£10,500 ICO fine for Morrisons Breach of E-Privacy rules

12 Jul 2017

Ignoring customers’ express instruction to opt-out of marketing e-mails costs Morrisons £10,500

A recent case highlights the need for businesses to respect the wishes of customers regarding direct marketing, or face a complaint and possible enforcement action by the Information Commissioner’s Office (ICO).


Following a complaint, the ICO investigated whether the supermarket chain Morrisons had breached the law in sending an e-mail to 236,651 people who had opted out of receiving direct marketing e-mails relating to their store card by clicking on an ‘unsubscribe link’. The e-mail, which was successfully received by 130,671 people invited the recipients to change their preferences and gave information about how to opt back in to receive marketing.


Morrisons decided to send the e-mail as they had had reports from customers that they were not receiving e-mails following a systems update. However, a key point in this case is that businesses cannot e-mail an individual asking for consent to future marketing e-mails. This initial e-mail itself will be deemed to be sent for the purposes of direct marketing and will be a breach of the Privacy and Electronic Communications (EC Directive) Regulations 2013.


As Morrisons could not show that that the individuals to whom the e-mail had been sent had consented to receive it, it was in breach of the Privacy Regulations. The ICO imposed a monetary penalty (a fine) of £10,500 for the breach.