ICO - Monetary Penality Notice on OSL Financial Consultancy
ICO - Monetary Penality Notice on OSL Financial Consultancy | |
---|---|
Authority: | ICO (UK) |
Jurisdiction: | United Kingdom |
Relevant Law: | Regulation 22, The Privacy and Electronic Communications (EC Directive) Regulation 23, The Privacy and Electronic Communications (EC Directive) Section 11(3) of the DPA |
Type: | Investigation |
Outcome: | Violation Found |
Started: | |
Decided: | |
Published: | |
Fine: | 50000 GBP |
Parties: | OSL Financial Consultancy Limited |
National Case Number/Name: | Monetary Penality Notice on OSL Financial Consultancy |
European Case Law Identifier: | n/a |
Appeal: | n/a |
Original Language(s): | English |
Original Source: | ICO (in EN) |
Initial Contributor: | Mariam Tabatadze |
Information Commissioner’s Office (ICO) issued a €50,000 fine against OSL Financial Consultancy Limited for illegally sending nuisance marketing texts in breach of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).
English Summary
Facts
OSL operates as an independent broker providing mortgages and secured loans. OSL came to the attention of the Commissioner during the course of an investigation into scams and exploitative marketing surrounding the COVID-19 crisis. The ICO investigation found 54,205 nuisance texts were sent during the pandemic, with 120,137 texts sent in the months earlier.
The OSL had reused personal data for marketing purposes that was previously obtained from individuals who had contacted it through its website to obtain a quote.
The ICO has the power under PECR to impose a monetary penalty on a data controller of up to £500,000.
Dispute
The ICO had to find out if OSL is acted in compliance with the requirements of regulation 22 of PECR, meaning whether people were given to refuse or opt out of the marketing.
The Commissioner finds that OSL contravened regulation 22 of PECR. 29. The Commissioner finds that the contravention was as follows: Between 18 June 2019 to 18 June 2020 OSL transmitted 174,342 direct marketing SMS without consent, contrary to regulation 22. 30. OSL, as the sender of the direct marketing, is required to ensure that it is acting in compliance with the requirements of regulation 22 of PECR, and to ensure that valid consent to send those messages had been acquired. The ICO Direct Marketing Guidance1 explains that in order to
Holding
The ICO held that OSL is in violation of Regulation 23 of the PECR and issued a fine of £50,000. In addition, GDPR which sit alongside the PECR, state that consent must be freely given, specific and informed and there must be an indication signifying agreement given ‘by a statement or by a clear affirmative action’. The GDPR is clear that consent should not be bundled up as a condition of service unless it is necessary for that service.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the English original. Please refer to the English original for more details.