UK Fines \’Easylife\’ for Deriving Medical Data of 145k Clients

UK\'s Information Commissioner\'s Office (ICO) has fined catalog retailer Easylife £1.48 million ($1.65 million) for violating data protection and marketing laws.

More specifically, the national data protection agency has confirmed that Easylife was using a combination of purchase data and personal information to determine the medical condition of 145,400 customers.

Equipped with this knowledge, the company promoted specific health-related products and services that matched the predicted condition to the tracked clients.

\”For example, if a person bought a jar opener or a dinner tray, Easylife would use that purchase data to assume that person has arthritis and then call the individual to market glucosamine joint patches,\” details ICO\'s announcement.

Easylife sells various household items and also retails specialized products exclusive to \”club\” members, covering the categories of gardening, motor, and health.

Club members are registered customers who have shared personal details with the company under the platform\'s terms, but never gave their consent for using their personal or purchase data for targeted advertising.

ICO found that 80 items listed in Easylife\'s Health Club catalog are \'trigger\' products, meaning they hold special significance for predicting a medical condition.

Once a customer purchased one of those 80 items, Easylife stealthily ramped up the intrusive profiling for their accounts and engaged in aggressive marketing by promoting relevant products.

Advertising specific products that match a particular condition, often accurately, raised the suspicion of the customers, who rightly felt that their privacy had been violated.

That is especially the case when the promotion isn\'t limited to pushing online ads on the platform or even sending marketing emails, but straight out calling customers to \”inform\” them about the availability of products and services associated with their condition.

Medical data is particularly sensitive for people and simultaneously very valuable for data brokers and marketers because it has better potential for higher expenses and longer-term targeted advertising effectiveness.

In the U.S., Meta and several healthcare institutes across the country have found themselves at the epicenter of class action lawsuits for deploying data-collecting and tracking \”pixels\” on medical portals that stand beyond login pages.

Responding to the ICO fine, a spokesperson of Easylife told the British consumer rights platform \”Which?\” the following:

\”The [fine] relates to the use of customer purchase history to target customers with new products and services, which we thought might be of interest to them given their previous purchases from us.\”

\”We were simply trying to minimize the number of calls made to customers, but it seems that the ICO would prefer it if businesses like Easylife made more untargeted calls to their customers and not fewer more targeted calls.\”

\”Easylife fundamentally disagrees with the ICO both that it has broken the law and also in relation to the level of fine imposed, which is out of all proportion to the alleged wrong.\”

In a separate ICO investigation launched after receiving multiple complaints from customers of Easylife, it was determined that the firm performed 1,345,732 unsolicited marketing calls to people registered on UK\'s marketing call exclusion database (TPS).

Hence, calling these people violated the Privacy and Electronic Communications Regulations, for which Easylife will pay an additional £130,000 ($145,000) in fines.