Easylife Ltd. – €1,547,000 Fine (United Kingdom, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Easylife Ltd. was fined for making health assumptions about customers based on their purchases and targeting them with marketing calls without consent. This case is significant because it shows how serious the consequences can be for not respecting people's privacy rights. Easylife made over a million unsolicited calls.
What happened
Easylife Ltd. inferred health conditions from purchases and made unsolicited marketing calls without consent.
Who was affected
Customers who bought 'trigger products' and received marketing calls from Easylife.
What the authority found
The UK authority found Easylife violated GDPR and PECR by processing personal data and making marketing calls without consent.
Why this matters
This case highlights the risks of using personal data for marketing without proper consent. Businesses should review their data practices to ensure compliance with privacy laws, especially regarding sensitive data like health information.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The UK DPA has imposed a fine of EUR 1,547,000 on Easylife Ltd. Easylife is a retailer that sells household items as well as services and products under its health, motor, supercard and garden clubs. When purchasing certain products, the company made assumptions about the customer's health condition, whereupon the customer was then offered further products for purchase by phone or SMS that were related to their health condition. Of the 122 products in Easylife's Health Club catalog, 80 items were classified as 'trigger products.' Once customers purchased these products, Easlylife created a profile of them in order to target them with a health-related item. During its investigation, the DPA found that the company collected and used the personal data (health data) of a total of 145,500 data subjects without their consent or even knowledge. The DPA found that this 'invisible' processing of the personal data constituted a serious violation of the data subjects' rights, as they were not able to exercise their privacy and data protection rights at all due to lack of knowledge of the processing. In addition, the company had made 1,345,732 unsolicited marketing calls to individuals without their consent to the calls. The DPA considered this a violation of the PECR.
Related Enforcement Actions (1)
Other enforcement actions involving Easylife Ltd. in UK
Details
Fine Date
4 October 2022
Authority
Information Commissioner's Office
Fine Amount
€1,547,000
Enforcement Tracker ID
ETid-1422
About this data
Cite as: Cookie Fines. Easylife Ltd. - United Kingdom (2022). Retrieved from cookiefines.eu
Last updated: