Watchdog fines Morrisons for spamming opt-out customers

Supermarket coughs up £10,500 for asking customers to opt-in to marketing emails

Morrisons

The Information Commissioner's Office (ICO) has fined Morrisons supermarket 10,500 for sending out spam to its customers, despite them opting out of receiving marketing emails.

The UK data protection watchdog found that the chain had knowingly sent 130,671 emails to people holding a Morrisons store card who had preciously opted out of receiving such emails.

Advertisement - Article continues below

The emails were sent to customers in the tail-end of 2016 and included the subject line, "Your Account Details." The email in question then asked recipients to change their marketing preferences so they could then receive discounts and earn extra points from using their card. Opting in would also mean Morrisons could send newsletters detailing the company's latest news and information.

"It is vital that the public can trust companies to respect their wishes when it comes to how their personal information is used for marketing," ICO deputy commissioner Simon Entwisle said.

"These customers had explicitly told Morrisons they didn't want marketing emails about their More card. Morrisons ignored their decision and for that we've taken action."

The ICO added that fining businesses that misuse the UK's systems of opting in or out to marketing materials will go some way to ensure all companies adhere to the new General Data Protection Regulation (GDPR) guidelines planned to come into force in 2018. The GDPR will force companies to require clear opt-in consent from customers to use their personal data for particular purposes.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Under GDPR, any company that possesses personal customer information must ensure it's fair and lawfully processed, processed for limited purposes, any use of that customer data is for adequate, relevant and not excessive reasons, is always up to date and accurate, isn't kept longer than deemed necessary, is processed within the customer's rights, is secure and never transferred to any other country without being adequately secured.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement

Recommended

ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Supreme Court rules Morrisons was not liable for 2014 data breach
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
Police use of facial recognition ruled unlawful in the UK
privacy

Police use of facial recognition ruled unlawful in the UK

11 Aug 2020