Morrisons supermarket chain fined for flouting customers’ marketing wishes

A national supermarket chain has been fined for breaking the law on how people’s personal information should be treated when sending marketing emails.

An investigation by the Information Commissioner’s Office (ICO) found WM Morrison Supermarkets PLC (“Morrisons”) deliberately sent 130,671 emails to people who had previously opted out of receiving marketing related to their Morrisons More card.

The emails, sent in October and November 2016, were titled ‘Your Account Details’ and invited customers to change their marketing preferences to start receiving money off coupons, extra More Points and the ‘latest news’ from Morrisons.

Deputy Commissioner Simon Entwisle said:

“It is vital that the public can trust companies to respect their wishes when it comes to how their personal information is used for marketing.

“These customers had explicitly told Morrisons they didn’t want marketing emails about their More card. Morrisons ignored their decision and for that we’ve taken action.”

Morrisons, headquartered in Bradford, has been fined £10,500 for breaking the Privacy and Electronic Communication Regulations (PECR).

A new data protection law comes into force next year that sets a high bar for the consent organisations must obtain from customers before using their personal data for marketing.

The ICO has published detailed guidance for firms carrying out direct marketing by phone, text, email, post or fax.


GDPR Conference Europe is a deep-dive one day that focuses on the likely impact GDPR will have on business critical processes and provide a framework to keep your organisation GDPR compliant.

You can receive £200 off a ticket (usually £695+VAT) by completing this short survey.

Register for the next event on 20 June here.