Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

UK: ICO fines Royal Mail Group £20,000 for unsolicited marketing

The Information Commissioner's Office ('ICO') published, on 8 March 2022, its monetary penalty notice, issued on 7 March 2022, in which it imposed a fine of £20,000 on Royal Mail Group Limited, for violation of Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 ('PECR'), following an investigation into a breach, thought to be triggered by a technical error.

Background to the case

In particular, the ICO noted that, on 27 April 2021, Royal Mail had sent a total of 215,202 direct marketing emails to individuals for whom it did not hold valid consent, of those 213,191 direct marketing emails were received by subscribers. Although it initially reported that the breach occurred due to a technical error, Royal Mail later confirmed that it was caused by a manual error.

Findings of the ICO

Following its investigation, the ICO determined that Royal Mail did not have the necessary valid consent for the 213,191 direct marketing messages received by subscribers. The ICO further found that for individuals who had checked out as guests, i.e. those who did not create a Royal Mail account, Royal Mail could not rely on soft opt-in as it cannot be said that individuals were given a simple means of refusing the use of their contact details for the purposes of such direct marketing, at the time that the details were initially collected. Therefore, the ICO stated that Royal Mail, in its conduct of sending advertising materials of post stamps via email, constituted unsolicited communications by means of electronic mail to individual subscribers and thus violated Regulation 22 of the PECR. 

Furthermore, in calculation of the fine, the ICO considered that previous action had been taken against Royal Mail for a contravention of Regulation 22 of the PECR, at which point it would have been provided with clear advice as to compliance with the same.

Outcome

Consequently, the ICO concluded that it was appropriate to issue a fine of £20,000 to Royal Mail, to be paid by 6 April 2022.

You can read the decision here.