ICO - Monetary penalty to CRDNN: Difference between revisions
(Created page with "{{DPAdecisionBOX <!--Information about the DPA--> |Jurisdiction=United Kingdom |DPA-BG-Color= |DPAlogo=logoUK.png |DPA_Abbrevation=ICO |DPA_With_Country=ICO (UK) <!--Informa...") |
No edit summary |
||
Line 24: | Line 24: | ||
|Type=Investigation | |Type=Investigation | ||
|Outcome=Violation found | |Outcome=Violation found | ||
|Date_Decided= | |Date_Decided=26. 2. 2020 | ||
|Date_Published=2. 3. 2020 | |Date_Published=2. 3. 2020 | ||
|Year=2020 | |Year=2020 | ||
Line 31: | Line 31: | ||
<!--Information about the applied law--> | <!--Information about the applied law--> | ||
|GDPR_Article_1= | |GDPR_Article_1= | ||
|GDPR_Article_Link_1= | |GDPR_Article_Link_1= | ||
|GDPR_Article_2= | |GDPR_Article_2= | ||
|GDPR_Article_Link_2= | |GDPR_Article_Link_2= | ||
|GDPR_Article_3= | |GDPR_Article_3= | ||
|GDPR_Article_Link_3= | |GDPR_Article_Link_3= | ||
|GDPR_Article_4= | |GDPR_Article_4= | ||
|GDPR_Article_Link_4= | |GDPR_Article_Link_4= | ||
Line 113: | Line 113: | ||
|EU_Law_Link_20= | |EU_Law_Link_20= | ||
|National_Law_Name_1= | |National_Law_Name_1=Section 40 Data Protection Act 1998 | ||
|National_Law_Link_1= | |National_Law_Link_1= | ||
|National_Law_Name_2= | |National_Law_Name_2=Regulations 19 and 24 Privacy and Electronic Communication Regulations 2003 | ||
|National_Law_Link_2= | |National_Law_Link_2= | ||
|National_Law_Name_3= | |National_Law_Name_3= | ||
Line 174: | Line 174: | ||
<!--Here the main article starts--> | <!--Here the main article starts--> | ||
............. | |||
==English Summary== | ==English Summary== | ||
===Facts=== | ===Facts=== | ||
ICO | CRDNN was raided by the ICO which after investigation found that the company had instigated 193.606.544 attempted automated calls for the purpose of direct marketing, of which 63.615.075 were connected. CRDNN came to the attention of the ICO when more than 3.000 complaints were made about the nuisance calls. | ||
===Dispute=== | ===Dispute=== | ||
===Holding=== | ===Holding=== | ||
The ICO found that there was no consent for these calls and in fact many of the complainants had sought to opt-out but CRDNN had not facilitated that. Thus, there was violation of regulation 19 PECR. | |||
The ICO also found that the calls were carried out from spoofed CLIs while during the calls no company information or contact details were provided. In result, people who received the calls could not identify who was making them. Thus, there was violation of regulation 24 PECR. | |||
==Comment== | ==Comment== | ||
Feel free to add your comment here! | ''Feel free to add your comment here!'' | ||
==Further Resources== | ==Further Resources== |
Revision as of 14:48, 3 March 2020
ICO - Enforcement notice to CRDNN | |
---|---|
Authority: | ICO (UK) |
Jurisdiction: | United Kingdom |
Relevant Law: | Section 40 Data Protection Act 1998 Regulations 19 and 24 Privacy and Electronic Communication Regulations 2003 |
Type: | Investigation |
Outcome: | Violation found |
Started: | |
Decided: | 26. 2. 2020 |
Published: | 2. 3. 2020 |
Fine: | 500,000 £ |
Parties: | n/a |
National Case Number/Name: | Enforcement notice to CRDNN |
European Case Law Identifier: | n/a |
Appeal: | n/a |
Original Language(s): | English |
Original Source: | ICO (in EN) |
Initial Contributor: | n/a |
.............
English Summary
Facts
CRDNN was raided by the ICO which after investigation found that the company had instigated 193.606.544 attempted automated calls for the purpose of direct marketing, of which 63.615.075 were connected. CRDNN came to the attention of the ICO when more than 3.000 complaints were made about the nuisance calls.
Dispute
Holding
The ICO found that there was no consent for these calls and in fact many of the complainants had sought to opt-out but CRDNN had not facilitated that. Thus, there was violation of regulation 19 PECR.
The ICO also found that the calls were carried out from spoofed CLIs while during the calls no company information or contact details were provided. In result, people who received the calls could not identify who was making them. Thus, there was violation of regulation 24 PECR.
Comment
Feel free to add your comment here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
Not applicable. Please see the English original.