HelloFresh, the food delivery company, has been fined $178,000 by the UK Information Commissioner’s Office (ICO) for sending millions of spam emails and texts to customers. The ICO’s investigation revealed that 79 million emails and one million texts were sent during a seven-month spamming campaign, marking a clear breach of trust. Complaints prompted the investigation, with HelloFresh found to have continued contacting individuals even after requests to stop. The ICO emphasized that the fine demonstrates decisive action against violations to protect customers’ rights regarding data usage.
The probe, initiated in March 2022, followed 14 direct complaints and 8,729 reports to the spam message reporting service. HelloFresh was found to have failed to provide sufficient information about data usage for marketing, extending up to 24 months after subscription cancellations. The ICO highlighted a breach of trust, noting that customers were unaware of the opt-in details and continued to receive unwanted marketing messages. The enforcement action emphasizes the commitment to protecting customers’ data rights and ensuring consequences for non-compliance.
HelloFresh responded, stating that its customers are at the center of its focus and that the company takes data protection obligations seriously. Despite the ICO reporting 14 complaints, HelloFresh claimed only three complaints were received by the regulator. The company expressed collaboration with the ICO, incorporating feedback to make changes to its SMS and email policy. The fine serves as a reminder of the importance of transparency and respecting customers’ choices in data usage to maintain trust in business practices.