Merck Serono: patient support website emails used for market research survey invitation (no breach)

📅 2012 | 🖉 Dr Anzal Qurbain
📊

Key facts

CaseAUTH/2522/7/12
ComplainantMember of the public
CompanyMerck Serono
IssueAlleged disclosure of patient data (email address) to a market research agency for a survey invitation
ContextPost-prescription patient support website for Rebif (interferon beta-1a); survey about a walking aid/device for MS patients
Data sharedEmail addresses only (760 registered users)
Key controls describedAgency instructed to use emails only for the survey invite and destroy data after completion; agency confirmed deletion/destruction
Applicable Code year2012
Clauses consideredClause 1.8, Clause 9.1, Clause 2
DecisionNo breach
Complaint received4 July 2012
Case completed4 August 2012
AppealNo appeal

Download the full case report (PDF)


Reviewed by Dr Anzal Qurbain (FFPM) — ABPI Final Signatory

🤖

Got a question about this case?

Ask one of our 13 specialist ABPI advisors — instant answers, 24/7.

Ask AskAnzal AI
🎬 Expert Video Walkthrough
🎬
Video walkthrough — coming for members
Subscribe now and get expert video analysis for every case as we publish them.
Subscribe — from £299/yr
📋

What happened

  • A member of the public received an unexpected email from a market research agency inviting her to complete an online survey for Merck Serono about a new walking aid for people with multiple sclerosis (MS).
  • She believed the agency obtained her details from confidential information she had provided when registering (two years earlier) on a post-prescription patient support website for Rebif (interferon beta-1a).
  • She said the website included a privacy promise that Merck Serono would not pass patient details to a third party unless required by law, and argued express permission would be needed because it was personal medical data.
  • Merck Serono said users consented via the website registration process (ticking a box confirming they had read/understood the privacy policy and terms of use and consenting to processing in accordance with the privacy policy).
  • The survey was commissioned to evaluate a device to help MS patients with mobility issues associated with foot drop.
  • Merck Serono provided the market research agency with email addresses of registered users (760 addresses). No other user details were provided.
  • The agency was instructed to use the emails only to send the approved invitation, not to pass data to third parties, and to destroy the data after the survey; the agency confirmed deletion/destruction after dispatch.
  • Merck Serono updated its privacy policy and stated that in future it would make the first contact and obtain consent before passing details to an independent service provider.
⚖️

Outcome

  • No breach of the Code was found.
  • No breach of Clause 1.8 was ruled (Panel noted Data Protection Act 1998 was potentially relevant, but no evidence was provided that a judicial forum had found a breach of the Act).
  • No breach of Clause 9.1 was ruled (high standards).
  • No breach of Clause 2 was ruled.
🔒

Unlock the full case analysis

Members get the complete breakdown — Clauses, Sanction, Signatory Lens, Audit checklist, and 3 Key Questions.

Best value
£249/year
Annual — save £99
or
£29/mo
Monthly
Join Now — Instant Access

⭐ Business Intelligence Access

See the full compliance picture for every pharma company

291 Company Intelligence Reports — breach patterns, appeal history, industry ranking, PDF export.

Request Access →
⭐ Flagship Programme

AQP Flagship Path — the complete UK ABPI signatory programme

12 modules. 12 weeks. Final Signatory readiness. The industry standard for ABPI Code signatories — £995 + VAT.

Enrol — AQP Path Learn more

📰 Weekly PMCPA Case Breakdown

One real case. One key lesson. Every week — free.

Subscribe Free
🎓 AQP Training