Teal blue graphic

The dangers of the pre-ticked box

In an important ruling, John Lewis has been ordered to pay damages to Sky News producer Roddy Mansfield after sending him marketing emails without having obtained valid consent from him. This is the first time that an individual has been awarded damages by virtue of a breach of the legislation on direct marketing and reflects the general trend towards increased protection for individuals in respect of their personal information.

The facts

Mr Mansfield registered with the John Lewis website using his email address. The registration page included an opt-in box to allow users to consent, or otherwise, to email marketing from John Lewis. In common with many other organisations, John Lewis had decided to keep the opt-in box ticked and leave it up to customers to un-tick it should they not wish to receive marketing emails. Mr Mansfield did not un-tick this box and was unaware that consequently, he had been automatically opted-in to receive email marketing.

Mr Mansfield brought a claim against John Lewis for breach of the Privacy and Electronic Communications Regulations 2003 (PECR), seeking compensation on the basis that he had received unsolicited marketing emails to which he had not consented.

The decision

The court agreed with Mr Mansfield's argument that a failure to opt out does not automatically convert to consent and held that John Lewis had not obtained valid consent from Mr Mansfield to sending direct marketing.

John Lewis's alternative argument was that it had valid consent under the "soft opt-in" rule. The soft opt-in allows direct marketing without express consent where the individual's details have been obtained in the course of a sale, or negotiations for the sale, of a product or service and the marketing relates to similar products or services. The individual must also be given the chance to opt out at the point of data collection. Where these requirements are satisfied, a pre-ticked box will suffice, but the court decided that by simply signing up to and browsing a website, Mr Mansfield had not been "negotiating for a sale". Consequently John Lewis could not rely on this exception.

The implications

This decision is an important one that is likely to open the floodgates for numerous claims by individuals who are unaware that they have opted in to receiving direct marketing. Unless organisations can prove that they have obtained valid consent, they risk having to pay compensation and suffer the related reputational damage as a result of adverse publicity.

It is therefore recommended that organisations review their marketing consent processes and amend all pre-ticked boxes so that they remain un-ticked. In relation to historic data, organisations are unlikely to be able to rely on pre-ticked boxes as a valid consent unless another positive action was also taken by the individual to signify consent at the point of data collection, although mere continuation of browsing on a website is unlikely to suffice.

Organisations should also take note of the fact that they are unlikely to be able to rely on the soft opt-in where a customer has simply signed up to the website to browse the products or services, and has not in fact taken any steps towards buying anything. This could make the practicalities of using the soft opt-in more difficult as businesses will need to be able to differentiate between those customers on its database who have actually bought a product or negotiated to buy a product (for example by adding it to their basket) and those customers who simply signed up to have a look around. If this cannot be done, the safest (though perhaps not the most commercially viable) option may well be not to rely on the soft opt-in at all and obtain express consent from all customers.

This publication is intended for general guidance and represents our understanding of the relevant law and practice as at June 2014. Specific advice should be sought for specific cases; we cannot be held responsible for any action (or decision not to take action) made in reliance upon the content of this publication.

TLT LLP is a limited liability partnership registered in England & Wales number OC 308658 whose registered office is at One Redcliff Street, Bristol BS1 6TP England. A list of members (all of whom are solicitors or lawyers) can be inspected by visiting the People section of this website. TLT LLP is authorised and regulated by the Solicitors Regulation Authority under number 406297.

Insights & events View all