Home > News
Mind my data Click to visit the homepage
The basics
Plausible deniability
Employment agencies
Useful links
Open in a new window/tab
The Information Commissioner
Mailing Preference Service
Telephone Preference Service
Royal Mail junk mail opt-out
Register of data controllers
Analysis
My response to the ICO's tweet about policy
Are data controllers 'officially' lying to us?
Why do we need to accept a Privacy Policy?
Can I opt-out of a renewal quote under section 11 of the DPA?
Who's texting me about PPI?
Marketing corporate employees by e-mail

Moneysupermarket are so unwilling to provide me with answers!

My recent experience of using the Moneysupermarket website has left me with a lot of questions about how they process personal data that they are unwilling to provide answers to.

I obtained a quote for car insurance via the Moneysupermarket.comNew window website in May and actually failed for once to opt-out of their electronic marketing. This is very rare for me, as you can probably gather, I actively aim to opt-out of any and all direct marketing whenever possible. I regularly take and save screen shots too, just in case I need to refer back to the registration form. Sure enough, a few days after registering with Moneysupermarket I received a marketing e-mailLightbox window (I've shortened it to reduce the file size) so my first thoughts were... did they obtain my consent. I checked the screen shots that I had taken and sure enough, the boxes were all ticked, so I definitely did fail to opt-out.

Having reviewed the registration process though, what I spotted was that Moneysupermarket choose to hide the opt-out tick boxes until I enter my e-mail address; once I enter my e-mail address a section of the form expands to display the opt-outs:

E-mail address is compulsory:

Moneysupermarket

Once an e-mail address has been entered the opt-outs appear:

Moneysupermarket

But the whole purpose of having the opt-outs is to obtain an informed indication of consent so I have to question Moneysupermarket's motives for hiding them. I wasn't happy about this so I submitted a section 11 request.

Moneysupermarket responded as follows:

'We can confirm that you have been removed from our marketing lists and should not receive any further marketing emails from us. Please note that you do have an insurance quotation account which will generate quotations annually and consequently quote emails will be sent to you. If you would like us to remove your account to prevent this, please reply to this email'.

I was confused by this response to my section 11 request because it's the first time that I've been asked to clarify my request and I shouldn't need to - other than to provide reasonable further information required by the data controller to identify my account.

I of course questioned this and Moneysupermarket responded as follows:

'You are quite right, under section 11 of the Data Protection Act you can request that we no longer use your details in any way. I have asked the relevant person here to ensure that your account is removed and will not be used again. In terms of your query regarding the annual quotes, I can confirm that this is explained within our terms and conditions that can be found at the bottom of each page of the website. The paragraph in question is as follows:

“You agree that we may use your data to send you a renewal quote when your annual policy is due to expire to remind you of this and to highlight how we could continue saving you money. This may include performing a new quote for you based on the information you have previously provided. It is very important that you check all of the information about you is true, correct, complete and accurate, that it is not misleading and that you have disclosed all relevant facts before you apply for any insurance product. It is your responsibility to identify and correct any mistakes or errors in the information about you before you apply for any product.”

I can assure you your details will no longer be used by moneysupermarket.com'

That's not quite right... my section 11 is a request for a data controller to stop using my details to target me with direct marketing; it doesn't require them to stop using my data 'in any way' - as suggested by this response. I was still a bit confused but further communication with Moneysupermarket's Head of Risk and Compliance revealed that he is of the opinion that the renewal quote e-mail is a service update and does not constitute direct marketing. In which case, they could have contractually continued to send me the renewal quote despite my section 11 request.

Although I'm happy that Moneysupermarket now appear to be complying with my section 11 request, I have a number of issues with their data processing and I sought clarification from their Head of Risk and Compliance.

Analysis

In one of the replies from Moneysupermarket I was told:

Consent for marketing contact is obtained during the customer journey

and in another I was told:

As part of the service we offer, we issue a reminder at renewal of the potential savings that could be made by switching and not auto renewing with your insurer. 

I would like to analyse these responses:

'Consent for marketing contact is obtained during the customer journey'.

It's true that there are opt-outs on the registration form but Moneysupermarket have actually gone to the trouble of hiding the opt-outs when the page loads - why? What purpose is served by hiding the opt-outs until the individual enters their e-mail address near the bottom of the page? Why not show the opt-outs as the page loads, as this requires less coding and gives the the individual more time to see them - as they make their way down the page; and thus more time to make a more informed decision?

If Moneysupermarket don't want people opting out at the point of submitting their data then surely, all they need to do, is to replace The regulation 22 opt-outs for electronic marketing with consent statements. If the form contained clear consent statements then the individual would have to either accept the marketing when they submitted to form or not submit the form. And if Moneysupermarket are able to give a valid reason for hiding the opt-outs, wouldn't it be reasonable to reveal them when the individual enters their phone number at the top of the page, or at least to reveal the phone opt-out? Why wait until they enter their e-mail address near the bottom of the page before revealing the opt-outs?

Unless Moneysupermarket have a valid reason for hiding the opt-outs then I fail to see what purpose is served. Furthermore, I would argue that these three marketing tick-boxes should actually be opted-out by default because as far as I can tell, Moneysupermarket operate a free service that enables their data subjects to obtain insurance quotes from third party insurance companies and brokers. Regulation 22 states that:

'an organisation may send or instigate the sending of electronic mail for marketing purposes to an individual subscriber where they have obtained the contact details of the recipient in the course of a sale or negotiations for the sale of a product or service to that recipient'.

What I'm saying is, unless Moneysupermarket is able to demonstrate that by filling out their quote form the individual paid or intended to pay Moneysupermarket for this service, then the marketing tick-boxes should be opted-out by default; so that the individual has to perform an action to opt-in to marketing. Here's a thought... I wonder whether Moneysupermarket would still hide the marketing tick-boxes on the page if they were opted out by default. Methinks that they so... would not!

'As part of the service we offer, we issue a reminder at renewal of the potential savings that could be made by switching and not auto renewing with your insurer. '.

Moneysupermarket are of the opinion that the renewal quote is a service update and not direct marketing. However, the definition of direct marketing given by the DPA is:

'the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals'.

I have asked Moneysupermarket's Head of Risk and Compliance two times now to send me a sample of the renewal quote so I could determine for myself whether it was likely to constitute direct marketing and to seek advice from the ICO, but my requests have been ignored. However, in their terms and conditions it states:

You agree that we may use your data to send you a renewal quote when your annual policy is due to expire to remind you of this and to highlight how we could continue saving you money. This may include performing a new quote for you based on the information you have previously provided.

And further communication with Moneysupermarket's Head of Risk and Compliance revealed that:

We consider this to be a service e-mail and not direct marketing as it relates to a specific product enquiry and supports the legal obligation of drivers to ensure they are insured. This contact does not include any non-motor insurance content and is only sent one month prior to the renewal date. We therefore consider that the processing and communication is reasonable and given that if asked we can stop any such communications, in accordance with the PECR 2003 and the DPA.

Oh, so are we now to believe that Moneysupermarket have some kind of obligation - other than their standard form civil contract, that requires them to send out the renewal notice? I decided to contact Moneysupermarket's Head of Risk and Compliance and seek answers to my questions. I asked:

1. I have asked you twice to send me a sample of a renewal quote e-mail... please will you clarify that you are unable to do this?

2. Bearing in mind that the purpose of a quote is an invitation to treat; an invitation to enter into a contract for the sale of a product or service at the price quoted, please will you clarify that you are of the opinion that the renewal quote does not promote your products or service to me.

3. Please will you clarify whether you have any obligation, beyond the terms of your standard form civil contract, to provide your data subjects with a renewal quote?

4. Please will you confirm whether Moneysupermarket.com operates as an insurance provider or an insurance broker?

5. Bearing in mind that regulation 22 of the PECR requires the opt-outs to electronic marketing on a web form to be opted-out by default unless the organisation has obtained the contact details of the recipient in the course of a sale or negotiations for the sale of a product or service to that recipient, please will you explain the point at which I entered into the negotiations of the sale of a product or service from Moneysupermarket.com?

6. Finally, as the Head of Risk and Compliance for Moneysupermarket.com, please will you explain why the regulation 22 opt-outs are hidden on your web form? What purpose is served by hiding the opt-outs?

Although I received a reply from Moneysupermarket's Head of Risk and Compliance, he failed to provide answers to any of the questions I raised.

Conclusion

Moneysupermarket's Head of Risk and Compliance has assured me that their renewal quote is a service update. He also says that the e-mailLightbox window that I received is a service update. But what exactly does he mean by a service update? A service update is either a marketing communication or a non-marketing communication and if it's a marketing communication that is directed at a particular individual then it's likely to constitute direct marketing. Direct Marketing is 'the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals'. Is Moneysupermarket's Head of Risk and Compliance claiming that they are entitled to send direct marketing to those individual's who have withdrawn their consent or who have opted out with a section 11 request?

There are a lot of unanswered questions about Moneysupermarket's data processing and I'm not happy that they have failed to provide me with answers and a sample of the renewal quote e-mail. I actually waited a couple of weeks thinking that they were going to provide me with a sample of the renewal quote only to find that they would not. Bearing in mind that I am well within my rights to obtain another quote from Moneysupermarket in the future, I have a right to know if I am being misled about the nature of their data processing. I will therefore be submitting complaints to both the Financial Ombudsman and the ICO.

See: Are data controllers 'officially' lying to us?

See: How to put a stop to all direct marketing from a company with section 11

Last updated: 06.08.2012