Not sure what message this sends out!
Let me tell you a little story: there was this catalogue retailer called Easylife, and they made a pretty big mistake with their marketing.
They tried to guess their customers’ health conditions based on what they’d bought in the past and then tried to sell them related products. This a classic example of profiling gone wrong.
A lot of marketers get nervous about profiling because it can seem like an invasion of privacy, especially if it’s done in a sneaky or underhanded way.
But the thing is, profiling can actually be really helpful for sending people marketing messages that are actually relevant to them.
So the ICO fined Easylife £1.35 million in October last year, and now they’re on the regulator’s radar for the future, which is not a great place to be.
But, this is where it gets a little concerning for me. Easylife stopped this processing and appealed to the first Tier Tribunal about the size of the fine.
And after representations from Easylife, which have not been disclosed, an agreement has been reached which sees the ICO reduce the fine to £250,000!
The Information Commissioner, John Edwards said:
“As a pragmatic and proportionate regulator, my role is to ensure that we protect the public and ensure businesses abide by the law.
“Easylife has confirmed that it has stopped the unlawful processing which formed the basis of the ICO’s concerns. Having considered the amount of the penalty again during the course of the litigation, in light of the issues raised by Easylife, I considered that a reduction was appropriate.”
Now, this is not the first time that an enormous fine originally imposed on companies for breaches of data protection has been slashed.
Both British Airways and Marriott International Hotels were fined in 2020 after hackers breached their systems.
The original fines the ICO announced were £183.4m for BA and £99m for Marriott.
But when the monetary penalty notices were eventually imposed, these had been reduced to £20m and £18.4m. A discount of nearly 92% and 94% respectively.
These are still the 2 highest fines that have been imposed, but the message seems to be if you say you’re sorry, stop the processing complained about and say you’ll never do it again, the ICO will reduce your fine substantially.
I really want to know what all these companies said to the ICO to achieve such great results.