Skip to main content

Morrisons fined for breaching PECR rules

HR Newsletter | HR Solutions

Morrisons must pay £10,500 in fines for their aggressive marketing practices against PECR guidelines. It followed complaints that the supermarket had sent out over 130,000 emails to customers who had opted out.

The Information Commissioner’s Office’s (ICO)
 PECR investigation found that Morrisons intentionally sent the 130,671 emails. However, the recipients had requested to not receive marketing related to the store’s More card.

Breach of PECR

The supermarket sent out the emails towards the end of last year. The correspondence invited customers to update their marketing preferences. They could then receive extra store card points and money off vouchers. But the ICO concluded that Morrisons had breached privacy and electronic communication regulations (PECR).

Under the ICO’s powers to enforce certain sanctions for serious PECR breaches, it fined the supermarket £10,500. The ICO said the public must feel they can trust companies to respect their wishes regarding their personal information. It also accused the firm of deliberately ignoring their customers’ wishes.

Flybe and Honda

Earlier this year, the airline Flybe and car manufacturer Honda were also under the spotlight for breaching electronic communication rules. The ICO fined Flybe £70,000 for sending over 3.3 million emails that asked customers to confirm their details. Around the same time Honda received a £13,000 fine after sending 289,790 emails asking customers if they wished to receive marketing.

Options to opt-in and opt-out

The Privacy and Electronic Communication Regulations (PECR) sets out specific rules governing the use of marketing by electronic communications. This includes e-mail, telephone, text message and also automated calls. The Regulations only apply to unsolicited marketing, where the recipient has not specifically requested it. The Regulations specify that direct marketing must receive positive indications of consent. This could include subscribing, clicking an icon or sending an email. This ensures the individual can clearly and knowingly give their consent to receiving marketing material.

General Data Protection Regulation

Fines for breaking these regulations can amount to anything up to £500,000. However, this figure will shoot up when the new EU General Data Protection Regulation (GDPR) starts on 25 May 2018. Companies could receive fines of up to 4% of their global turnover. In fact, last year’s fines issued by the ICO would have risen to £69m from £880,500 under GDPR.
Wetherspoons decides to delete entire customer email database to avoid data breaches.

Meanwhile, pub chain J.D. Wetherspoon has announced it will delete its entire email mailing list and no longer use email to distribute its newsletters. The company will delete its entire database of customer email addresses. Wetherspoon had sent monthly updates and news to customers via email. However, it will now just promote deals via Twitter, its Facebook page and website. Wetherspoon’s decision comes after it experienced a serious data breach in December 2015.

The company says that the less customer data it holds, the less risk. And this may influence more companies to also scale back their customer email database as the launch of GDPR gets closer.



Interested in what we do?

Get the latest news from HR Solutions delivered to your inbox