ICO - Monetary Penality Notice on OSL Financial Consultancy

From GDPRhub
ICO - Monetary Penality Notice on OSL Financial Consultancy
LogoUK.png
Authority: ICO (UK)
Jurisdiction: United Kingdom
Relevant Law:
Regulation 22, The Privacy and Electronic Communications (EC Directive)
Regulation 23, The Privacy and Electronic Communications (EC Directive)
Section 11(3) of the DPA
Type: Investigation
Outcome: Violation Found
Decided:
Published:
Fine: 50000 GBP
Parties: OSL Financial Consultancy Limited
National Case Number/Name: Monetary Penality Notice on OSL Financial Consultancy
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): English
Original Source: ICO (in EN)
Initial Contributor: Mariam Tabatadze

Information Commissioner’s Office (ICO) issued a €50,000 fine against OSL Financial Consultancy Limited for illegally sending nuisance marketing texts, in breach of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

English Summary[edit | edit source]

Facts[edit | edit source]

  • OSL operates as an independent broker providing mortgages and secured loans.
  • OSL came to the attention of the Commissioner during the course of an investigation into scams and exploitative marketing surrounding the COVID-19 crisis. In total, 54,205 nuisance texts were sent during the pandemic, with 120,137 texts sent in the months earlier.
  • OSL gathered personal data for marketing purposes when individuals contacted them via their website for a quote.
  • When individuals entered their data, were they offered the option of either opting in or out of marketing - Consenting to marketing was a condition in order to obtain a quote.

Dispute[edit | edit source]

The ICO had to find out if OSL acted in compliance with the requirements of the PECR - and more specifically -  whether people were given a simple opportunity to refuse or opt
out of the marketing.


Holding[edit | edit source]

The ICO held that OSL is in violation of Regulation 22 of the PECR and issued a fine of £50,000. The OSL had reused personal data for marketing purposes that was previously obtained from individuals who had contacted it through its website to obtain a quote. As ICO have found, in order to obtain a quote from OSL’s website, individuals had to complete their details and were not provided with any option to consent to marketing, and so OSL made consenting to marketing a condition to obtaining a quote - so valid consent was not obtained from them. In relations to that, Commissioner noted that consenting to marketing is not necessary for the provision of a quote and consent should have been sought separately.

OSL, as the sender of the direct marketing, is required to ensure that it is acting in compliance with the requirements of regulation 22 of PECR, and to ensure that valid consent to send those messages had been acquired.

In addition, GDPR which sit alongside the PECR, state that consent must be freely given, specific and informed and there must be an indication signifying agreement given ‘by a statement or by a clear affirmative action’.


Comment[edit | edit source]

Share your comments here!

Further Resources[edit | edit source]

Share blogs or news articles here!

English Machine Translation of the Decision[edit | edit source]

The decision below is a machine translation of the English original. Please refer to the English original for more details.