ICO (UK) - Solarwave Limited EN
ICO (UK) - Solarwave Limited EN | |
---|---|
Authority: | ICO (UK) |
Jurisdiction: | United Kingdom |
Relevant Law: | Article 4(11) GDPR regulation 21 of the Privacy and Electronic Communications Regulations 2003 section 55A Data Protection Act 1998 |
Type: | Investigation |
Outcome: | Violation Found |
Started: | |
Decided: | 04.06.2021 |
Published: | 08.06.2021 |
Fine: | 100000 GBP |
Parties: | - Solarwave Limited |
National Case Number/Name: | Solarwave Limited EN |
European Case Law Identifier: | n/a |
Appeal: | Unknown |
Original Language(s): | English |
Original Source: | ICO's official website (in EN) |
Initial Contributor: | n/a |
The ICO fined Solarwave Limited approximately €116,00 (£100,000) for sending direct marketing communications to individuals who had previously registered with the Telephone Preference Service who had not given their prior consent to receive calls.
English Summary
Facts
The Information Commissioner's Office (ICO) examined the monthly reports received from the Telephone Preference Service Ltd (TPS), which described complaints about Solarwave Limited’s unsolicited marketing calls. Between 2 January 2020 and 2 October 2020, Solarwave Limited made 73,217 unsolicited direct marketing calls, and 30 complaints were submitted in relation to those calls. The calls were made to subscribers who had registered with the TPS and who had not given their prior consent to receive calls.
Dispute
ICO examined whether Solarwave Limited contravened regulation 21 of the Privacy and Electronic Communications Regulations 2003 (PECR), according to which a company can make direct marketing calls to individuals who are registered with the TPS (for not less than 28 days) only if those individuals consented to receiving such calls. Further, ICO examined whether the conditions under section 55A Data Protection Act 1998 (DPA) for the imposition of a monetary penalty are met.
Holding
ICO confirmed that Solarwave Limited contravened regulation 21 of PECR, by making unsolicited direct marketing calls to subscribers who had registered with the TPS at least 28 days prior to receiving the calls, and who had not given their prior consent to Solarwave to receive calls.
ICO also found that the conditions under section 55A DPA for the imposition of a monetary penalty were met.
First, if found that the contravention was serious due to (among other) a substantial number (73,217) of unsolicited calls over a nine-month period, for which Solarwave Limited could not demonstrate that it held valid consent. Valid consent was defined by reference to the concept of consent in the General Data Protection Regulation (GDPR).
Second, ICO found that Solarwave Limited acted negligently. It stated that companies have at their disposal detailed guidelines on carrying out marketing and on consent under the GDPR, which is why Solarwave Limited knew or ought reasonably to have known that there was a risk that this contravention would occur. Also, in line with standard practice of the TPS to notify the company of complaints, Solarwave Limited must have been aware of the contraventions. In addition, ICO found that Solarwave Limited failed to take reasonable steps to prevent the contravention. Relying on the assurance of third-party providers that the data had been screened prior to purchasing, without undertaking proper due diligence, was not considered as acceptable.
Finally, ICO took account some aggravating features of the case, such as the fact that Solarwave Limited was seen to be rude and persistent when making calls and that it continued to make unsolicited calls pending the outcome of ICO’s investigation.
Taking into account all of the above, ICO has decided that a penalty in the sum of £100,000 is reasonable and proportionate.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the English original. Please refer to the English original for more details.