Easylife was fined £1,480,000 for illegal profiling and predatory marketing calls which resulted in several complaints to the ICO.
The ICO has fined Easylife Ltd £1,350,000 for using the personal information of 145,400 customers to target them with health-related products after predicting their medical conditions based on previous purchases without their consent. The company was fined an additional £130,000 for making over 1.3 million predatory direct marketing calls. The catalogue retailer would target customers with health related items after purchases of certain “trigger products” from their catalogue. The ICO found that the company had been profiling customers as well as engaging in “invisible” processing of health data.
Easylife assumed medical conditions based on the purchase of “trigger products”, and then marketed health-related products to clients.
The company, Easylife is a catalogue retailer selling a range of household items and services. The company also has Health, Motor, Supercard, and Gardening Club memberships. Over the course of an ICO investigation, it was revealed that when an Easylife customer purchased a product from the company’s Health Club catalogue, assumptions were made about their medical condition based on the purchase, and the company then marketed health-related products to the customer without their consent. Out of 122 products in the Health Club catalogue, 80 were considered “trigger products” which would then incite the marketing of other health-related products to a customer.
As an example, if a customer bought a jar opener or a dinner tray, Easylife would use that purchase data to profile that person, assuming that they have arthritis and would then call them to market glucosamine joint patches.
The ICO found the company guilty of profiling without consent and “invisible” data processing.
The ICO found that Easylife engaged in significant customer profiling and “invisible” processing of health data. The processing is considered “invisible” because individuals were not aware that the company was collecting and using their personal data for that purpose. This processing violates data protection law. In a statement from the ICO, John Edwards, UK Information Commissioner, said “The invisible use of people’s data meant that people could not understand how their data was being used and, ultimately, were not able to exercise their privacy and data protection rights. The lack of transparency, combined with the intrusive nature of the profiling, has resulted in a serious breach of people’s information rights.”
The ICO also found the company guilty of making over 1.3 million predatory marketing calls.
In another investigation the ICO found that, between August 2019 and August 2020, Easylife also made 1,345,732 unwanted marketing calls to people registered with the Telephone Preference Service (TPS). According to the Privacy and Electronic Communications Regulations (PECR), individuals registered with this service should not receive live marketing calls unless they have informed the caller that they wish to receive these calls. UK Information Commissioner, John Edwards said in a statement “Easylife was not only found guilty of breaching data protection law, but our investigation also discovered that they made thousands of predatory marketing calls to people who clearly did not want to receive them. It is clear from the complaints we received that people felt threatened and distressed by the company’s aggressive tactics. This is unacceptable. Companies making similar nuisance calls and causing harm to people can expect a strong response from my office.”
Does your company have all of the mandated safeguards in place to ensure the safety of the personal data you collect or process? Aphaia can help. Aphaia also provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.