The Council of EU Member States – one of the two main EU lawmaking bodies – recently released a new draft version of the ePrivacy Regulation (“EPR”). Negotiations on the regulation have been deadlocked for a while, but seem to be gathering new momentum under the Finnish Presidency. Below we highlight some selected topics that
Privacy and Electronic Communications Regulations
UK Company Fined For Buying And Selling Non-Compliant Marketing Databases
The UK Information Commissioner’s Office (ICO), which enforces data protection legislation in the UK, has fined a company £20,000 (approximately 24,000 USD / 23,000 EUR) for not exercising sufficient due diligence when buying and using marketing databases.
The ICO found that over 580,000 individuals’ contact details had been obtained by The Data Supply Company Ltd (“TDSC”) from sources such as financial institutions and competition websites, and then sold on to third parties. This had led to at least 21,045 unsolicited text messages and 174 complaints.
Because the data was used for direct electronic marketing (by email, SMS, etc.), TDSC was not entitled to rely on its data sources’ generic consent requests, such as “We may share your information with carefully selected third parties where they are offering products or services that we believe will interest you”, nor even fuller notices that disclosed “long lists” of general categories of possible recipients of the data.
Continue Reading UK Company Fined For Buying And Selling Non-Compliant Marketing Databases
European Commission Launches Consultation on Reform of the ePrivacy Directive
Following the expected approval of the final text of the General Data Protection Regulation (“GDPR”) in the European Parliament this week, the Commission is now turning its attention towards the ePrivacy Directive.
On Monday (April 11, 2016), the Commission launched a public consultation to review and propose changes to the ePrivacy Directive (2002/58/EC). (See the…
Company Receives Record Fine from UK Regulator For Cold Calling
The UK’s data protection regulator, the Information Commissioner’s Office (“ICO”), has imposed a fine of £350,000 on Prodial Ltd (“Prodial”) for making over 46 million unsolicited automated telephone calls to generate leads in relation to payment protection insurance refunds. This is the highest fine issued by the ICO to date.
Continue Reading Company Receives Record Fine from UK Regulator For Cold Calling
ICO Issues Fine of £90,000 for Breach of PECR
On 20 March 2013, the UK Information Commissioner’s Office (ICO) announced that it had issued a fine of £90,000 against DM Design, a Glasgow-based kitchen and bedroom fitting company, for breaching the Privacy and Electronic Communications Regulations (PECR) by making thousands of unwanted direct marketing calls. This fine, made two years after the ICO was first granted the power to issue fines of up to £500,000 for serious breaches of the PECR, apparently marks the start of a new enforcement campaign against companies breaching the PECR. The ICO stated in its announcement that the fine against DM Design will not be “an isolated penalty,” and confirmed that twelve other companies also are now under investigation for direct marketing breaches, and that two of these will apparently receive “significant penalties” over the coming weeks.
Continue Reading ICO Issues Fine of £90,000 for Breach of PECR