View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Bounty Fined by ICO for Sharing Data of 14 Million People

“Bounty were not open or transparent"

By CBR Staff Writer

The Information Commission’s Office (ICO) has fined Bounty UK £400,000 after they were found to have shared the personal information of over 14 million people.

Bounty is a pregnancy and parenting club, who collects information from its users when they sign up for membership through a registration form on their website and mobile application.

After an investigation of the data practices at Bounty the ICO discovered that they also operated as a data broker service and were supplying data to third parties, which was then subsequently used in electronic direct marketing campaigns.

Between June 2017 and April 2018 Bounty shared over 34 million records with marketing agencies and organisations such as Equifax, Indicia, Acxiom and Sky.

The personal information that was passed on from Bounty was not only of potentially vulnerable, new mothers or mothers-to-be, it also held information on young children, including their birth date and gender.

Bounty Fined by ICO

Bounty was found to be in breach of Data Protection Act 1998, as the ICO notes they were sharing this personal data with third parties without having made it clear to their users that their data would be used in this manner.

Steve Eckersley, ICO’s Director of Investigations, commented in a release that: “The number of personal records and people affected in this case is unprecedented in the history of the ICO’s investigations into data broking industry and organisations linked to this.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

“Bounty were not open or transparent to the millions of people that their personal data may be passed on to such large number of organisations. Any consent given by these people was clearly not informed. Bounty’s actions appear to have been motivated by financial gain, given that data sharing was an integral part of their business model at the time. “

“Such careless data sharing is likely to have caused distress to many people, since they did not know that their personal information was being shared multiple times with so many organisations, including information about their pregnancy status and their children”

The civil monetary penalty was issued under the GDPR’s predecessor, the Data Protection Act 1998, owing to the timing of the case. The maximum financial penalty in civil cases under former laws is £500,000.

Jim Kelleher, Managing Director of Bounty informed Computer Business Review that: “We acknowledge the ICO’s findings – in the past we did not take a broad enough view of our responsibilities and as a result our data-sharing processes, specifically with regards to transparency, were not robust enough.”

“This was not of the standard expected of us. However, the ICO has recognised that these are historical issues. Our priority is to continue to provide a valuable service for new parents that is both helpful and trusted.”

“As the ICO has highlighted, we made significant changes to our processes in Spring 2018, reducing the number of personal records we retain and for how long we keep them, ending relationships with the small number of data brokerage companies with whom we previously worked and implementing robust GDPR training for our staff.  Our ‘Bounty Promise’ sets out our continued commitment to carefully look after our members’ personal information. And to ensure our promise is never broken, we will appoint an independent data expert to check how we are doing every year and we will publish their findings annually on the Bounty website.”

See Also: TV Production Company Blasted by ICO for Stillbirths Programme Filming

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.