The Information Commissioner's Office (ICO) has fined food delivery service HelloFresh £140,000 for sending spam and nuisance messages to customers.

The ICO on Friday said that the company sent 79 million spam emails and 1 million spam texts over a seven month period to customers who were not fully aware of what they were opting into.

The government office described the campaign, where customers did not opt-in to text messages and disguised an email opt-in in a confirmation statement, as a “clear breach of trust”.

It also found that customers were not given sufficient information that their data would continue to be used for marketing purposes for up to 24 months after cancelling their subscriptions.

The ICO began its investigation in March 2022 following complaints made directly to the regulator, as well as to the 7726 spam message reporting service. During the investigation, it was also discovered that the company continued to contact some individuals even after they had requested this to stop.

Following its investigation, the ICO concluded that HelloFresh parent company Grocery Delivery E-Services UK Limited contravened regulation 22 of the Privacy and Electronic Communications Regulations 2003, resulting in a fine of £140,000.

Andy Curry, head of investigations at the ICO, said: “This marked a clear breach of trust of the public by HelloFresh. Customers weren’t told exactly what they’d be opting into, nor was it clear how to opt out. From there, they were hit with a barrage of marketing texts they didn't want or expect, and in some cases, even when they told HelloFresh to stop, the deluge continued.

“In issuing this fine, we are showing that we will take clear and decisive action where we find the law has not been followed. We will always protect the right of customers to choose how their data is used.”

---