UK Privacy Regulator Fines Halfords for Spam Deluge

Written by

High street retailer Halfords has been fined £30,000 by the UK’s privacy regulator for breaking the law governing nuisance marketing.

The bike shop chain sent 498,179 emails to people in July 2020 regarding a “Fix Your Bike” government voucher scheme, according to the Information Commissioner’s Office (ICO).

The marketing email encouraged recipients to book a free bicycle assessment and then redeem a £50 government voucher towards the cost of repairs at its stores.

The retailer apparently tried to rely on the “legitimate interest” defense to explain why it had sent the email to so many recipients without their informed consent.

However, because the email clearly advertised a service provided by the company that it would generate income from, “legitimate interest” could not be used as an alternative to consent, the ICO said.

One option in these situations is a “soft opt-in exemption,” which allows organizations to send marketing messages to customers “whose details have been obtained during the course of a sale or negotiations for similar services.”

However, Halfords could not rely on this defense either, as recipients of its marketing campaign message had not already opted in, the ICO said.

Head of investigations at the regulator, Andy Curry, confirmed that it is against the law in the UK to send marketing emails or texts to people without their permission.

“Not only this, it is a violation of their privacy rights as well as being frustrating and downright annoying. Halfords are a household name and we expect companies like them to know and act better,” he added.

“This incident does not reflect well on the internal advice or processes and therefore a fine was warranted in this case. This also sends a message to similar organizations to review their electronic marketing operations, and that we will take necessary action if they break the law.”

The ICO fined Halfords under the Privacy and Electronic Communications Regulations (PECR), which are designed to protect consumers from excessive marketing missives, online tracking and related offenses.

What’s hot on Infosecurity Magazine?