Retailer Easylife Fined £1.5m for Data Protection Breaches

A leading UK catalog retailer has been issued with a financial penalty of close to £1.5m by the country's information regulator for breaching data protection and marketing laws.

The Information Commissioner’s Office (ICO) said today that Easylife used the personal information of its customers to target them with health-related products without their consent.

The firm claims to be one of the largest home and garden retailers of its kind in the UK, although it also sells products and services related to health and motoring.

The ICO said that Easylife used purchase information to make assumptions about a customer’s health and then marketed related products and services to them. It explained that 80 out of 122 products in Easylife’s Health Club catalog, were considered to be “trigger products” which, if bought, would lead to the firm profiling the customer and targeting them with follow-on calls and emails.

For example, a purchase of a jar opener or dinner tray would lead the firm to infer the customer had arthritis. It would then follow-up with pitches for them to buy glucosamine joint patches, the ICO said.

This kind of ‘invisible’ data processing is illegal under the GDPR, which usually requires firms to first obtain informed consent from customers in such situations.

A separate investigation by the regulator found that, between August 2019 and August 2020, Easylife made over 1.3 million unwanted marketing calls to people registered with the Telephone Preference Service (TPS) – which opts them out of such calls.

The ICO fined Easylife £1.35m for breaches of data protection law and £130,000 for making “predatory” marketing calls.

“The invisible use of people’s data meant that people could not understand how their data was being used and, ultimately, were not able to exercise their privacy and data protection rights,” said information commissioner, John Edwards.

“The lack of transparency, combined with the intrusive nature of the profiling, has resulted in a serious breach of people’s information rights.”

Edwards added that his office received many calls from individuals who felt “threatened and distressed” by Easylife’s aggressive marketing tactics.

“This is unacceptable,” he continued. “Companies making similar nuisance calls and causing harm to people can expect a strong response from my office.”

What’s Hot on Infosecurity Magazine?