Emma's Diary fined €140.000 for GDPR breaches

In 2018, Lifecycle Marketing (Mother & Baby Ltd.), commercially known as Emma’s Diary, was fined €140,000 by the United Kingdom’s Information Commissioner’s Office (ICO). The penalty was issued due to the illegal collection and sale of personal data from over one million users, constituting a clear violation of the 2018 Data Protection Act. The personal data collected included names, postal addresses, and details about the children of affected families, without informing users that this data would be used for political marketing purposes.

What happened with Emma’s Diary?

The use of the data was particularly controversial as it was sold to Experian Marketing Services, a credit reference agency that then used it to assist the Labour Party in its 2017 election campaign. The political party leveraged this information to profile new mothers and send them promotional material about their plans to support Sure Start Children’s Centres. This unauthorized use of personal data highlights the critical importance of transparency and compliance in data handling.

The importance of consent and transparency in direct marketing

The Emma’s Diary case underscores the severe consequences of failing to comply with the fundamental principles of GDPR and the Data Protection Act. Companies must obtain explicit consent from users before sharing their personal data with third parties. Not only is failing to inform users about how their data will be used a violation of privacy rights, but it also exposes businesses to significant fines and potentially irreparable reputational damage.

Selling personal data, especially for political marketing purposes, is a highly sensitive area. The lack of transparency in this case eroded user trust and emphasized the urgent need for stricter oversight in the collection and processing of personal information.