Bike and car accessory retailer Halfords has found itself in the wrong lane with Britain’s data watchdog for sending hundreds of thousands of unsolicited marketing emails to members of the public.
According to the Information Commissioner’s Office, it fined the business £30,000 for dispatching 498,179 messages to folk that hadn’t provided consent – equating to a £0.06 penalty per each email.
The decision relates to a direct marketing mailer that Halfords sent electronically on July 28, 2020 concerning a ‘Fix Your Bike’ government voucher scheme. This gave recipients up to £50 toward the cost of repairing a cycle in any approved retailer in the UK.
Unsurprisingly, Halfords’ marketing email urged the individuals to book a free bike assessment and redeem their voucher in store, meaning this was marketing designed to generate income for the company. As such, the advertising of the service meant Halfords couldn’t rely on ‘legitimate interest’ to send the mail, which the ICO said it had done.
Under electronic marketing rules, legitimate interest cannot be used as a genuine alternative to consent – yet a soft opt-in does allow marketeers to dispatch emails to customers whose details were taken when they bought something or negotiated a service.
The ICO said that in the case of Halfords, customers that received the marketing material had previously ticked the box about not being contacted again.
The email didn’t include an unsubscribe link, the ICO said.
Andy Curry, head of investigations at the ICO, said in a statement: “It is against the law to send marketing emails or texts to people without their permission. Not only this, it is a violation of their privacy rights as well as being frustrating and downright annoying.
“Halfords are a household name and we expect companies like them to know and act better. This incident does not reflect well on the internal advice or processes and therefore a fine was warranted in this case. This also sends a message to similar organisations to review their electronic marketing operations, and that we will take necessary action if they break the law.”
The ICO said Halfords broke Privacy and Electronic Communications Regulations 2003 (PECR), adding it should have been aware of the rules and taken steps to prevent the contraventions. The breach, however, was considered to be negligent rather than deliberate, hence the size of the fine was considered proportionate.
If Halfords agrees to pays the fine before October 4, it’ll get a 20 percent discount meaning it has to cough £24,000. ®