Pub chain J.D. Wetherspoon has deleted its entire email mailing list and says it will stop sending newsletters via email. The unexpected move was announced on Friday June 23 in an email from chief executive John Hutson.
“Many companies use email to promote themselves, but we don't want to take this approach – which many consider intrusive,” Hutson wrote to subscribers. “Our database of customers’ email addresses, including yours, will be deleted.”
Wetherspoon, which has used monthly emails to update customers on special offers, will instead promote deals on its website, as well as its Twitter and Facebook pages.
It is not known how many emails Wetherspoon has deleted. However, when the firm suffered a breach of their customer database in 2015, it was reported that they had 656,723.
The news comes after several companies received fines for sending marketing messages to people who didn’t explicitly consent to receive emails. In March, airline Flybe was fined £70,000 by the Information Commissioner’s Office (ICO) after sending more than 3.3 million emails under the title “Are your details correct?”
The same month, car manufacturer Honda was fined £13,000 by the ICO after sending 289,790 emails clarifying whether customers wanted to receive marketing. In June, Morrisons was fined £10,500 for sending 131,000 emails to people who had opted out of marketing related to their Morrisons loyalty card.
"On a risk basis, it’s just not worth holding large amounts of customer data which is bringing insufficient value," says Jon Baines, chair of The National Association of Data Protection and Freedom of Information Officers. "This could be the case even where the organisation is clear on which customers have given consent to marketing and which haven’t."
Alternatively, Wetherspoon could have lost track of who had given consent - and, as Honda saw, once that happens there's no good way of finding out. "In circumstances like this, it's not inconceivable that an organisation will simply decide that they cannot lawfully use the data they hold," Baines tells WIRED.
Flybe, Morrisons and Honda were found to be in breach of the Privacy & Electronic Communication Regulations (PECR). Fines for breaking this law can go up to a maximum of £500,000 – however, under the EU General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018, companies can be fined up to 4 per cent of their global turnover.
A recent study by NCC Group found that fines from the ICO in 2016 would have been shot up from £880,500 to £69m if the GDPR had been in force.
Update 03/07/2017: Wetherspoon has responded to our request for comment. A spokesperson told WIRED: “Following the data breach in December 2015 Wetherspoon has been reviewing all the data it holds and looking to minimise.
“We felt, on balance, that we would rather not hold even email addresses for customers. The less customer information we have, which now is almost none, then the less risk associated with data.”
This article was originally published by WIRED UK
