The Information Commissioner’s Office (ICO) has fined food delivery company HelloFresh £140,000 for a campaign of 79 million spam emails and 1 million spam texts over a seven-month period.
HelloFresh, under its official name Grocery Delivery E-Services UK Limited, was deemed to contravene regulation 22 of the Privacy and Electronic Communications Regulations 2003.
Key points from this case include:
- Inadequate Consent Mechanism: The opt-in statement used by HelloFresh did not specifically mention the use of text messages for marketing. While there was a mention of email marketing, it was ambiguously tied to an age confirmation statement, which could mislead customers into consenting.
- Lack of Transparency: Customers were not properly informed that their data would continue to be used for marketing purposes for up to 24 months after they cancelled their subscriptions with HelloFresh.
- Continued Contact Post Opt-Out: The ICO’s investigation revealed that HelloFresh continued to contact some individuals even after they had explicitly requested for the communications to stop.
- Volume of Complaints: The investigation was triggered by numerous complaints, both to the ICO and through the 7726 spam message reporting service.
- Substantial Fine: As a result of these findings, HelloFresh was fined £140,000.
Andy Curry, Head of Investigations at the ICO, emphasised the severity of the breach, noting that HelloFresh failed to provide clear opt-in and opt-out information, leading to a bombardment of unwanted marketing communications. The ICO’s decision to impose a fine reflects their commitment to enforce the law and protect customer data rights.
This case serves as a reminder of the importance of complying with data protection and electronic communications regulations, especially in terms of obtaining clear and informed consent for marketing communications.
Dive deeper into the realm of data protection with our UK GDPR Practitioner Certificate, offering crucial insights into compliance essentials highlighted in this blog. Limited spaces are available for our January cohort – book now to enhance your understanding and navigate data regulations with confidence.