fines

Subscribe to fines

Last week, the Federal Communications Commission announced plans to fine Dialing Services, LLC, nearly $3 million for making illegal “robocalls” to cell phones. The FCC has specific rules for automatic telephone dialing systems, also known as “autodialers,” that have the capacity to produce, store, and dial telephone numbers using a random or sequential number generator. The Telephone Consumer Protection Act (“TCPA”) prohibits the transmission of robocalls to mobile phones except for (1) calls made for emergency purposes, or (2) calls made with the “prior express consent” of the call recipient. (In 2012, the FCC promulgated a rule to require “prior express written consent” for such calls that contain a “telemarketing” or “advertisement” component.) The FCC alleged that Dialing Services transmitted automated or prerecorded voice messages on behalf of political campaigns and candidates without the prior express consent of the call recipients. Neither the TCPA nor the FCC’s rules contains a general exception from the autodialer prohibition for political calls.

This is not the first time that Dialing Services has heard from federal regulators. In March of last year, the FCC issued a citation to Dialing Services for making millions of calls to cell phones during the 2012 election cycle without authorization. The citation required Dialing Services to certify within fifteen days that it had ceased making robocalls without permission. It also came with a clear warning from the FCC Enforcement Bureau that, “These citations set the stage for significant monetary penalties if violations continue,” including fines up to $16,000 per call. Finding that Dialing Services failed to comply with the requirements of the citation and continued its practices by making 184 additional calls, the FCC last week announced plans to fine Dialing Services $2,944,000 – the maximum penalty for those 184 calls.

Continue Reading FCC Fines Company $2.9 Million for Political Robocalls to Cell Phones

Speaking at Berkeley’s Online Tracking Workshop today, Françoise Le Bail, Director-General of the European Commission’s DG Justice (the leading department regarding the EU data protection reforms) confirmed the European Commission’s vision that the EU needs stronger penalties in order to ensure effective enforcement of European data protection rules. Ms. Le Bail said that European privacy regulators should be able to impose “significant” sanctions on companies for violating EU privacy rules.

Under the current EU Data Protection Directive, dating back to 1995, each EU Member State autonomously decides on the sanctions for data protection violations, resulting in considerable differences throughout the EU. According to critics, the fines are “too small” in most Member States, particularly in comparison to the turn-over of the companies concerned. Frequently used examples are the fines imposed on Google last year by Spain and France (EUR 900,000 and EUR 150,000, respectively).

Continue Reading Dissuading Companies from Violating Data Protection Rules: Senior European Commission Official Calls for ‘Significant’ Fines

On 24 January 2013, the UK Information Commissioner’s Office (ICO) announced that Sony Computer Entertainment Europe Limited (Sony) would be fined £250,000 following a data breach of the Playstation Network.  The breach occurred in 2011 when hackers accessed the personal details of “millions” of Playstation Network customers, including names, dates of birth, passwords, and other

On 28 November 2012, following an 18-month investigation, the UK Information Commissioner’s Office (ICO) announced that it had fined the joint owners of Tetrus Telecoms (Tetrus) a total of £440,000 under the Privacy and Electronic Communications Regulations (PECR).  The fine penalized Tetrus for sending millions of unsolicited text messages promoting opportunities to claim compensation for

By Lindsey Tonsager and Mike Nonaka

On October 2, 2012, the Federal Trade Commission filed a proposed consent decree resolving claims that Artist Arena LLC violated the Children’s Online Privacy Protection Act (COPPA) by collecting and disclosing email addresses, birth dates and other personal information from more than 100,000 children younger than the age of

On 11 September 2012, the UK Information Commissioner’s Office (ICO) announced that it had fined the Scottish Borders Council £250,000 under the Data Protection Act 1998 (the DPA) following the discovery of a former Council employee’s pension records in a supermarket’s car park paper recycling bank. The document was one of at least 676 files containing confidential personal data that were deposited in this way.  The documents were only brought to light when a member of the public alerted the police.

According to the Penalty Notice issued by the ICO, the data protection failure was originally caused when the Council entered an outsourcing arrangement for the digitisation of its former employees’ and former members’ pension records with a third party company without also agreeing a data processing contract with that company to guarantee the technical and organisational security of the data.  Under the DPA, a data controller remains responsible for the security of personal data even when data are transferred to a third party processor.

Continue Reading ICO Issues New £250,000 Fine to Scottish Local Government Body