£140,000?
That's £0.00175 per message.
Where is the deterrent?
Food delivery company HelloFresh is nursing a £140,000 ($178k) fine by Britain’s data privacy watchdog after a probe found it had dispatched upwards of a staggering 79 million spam email and one million texts in just seven months. The meal-kit company provides weekly packages of premeasured ingredients with recipes so …
Where is the deterrent?
Deterrent? 8^D !!!!!!!!!!
Hmm ....
Me thinks that you - just - don't - get - it.
Unless you are fresh out of secondary school, you surely know that this has been going on, in the same manner with the same results, for eons.
There is no deterrent, there has never been such a thing.
Not with spammers, not with clearly avoidable data leaks, security breaches and other such accidents.
It is nothing but a very light slap on the wrist albeit soundly applied exclusively for the benefit of the gullible public sitting in the peanut gallery.
This so that the usual culprits take due notice and strive to be more careful next time.
And don't get caught out.
More than anything, because it is very bad for business.
For both the culprits, the regulators and those controlling the regulators
.
There's a saying that I'm not quite remembering properly - it's something like
"When the punishment for breaking the law is a fine, it's no longer a law but a transaction"
or
"When the punishment for breaking the law is a fine, it becomes two laws - one for the rich and another for the poor"
Can anyone remember the actual saying?
""When the punishment for breaking the law is a fine, it becomes two laws - one for the rich and another for the poor""
Caveat to this is when the fine is means-tested. See also: speeding fines in the UK and some other countries, calculated as a percentage of the weekly wage. Ergo: it doesn't matter how rich you are, in theory the fine is intended to hurt everyone equally.
Unless you're doing a tax dodge whereby your 'declared' income is close to zero, while in the meantime you're living in a 16-bedroom mansion with 8 cars, 12 servants and a separate lodge for the mistress.
If you fine* people on the basis of turnover, then it harms low margin businesses far more than high margin. So the Apples and Googles of this world would suffer proportionately less than retailers or manufacturers. In this case, on most recent 2022 accounts, HelloFresh were making a significant operating loss of £15m, after interest and tax that rose to £21.9m net loss. I'd hazard a guess that 2023 hasn't been a lot better, if you're losing £15-20m a year you're already pretty short of cash, and even turning the fine into £1m doesn't make the slap more painful. As HF had turnover around £500m, your minimum 5% turnover fine would be just short of £25m. Since HF total assets exceed total liabilities (there's a shareholder's deficit of £62m to balance the books), there's no cash to pay that sort of money, bankruptcy would be the likely outcome, along with redundancy for 2,000 staff. That would be a poor outcome for the regulator and employees.
I'd guess that (even with the 20% prompt payment discount), writing a cheque for £112k is going to sting, and the company will be mindful that if there's a repeat it'll be a much bigger penalty. The role of a regulator is to inform businesses of their obligations, guide and help them into compliance, and to use penalties and prosecutions as a last resort. In this case, if the ICO are happy that HF have learned their lesson and won't repeat the behaviour, then that's the outcome they want.
* Technically it's not a fine, it's a Civil Monetary Penalty, and if the company feel the regulator's being heavy handed they can challenge it through the courts. That persuades regulators to use CMPs prudently.
"bankruptcy would be the likely outcome"
This is a bad thing?
"Along with redundancy for 2,000 staff. That would be a poor outcome for the regulator and employees."
I believe that was the arguement for propping up BL, shipyards and a bunch of other lossmaking businesses for decades - As we saw, it doesn't work
"Technically it's not a fine, it's a Civil Monetary Penalty"
That's easily fixed by defining statutory damages - the company then has no leg to stand on (It's why the the American TCPA was so effective - stat damages of $500/call for individual claimants and $15,000/call if the FTC got involved (tripled for wilful violations) - Judges who threw out cases on the basis of "company damage" were given a _severe_ arse-kicking by higher courts, told to apply the penalties prescribed by the law and deal with cases as directed or be removed form the bench
Civil monetary penalties go the the Exchequer, not the regulator.
Whilst it's tempting to say the the costs of regulation should be recovered from the non-compliant, that would create an incentive for regulators to go round fining people rather than working to try and help businesses into compliance.
The maximum the ICO can issue by way of CMP is £500k, under the Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010. So they could have set a higher penalty, but not by much in the grand scheme of things, and since this wasn't the worst of possible offences by a long chalk, it might be seen as reasonable given their scope for action. If you want the ICO to fine people more, then you'd need the politicians to increase the maximum penalties, and offer instruction to the ICO that penalties in general need to be higher. Arguably the low limit on penalties is intentional by government to avoid imposing high costs on the sort of big businesses that can do them favours.
Just because HF sent 80m emails, doesn't mean that all the recipients had a problem with that, many people are happy to receive emails from companies they do business with. In terms of the number of complaints, there were 8,729 valid complaints about HF marketing, so the penalty is about £13.50 per complaint.
And just for reference, the investigation started because HelloFresh cropped up many thousands of times on the 7726 spam text reporting service. I'm surprised the article didn't mention that.
Most people hate spam mails, companies rely on people just being too busy to complain / not knowing how to do it
.. as complaint to company will get (usually) ignored or some weasel words reply
.. I doubt many people * know about the ICO and how to report spam stuff
Bot those options take time and effort for people with busy lives compared to just deleting a junk mail
, so end result is offending company can happily trumpet "we only had n complaints".
* El Reg commentards not representative of general population on IT related knowledge
This post has been deleted by its author
Shitty company. Ordered boxes, paid an agreed price with a total and they tried to charge me extra after! Apparently some options were extra - but I paid a stated total after choosing them!
Being an online subscription I already used a Revolut one time card number so that I didn't have to make any effort to cancel anything so they didn't get their money. but I got my food.
Agree they're shitty. My ex uses (used) them, told me how she'd tried to cancel a number of times, yet they continued to deliver parcels; claiming they hadn't received the cancellation or it was received too late and therefore had to be extended, or was just plain ignored. Then when she stopped paying they tried to take her to court.
Nasty, scummy practices. Mitigated somewhat by the fact they were doing it to my ex, but that's neither here nor there.
They just wrote to me and emailed me for ages. Must have cost them more in postage than the ~£5 I supposedly owed them.
For small claims court it costs them at least a few hundred quid to submit a case and have a solicitor turn up. Have had that before though for something else. If you say you contacted them to cancel it, very hard for them to prove that you didn't...
Those peeps who were still getting pestered after cancelling / opting out. And especially after sending "cease and desist" requests.
That's not spamming, that's got to be harassment. Low level, I admit - nothing like some people have to endure - but still unwanted. Do them for that too. With porridge for the directors, served in a handy mail-order box.