Honda and low-cost airline Flybe have been fined a total of £80,000 by the Information Commissioner's Office (ICO) for sending marketing emails to consumers without their consent.
In advance of the stiff fines that could be levied under the General Data Protection Regulation (GDPR), the ICO said that it wants to send out a strong warning to companies in the UK to respect customers' data-privacy wishes. Under GDPR, organisations could be fined up to four per cent of annual turnover for flagrant breaches.
Following an investigation, the ICO found that in August 2016, Flybe deliberately sent more than 3.3 million emails to people who had explicitly told them they didn't want to receive marketing emails from the firm.
The emails had the subject ‘Are your details correct?', with the airline asking recipients to update their personal details and their marketing preferences. It said that by updating their preferences, they would be entered into a prize draw.
It was fined £70,000 for breaking Privacy and Electronic Communication Regulations (PECR), the ICO said.
In a separate investigation, the ICO found that Honda Motor Europe had sent nearly 300,000 emails to consumers, asking them to clarify their choices for receiving marketing emails.
According to the monetary penalty notice, Honda had argued that there was a design flaw in the software portal.
This meant that some of its dealers, when inputting customer data into Honda's central customer database, had confirmed that an individual had agreed to direct marketing, but had either failed to complete the marketing preferences field, or had placed an ‘X' rather than a 'yes' or 'no' in the applicable field, as it wasn't mandatory to complete the field.
The company believed the emails were not deemed as ‘marketing', and instead were ‘customer service' e-mails that would help it to comply with data protection law.
However, it couldn't provide any evidence that the customers had given consent to receive this type of email. It was fined £13,000 for the breach.
"Both companies sent emails asking for consent to future marketing. In doing so they broke the law. Sending emails to determine whether people want to receive marketing, without the right consent, is still marketing and it is against the law," said Steve Eckersley, the ICO's head of enforcement.
"In Flybe's case, the company deliberately contacted people who had already opted out of emails from them," he added.
Eckersley also suggested that companies should be gearing up for the incoming EU General Data Protection Regulations (GDPR), and should therefore be looking at how they obtain customer consent for marketing when stronger laws are enforced and much bigger fines levied.
"Businesses must understand they can't break one law to get ready for another," he said.
If the companies pay their fines before 18 April 2017, the ICO will reduce the respective monetary penalties by 20 per cent.
Not all loose ends tied yet, admits Bain backer SK Hynix
It's Stack Overflow's second calculator, and first for external devs
Theresa May always the keenest cabinet voice in favour of draconian online censorship, surveillance and controls
No need to waste time on Google launch planned for 4 October