ICO Fines Flybe and Honda Over SPAM
March 27, 2017
companies have been fined a total of £83,000 for breaking the
rules about how people’s personal information should be treated
when sending marketing emails.
An investigation by the Information Commissioner’s Office (ICO)
found Exeter-based airline Flybe deliberately sent more than 3.3
million emails to people who had told them they didn’t want to
receive marketing emails from the firm.
The emails, sent in August 2016 by Flybe, with the title ‘Are
your details correct?’ advised recipients to amend any out of
date information and update any marketing preferences. The email
also said that by updating their preferences, people may be
entered into a prize draw.
The airline has now been fined £70,000 for breaking the Privacy
and Electronic Communication Regulations (PECR).
A separate ICO investigation into Honda Motor Europe Ltd
revealed the car company had sent 289,790 emails aiming to
clarify certain customers’ choices for receiving marketing.
The firm believed the emails were not classed as marketing but
instead were customer service emails to help the company comply
with data protection law. Honda couldn’t provide evidence that
the customers’ had ever given consent to receive this type of
email, which is a breach of PECR. The ICO fined it £13,000.
Eckersley, ICO Head of Enforcement, said: “Both companies sent
emails asking for consent to future marketing. In doing so they
broke the law. Sending emails to determine whether people want
to receive marketing without the right consent, is still
marketing and it is against the law.”
“In Flybe’s case, the company deliberately contacted people who
had already opted out of emails from them.”
The ICO recognises that companies will be reviewing how they
obtain customer consent for marketing to comply with stronger
data protection legislation coming into force in May 2018.
Mr Eckersley warned: “Businesses must understand they can’t
break one law to get ready for another.”
Any company unsure of the best way to prepare for the change in
consent under GDPR should contact the ICO for advice.