The Information Commissioner’s Office has fined Pharmacy2U Ltd (UK’s largest NHS approved online pharmacy) BGP$130,000 for selling more than 20,000 customers’ personal data to marketing companies without their informed consent.
The Commissioner emphasised that Pharmacy2U:
- ought to have known that its customers had a reasonable expectation of confidentiality when using an online pharmacy, especially when the company’s own website described the service as “discreet and confidential”, and
- should have displayed a notice in a prominent position on its website which provided its customers with a simple way to opt out of the sale of their personal data to third party organisations.
Link (ICO): ICO’s Decision