The Information Commissioner’s Office has imposed a £90,000 fine on a major credit card provider after it sent 4.1 million marketing emails to customers who hadn’t consented to receiving communications of this nature. The firm’s misconduct continued over a 12-month period between June 1 2018 and May 21 2019.

The ICO rejected the firm’s argument that the messages were merely servicing communications and not marketing messages and concluded that the firm had breached Regulation 22 of the Privacy and Electronic Communications Regulations 2003 by sending unsolicited marketing communications.

The messages typically included some or all of the following:

  • Details on the rewards of shopping online with the card, including links to webpages that gave details of special offers, and details of how customers could accumulate rewards points
  • Information on ways of getting the most out of using the card
  • Suggestions to customers that they downloaded the firm’s app
  • Encouragements to use the card while on holiday

Examples of wording used include:

“From your daily coffee purchases, streaming services, or your annual season ticket – whenever you use your Card, you collect [redacted]. Redeem your collected [redacted] for flights, hotels, or car hire, or even use your [redacted] for part payment towards an unmissable experience.”

“Whenever you make purchases, you can enjoy the rewards and protection that come with your Card, even when you buy online.”

” As a Cardmember, you have access to personalised offers wherever you are, all on the go with the [name of firm] App – so you’ll never miss a saving while you’re out and about again.”

The data protection regulator says that the messages were subject to the laws on marketing communications as they were “designed to encourage customers to make purchases on their cards which would benefit [the firm] financially. It adds that the communications were “a deliberate action for financial gain” and comments that the firm did not review its marketing strategy in any way once customers began to complain about receiving the messages.

In replying to the ICO, the firm repeatedly stated that their customers would be “at a disadvantage if they were not aware of the campaigns and promotional periods”. However, the ICO says that, if this was a legitimate defence, it could be used by every firm found to be in breach of the PECR direct marketing rules.

Andy Curry, ICO Head of Investigations said:

“This is a clear example of a company getting it wrong and now facing the reputational consequences of that error.

“The emails in question all clearly contained marketing material, as they sought to persuade and encourage customers to use their card to make purchases. [the firm]’s arguments, which included, that customers would be disadvantaged if they weren’t aware of campaigns, and that the emails were a requirement of its Credit Agreements with customers, were groundless.

“Our investigation was initiated from just a handful of complaints from customers, tired of being interrupted with emails they did not want to receive. I would encourage all companies to revisit their procedures and familiarise themselves with the differences between a service email and a marketing email and ensure their email communications with customers are compliant with the law.”