Halfords sent around half a million emails informing customers of a government scheme for bike servicing. They considered the email was a service email, so it was also sent to people who had opted out of marketing emails. But as the email directed people to the Halfords website to explain the scheme, the ICO considered it to constitute direct marketing – and without consent, it contravened PECR (albeit Halfords still dispute this).
The question vexing marketers is this: Rather than enforce an undertaking, why did the ICO fine Halfords £30,000, for an incident which produced only 3 complaints to the ICO?
As ever the devil is in the detail (here if you have the time). The ICO felt that given the risks, Halfords should have taken advice
“All that has been provided … is a copy of an internal email from Halfords’ Data Protection Officer … advising that the unsolicited email should contain a hyperlink to the Government website, “so that [Halfords] cannot be accused of linking to a marketing site” (sic).”
The ICO didn’t think this advice was enough.
And there’s the crux of it. If you’re going to do something that appears to contain some risk, be sure to take advice from independent and knowledgeable experts who may not always agree with you. Better that, than appearing in the national press after being fined by the ICO.
