MoneySupermarket Ltd fined £80,000 for sending millions of nuisance emails

email data breach

Well-known online price comparison website has been issued a hefty fine by the Information Commissioner’s Office (ICO) for reportedly sending millions of unwanted emails to customers who’d opted out of receiving marketing correspondence.

The company offers to compare prices for insurance, energy, credit cards, savings etc., and it’s likely that there’s always a myriad of deals and offers in these sectors; but many customers don’t want an abundance of emails constantly updating them of new deals. As with all newsletters, customers have a choice to opt-out, but in this case, appeared to ignore them under the reportedly ‘false pretence‘ of a legitimate update.

A “serious contravention”

The ICO’s monetary penalty notice says Ltd has been issued with the fine for the ‘serious contravention‘ of Regulation 22 of the Privacy and Electronic Communications Regulations (PECR). Under this regulation, companies and organisations may only send electronic emails to individual subscribers for direct marketing purposes only if the recipient has provided consent to receive such correspondence this way.

What happened?

In an email section titled ‘Preference Centre Update‘:

“We hold an e-mail address for you which means we could be sending your personalised news, products and promotions. You’ve told us in the past you prefer not to receive these. If you’re likely to reconsider, simply click the following link to start receiving our e-mails.”

A complaint was raised to the ICO for this email where the communications watchdog found that the organisation cannot “e-mail an individual to consent to future marketing message. That e-mail would be in itself sent for the purposes of direct marketing, and so is subject to the same rules as other marketing e-mails”.

Since the recipient had already opted-out, the email asking them if they wanted to opt back in was contrary to PECR rules.

No clear consent obtained

The ICO came to the conclusion that Ltd had not sought and obtained clear and specific consent from the 6,788,496 recipients and thus breached regulation 22(2) of PECR for the “sending of unsolicited direct marketing e-mails”.

The online comparison website was aware that the recipients had already opted-out of receiving emails from them and that to continue sending them the unsolicited emails was contrary to the Data Protection Act and PECR. With this knowledge, “consciously” continued the e-mail campaign to “customers who had explicitly opted-out of receiving direct marketing”. The company was unable to provide any evidence to the ICO that they had obtained consent to deliver the unwanted emails.

£80,000 penalty

The ICO issued a penalty fine of £80,000, a sum deemed “reasonable and proportionate given the facts of the case”. In justifying the fine, head of enforcement at ICO, Steve Eckersley, said:

“Organisations can’t get around the law by sending direct marketing dressed up as legitimate updates.”

The ICO warns that any organisation looking to circumvent regulations and ignore the law this way will be investigated and have action taken against them.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a Callback from our team!

Fill out our quick call back form below and we’ll contact you when you’re ready to talk to us.
All fields marked * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.