Deepthix .
← Retour au blog
tech 19 June 2026

Forced Consent: Elkjop's Costly Mistake of €1.8 Million

Elkjop was caught in the act of forced consent, a non-compliant GDPR practice, costing them €1.8 million. Learn how to avoid this mistake in your business.

Article inspired by the original source
I told them forced consent was unlawful. 5 years later it cost Elkjop €1.8M ↗ www.thatprivacyguy.com

Introduction

The digital era presents numerous challenges for businesses, especially concerning the protection of personal data. The Elkjop case is a striking example of what can happen when GDPR rules are not followed. In 2026, Elkjop was fined €1.8 million for practicing forced consent. Let's delve into this case and learn the lessons it has to offer.

The Context

In 2021, a customer of Elkjop, a member of the Elgiganten Kundklubb loyalty club, noticed they were receiving marketing emails without the option to unsubscribe without losing their membership status. This practice violates Articles 4(11), 7, and 21(2) of the GDPR, which stipulate that consent must be freely given, specific, informed, and unambiguous.

The Implications of GDPR

The GDPR, which came into effect in May 2018, primarily aims to protect EU citizens against privacy violations. Article 21(2) grants individuals the absolute right to object to direct marketing. Moreover, for consent to be valid, it must not be made conditional on another service.

Elkjop's Mistake

Elkjop made the mistake of tying membership in its loyalty club to the acceptance of marketing communications without offering a straightforward and direct way to refuse these emails. This lack of option constitutes forced consent, rendering their practice illegal and resulting in a hefty fine.

Financial and Reputational Consequences

Beyond the €1.8 million fine, Elkjop also suffered a severe blow to its reputation. In a world where consumer trust is crucial, such a violation can lead to customer loss and decreased revenue.

How to Avoid Forced Consent

To avoid falling into the trap of forced consent, businesses should:

  • Implement clear unsubscribe mechanisms: Provide users with an easy way to opt-out of marketing communications.
  • Separate consent from other services: Do not condition access to a service on the acceptance of another.
  • Train staff: Educate teams on GDPR requirements and best practices in data management.

Conclusion

The Elkjop case is a stark reminder of the consequences of non-compliance with GDPR. Companies must review their practices to ensure they respect consumer rights regarding personal data.

Let's discuss your project in 15 minutes.

GDPR consentement forcé Elkjop protection des données marketing direct
Deepthix newsletter · 100% AI · every Monday 8am

An AI agent reads tech for you.

Our AI agent scans ~200 sources per week and ships the best articles to your inbox Monday 8am. Free. One click to unsubscribe.

Visit the newsletter page →

Want to automate your operations?

Let's talk about your project in 15 minutes.

Book a call