out of direct marketing from the airline company.
ICO fined Flybe £70,000 for their violations of the direct marketing provisions under PECR.
ICO issued a similar fine against Honda on the same day for £13,000.
Honda similarly sent almost 300,000 emails asking customers to clarify their marketing preferences. Without direct evidence to show whether the recipients consented to direct marketing, Honda violated PECR.
Again, the ICO found the emails in violation of PECR. The fine assigned is significantly lower that Flybe’s due to the smaller size of emails involved. The comparison of Honda’s negligence with Flybe’s deliberate noncompliance is also relevant when reflecting on the disparaging fine amounts
ICO made several assertions regarding the two cases and the subject of direct marketing under PECR.
Steve Eckersley, ICO Head of Enforcement, confirmed that emails asking recipients if they want to change any marketing preferences are themselves marketing emails… not customer service emails. And thus, they are subject to the rules of PECR.
Further, any company sending these types of emails to customers who opted out of marketing emails are in violation of PECR.
In providing a solution for compliance, ICO referenced their recently
Interestingly enough, the violating companies were supposedly preparing for compliance under the GDPR for provisions related to consumer consent.
As the effective date for GDPR is approaching, expect to see more companies over the next year’s countdown looking for clever ways to comply with the consent requirements. Many companies with a presence in the UK will face similar dangers, like those impacting Honda and Flybe.
We’ve seen related issues with marketing emails in Canada as well. As we noted here, Canada’s law opens up to private right of action starting July 1st.
Companies should use caution when preparing for GDPR compliance or cleansing their marketing lists. Remember:
Don’t break one law in order to follow another…