The high street supermarket chain, WM Morrison Supermarkets Plc, sent 130,671 emails to individuals that had opted out of receiving marketing emails. The emails titled ‘Your Account Details’ and were sent in October and November 2016, and they invited the individuals to alter their marketing preferences so that they had the option to start receiving money off coupons, extra More Points and the ‘latest news’ from the supermarket.
The Information Commissioner’s Office (ICO) is a non-departmental public body representing and upholding information rights that are in the public interest, and promotes openness for public bodies and individual’s data privacy. The Data Protection Act 1996, Freedom of Information Act 2000, Environmental Information Regulations 2004, and the Privacy and Electronic Communications Regulations 2003 sets out the ICO’s responsibilities.
The ICO is empowered to take action, both criminal and civil, to change the behaviour of individuals that collect, use and keep personal information. It has the power to impose fines of up to £500,000 on the data controller.
Deputy Commissioner Simon Entwisle said:
“It is vital that the public can trust companies to respect their wishes when it comes to how their personal information is used for marketing.”
“These customers had explicitly told Morrisons they didn’t want marketing emails about their More card. Morrisons ignored their decision and for that we’ve taken action.”
The Data Protection Act 1996 is to be replaced on the 25 May 2018 by the General Data Protection Regulation (GDPR). The new regulations, introduced by the European Parliament, the Council of the European Union and the European Commission, intend to strengthen and make consistent data protection for all individuals within the European Union. The Government has confirmed that the UK’s exit from the EU will not affect the implementation and commencement of the new regulations.