Data regulator fines HelloFresh £140K for sending 80M+ spams

Messaging menace used text and email to bombard people

Food delivery company HelloFresh is nursing a £140,000 ($178k) fine by Britain’s data privacy watchdog after a probe found it had dispatched upwards of a staggering 79 million spam email and one million texts in just seven months.

The meal-kit company provides weekly packages of premeasured ingredients with recipes so customers can prepare their own meals rather than winging it at the grocery store.

The Information Commissioner’s Office says the company claimed messages were based on an opt-in statement, yet this statement did not include any reference to the sending of marketing messages via text. There was a nod to email marketing, however, this was included in an age confirmation statement that was “likely to unfairly incentivize customers to agree”.

As such, the emails and texts did not fit requirements that they be “specific” and “informed”: not mentioning SMS, being “unclear and bundled with others aspects,” the watchdog said.

In addition, customers weren’t give ample information that their data would be used for marketing messages for up to two years after they’d cancelled their HelloFresh subscription, the regulator added.

The investigation discovered that between August 23, 2021 and February 23, 2022, HelloFresh hit send on 80,993,013 messages, including 79,779,279 emails and 1,113,734 texts to subscribers. These were sent in contravention of Regulation 22 of the Private Electronic Communications Regulations.

The ICO says it was made aware of the spams issue after receiving complaints from recipients on its reporting service. It also found that even after people had asked HelloFresh to cease and desist, the spams continued.

“This marked a clear breach of trust of the public by HelloFresh,” said Andy Curry, ICO head of investigations. “Customers weren’t told exactly what they were opting into, nor was it clear how to opt out. From there, they were hit with a barrage of marketing texts they neither want nor expect, and in some cases, even when they told HelloFresh to stop, the deluge continued.”

“In issuing this fine, we are showing that we will take clear and decisive action where we find the law had not been followed. We will always protect the right of customers to choose how their data is used.”

The company was served with a £140,000 fine for breaking PECR, taking the number of fines handed to spammers to £2.44 million since April last year. ®

More about


Send us news

Other stories you might like