iubenda logo
Start generating

iubenda blog

ICO Fines Easylife £1.48 Million 

The UK Data Protection Authority fined Easylife £1.35 million for creating 145,000 customer profiles using health information. Easylife also paid an additional fee for making 1345,732 calls for direct marketing between 2019 and 2020.

Following investigations by the ICO, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) and Article 5(1)(a) of the UK General Data Protection Regulation (UK GDPR) were violated by Easylife Ltd. 

The Information Commissioner’s Office (ICO) published two penalty notices on October 6, 2022, imposing fines of £1.35 million and £130,000 on the company.

Background 

The ICO specifically mentioned that when the company was brought to its notice, it had looked into Easylife. While the inquiry first focused on violations of the PECR, concerns regarding potential violations of the UK GDPR were also found, according to the ICO.

The investigation 

According to the UK GDPR, the ICO concluded that Easylife had targeted 145,400 consumers with health-related items without their permission by using their personal information to anticipate their medical conditions. Specifically, the ICO found that considerable consumer profiling and health data processing had occurred and that those affected by it were unaware that their personal data had been collected and used for such reasons.

According to the ICO, Easylife violated the PECR by making 1,345,732 unsolicited marketing calls to persons registered with the Telephone Preference Service between August 1 and August 19, 2020. These calls are forbidden under the PECR unless the receiver gives their consent.

The ICO came to the conclusion that Easylife had broken both Regulation 21 of the PECR and Article 5(1)(a) of the UK GDPR.

Outcomes

The ICO issued a total fine of £1.48 million, consisting of £1.35 million for the UK GDPR infringement and £130,000 for the PECR violation. The ICO further stated that both fines must be paid by November 4, 2022, and that if paid by that date, the penalty for breaking the PECR will be reduced by 20% to £104,000.

Related Posts

STILL CONFUSED? THESE ARTICLES MAY HELP WITH SEEING CLEARLY

Possible £27 million for TikTok says ICOCNIL fines Total Energies €1 MillionGoogle to Pay $60 Million in Fines

About Us

iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app
www.iubenda.com

Generate a privacy policy now

Ready in a few steps and built to meet the needs of both website and mobile app owners

Generate your privacy policy now

Academy

This is an ordered set of articles which will help you get a general overview on privacy requirements for your app or website.

Blog & Academy disclaimer: legal news and information do not constitute legal advice.

What is this all about?

Privacy Policy in English
Privacy Policy in Italian
Privacy Policy in German
Privacy Policy in Spanish
Privacy Policy in French
Privacy Policy in Portuguese

Explore your situation

GDPR Overview
The Need for Privacy Policies in Apps
How to Add a Privacy Policy to an App
Privacy Policy for iOS Apps
Privacy Policy for Android Apps
Privacy Policy for Windows Phone Apps
Privacy Policy for Amazon's App Store

Getting started with iubenda

How the generator works
How to add the iubenda policy to the site/app
How to add clauses to your policy
How to add a privacy policy for Google Analytics
How to add a privacy policy for Google AdSense
How to add a privacy policy for Facebook Apps

Browse by category

RSS FEED

Sometimes the best choice is to "just give it a try"

iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app

Generate your privacy policy now