Flybe got it wrong, but they were trying to get it right.

On the 20th of March this year, the Information Commissioner’s Office (“ICO”) fined Flybe £70,000 for its breaches of the Privacy and Electronic Communications Regulations 2003 (which I’ll call the “Regulations”).

Part of the fine imposed by the ICO was as a result of Flybe emailing more than 3.3 million people who Flybe knew had opted out of receiving any marketing information from them. The mails sent by Flybe asked people:

  1. to amend any out of date information; and

  2. to review and update their marketing preferences.

The email which was sent out went further and told those receiving it that by updating their preferences, they may be entered into a prize draw.

The ICO pointed out that:

  1. sending emails to people asking them if they want to change their marketing preferences makes them marketing rather than “customer service” emails; and

  2. it is a breach of the Regulations to send emails of this nature to people who have already indicated that they wished to opt out of receiving marketing messages.

The fine against Flybe was made on the same day as another issued by the ICO against Honda. They were fined £13,000 for similar activity, sending out 300,000 emails asking people to clarify their marketing references.

Honda did not have any record of whether the individuals emailed had consented to receive direct marketing information from them. This was due to a fault in Honda’s system which meant that their authorised dealers, who had actually added the personal data into Honda’s system, were not required to clearly set out the individual's marketing preferences.

The size of the fine levied against Honda was much lower than that against Flybe because of the number of emails sent, as well as the fact that Honda had negligently failed to comply with the Regulations, whereas Flybe had acted deliberately.

The decision against Flybe is an important one in light of the actions many businesses will be taking to prepare for GDPR next year. It’s important to understand that even data cleansing activities amount to marketing under the Regulations and emails sent asking people to update their preferences must comply with the rules.

As Steve Eckersley, ICO’s Head of Enforcement says: “Businesses must understand that they can’t break one law to get ready for another”.

But the ICO does recognise that people do change their mind about receiving marketing material. In its direct marketing guidance the ICO makes it clear that it can be acceptable to give people a reminder that they can opt back into marketing provided that the reminder is “a minor and incidental addition to a message being sent anyway for another purpose”.

By Daniel Gardener

Subject to our terms and conditions and copyright policy.