British Retailer Fined for Sending Unwanted Marketing Emails

Why This Privacy Law is Important:

The United Kingdom’s Information Commissioner’s Office (ICO) has stepped up its enforcement of privacy and related compliance regulations, fining Halford’s, the UK’s leading retailer for automotive and bicycling products and services, £30,000 for sending nearly half a million marketing emails.

Overview:

The ICO fined Halford’s for breaking the Privacy and Electronic Communications Regulations (PECR), the law governing nuisance marketing for an email marketing campaign it launched in July 2020. This fine, issued on 7 September 2022, comes at roughly the same time as it issued two enforcement actions for violations of the Freedom of Information Act 2000 (FOIA), sending a strong signal that the ICO will be taking a more vigorous approach to enforcing its regulatory prerogatives.
In July 2020, Halfords sent almost 500,000 emails to people regarding a “Fix Your Bike” government voucher program. The emails encouraged recipients to book a free bicycle check-up and then redeem a £50 government voucher for the cost of repairs at one of its stores—but Halfords had not received informed consent from the people it emailed with the offer. They claimed they were allowed to send the emails under “legitimate interests,” but since the email advertised a service they would profit from, Halfords were not entitled to send the messages under that exception.

Who it Applies to: 

The PECR applies to organisations in the UK who market by phone, fax, text, or email; use cookies on their website; or compile telephone or similar public directories. It complements, not supersedes, GDPR, so organisations must comply with both sets of regulations. It’s important to realize that PECR applies even to organisations that do not process personal data.

Download the Privacy Alert to the right to get the full text and expert analysis!