Papa don’t breach: UK data watchdog fines that other pizza place £10,000 over unsolicited marketing blitz
Latest in cybersecurity.
Pizza takeaway and delivery outfit Papa John’s has been fined £10,000 by the UK’s data watchdog for sending marketing fluff to punters without their say-so.
Following a year-long investigation, the Information Commissioner’s Office (ICO) found that the company had sent 168,022 “nuisance marketing messages to its customers without the valid consent required by law.”
One of the unnamed complainants said they had “never [given their] consent for marketing text messages” resulting in “distress.”
Another said they had received almost 100 messages in what was described as the “textbook definition of harassment.”
The case hinges on rules in the Privacy and Electronic Communications Regulations (PECR) 2003.
In particular, the ICO found that Papa John’s was relying on the “soft opt-in” exemption to send marketing texts and emails.
The “soft opt-in” exemption – for those unfamiliar with Regulation 22(3) PECR – means that organisations can send marketing messages by text and email to individuals whose details they’ve obtained in the course or negotiation of a sale, and in respect of similar products and services.
However, the organisation must also give the person a “simple opportunity to refuse or opt out of the marketing,” both when first collecting the details and in every message after that.
This, ruled the regulator [PDF], was the snag.
“The law is clear and simple,” said Andy Curry, ICO Head of Investigations. “When relying on the ‘soft opt-in’ exemption, companies must give customers a clear chance to opt out of their marketing when they collect the customers’ details.
“Papa John’s telephone customers were not given the opportunity to refuse marketing at the point of contact, which has led to this fine.”
A Papa John’s spokesperson told The Register: “Clearly, our intention was to reach only those potentially interested in our offers and we apologise unreservedly to any customers who were inconvenienced. Since this happened, we have performed a thorough review to ensure that we have got the correct permission from those we contact.”
In May, American Express was fined £90,000 by the ICO after spamming people who opted out of its marketing emails with 4.1 million unwanted messages.
In the same month, the ICO fined Tested.me Ltd of St Albans £8,000 for sending 84,000 direct marketing emails without consent to people who had provided their personal data for contact-tracing purposes. ®
via The Register – Security https://ift.tt/2XeTLgv
June 16, 2021 at 05:12AM