ICO (UK) - SportsDirect.com Retail Limited
|ICO (UK) - SportsDirect.com Retail Limited|
Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003
Regulation 22(3) of the Privacy and Electronic Communications (EC Directive) Regulations 2003
|Parties:||SportsDirect.com Retail Limited|
|National Case Number/Name:||SportsDirect.com Retail Limited|
|European Case Law Identifier:||n/a|
|Original Source:||ICO (in EN)|
The UK DPA fined SportsDirect.com Retail Ltd approximately €82,000. The sports retailer infringed Regulation 22 of PECR by sending unsolicited marketing emails received by almost 2.6 million individuals.
English Summary[edit | edit source]
Facts[edit | edit source]
SportsDirect.com Retail Limited ('SportsDirect') is a sports retailer in the UK. It was the subject of various complaints via the UK DPA's online reporting tool in relation to unsolicited communications between December 2019 and February 2020. The ICO started an investigation on the basis of these complaints.
SportsDirect outlined that the personal data it used for direct marketing was obtained directly from customers after having given their consent. SportsDirect considered the direct marketing sent to individuals who complained to be a "re-engagement campaign". They claimed that these individuals had opted in to receiving marketing emails (and didn't unsubscribe). The emails sent amounted to a total of 459,882,124 emails, 2,565,513 of which were received as part of the "re-engagement campaign".
SportsDirect claimed to rely on a soft opt-in for 7 of the 12 complainants, and stated that it collected consent directly from 3 others. It did not have a record of having sent marketing to 1 complaints and had recently erased the data of another shortly after they complained.
During the investigation, the ICO uncovered that SportsDirect continued to send messages to customers signed up to a specific scheme even after the scheme had ended. SportsDirect claimed this to be on the basis of legitimate interest for the ex-members of the scheme.
Throughout the investigation, SportsDirect cited the challenges it faced to gather the information requested by the ICO. The ICO responded that some of the information, such as legal bases should be readily available to data controllers.
Holding[edit | edit source]
The Information Commissioner's Office (ICO) held that SportsDirect infringed Regulation 22 of Privacy and Electronic Communications (EC Directive) Regulations 2003 (hereafter PECR). 2,565,513 direct market emails sent by SportsDirect were received by subscribers. However, SportsDirect was unable to demonstrate evidence that it had valid consent to send these marketing emails. The ICO did not consider that SportsDirect could rely on the soft opt-in exception under Regulation 22(3) PECR.
Considering these factors, the ICO imposed a fine of approximately €82,000 (GBP 70,000) on SportsDirect.
Comment[edit | edit source]
Share your comments here!
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the English original. Please refer to the English original for more details.