Marketing mishap costs Papa John's
Last month, the Information Commissioner's Office ("ICO") has issued a £10,000 fine to Papa John's for sending over 165,000 marketing messages without properly meeting the requirements of the "soft opt-in" rule.
The background and breach
The pizza delivery and takeaway business, Papa John's, sent out a number of marketing messages to customers who had previously placed orders with Papa John's over the telephone between October 2019 and April 2020. 15 of these customers made complaints to the ICO.
Papa John's had relied on the "soft opt-in" approach for legitimising their SMS/e-mail marketing (as provided for in regulation 22 of the Privacy and Electronic Communications Regulations (PECR)), which is an alternative to opt-in consent when collecting contact details from customers.
This "soft opt-in" applies where an individual has purchased products or services (or expressed an interest in such products or services), provided their details, and not opted out of marketing. In such circumstances, retailers may be able to send marketing messages to these previous customers in respect of their similar goods or services. However, one of the conditions for "soft opt-in" is that the customer should be provided with an opportunity to opt-out of receiving marketing messages at the time their details are obtained.
Papa John's revealed that the customers who complained had placed an order over the telephone and provided their details, but were not given a direct option to opt-out of receiving marketing messages. Papa John's privacy notice was displayed in stores, and online, and individuals could access the marketing preference centre on Papa John's website. However, the ICO took the view that customers who ordered over the phone would not have seen the privacy notice and would not reasonably expect to receive the marketing messages.
The takeaway (do you see what we did there…)
This decision is a useful illustration of the need for retailers to ensure that all their data collection channels adhere to the rules. Whilst opt-out boxes are easy to incorporate in online user journeys (which are typically the main focus), it is important to note that traditional telephone ordering is subject to the same rules – therefore, phone scripts and preference capture tools are essential to prevent the call centre being the weak link.
When relying on the "soft opt-in", retailers and other businesses should be mindful to ensure that:
- the individual receiving marketing is an existing customer;
- they have obtained the individual's contact details in the course of a sale (or negotiations for a sale) of a product or service to that individual;
- they are only marketing their own similar products or services; and
- they gave the person a simple opportunity to opt-out of the marketing, both when collecting the details and in any marketing communications sent thereafter.