ICO - Monetary Penality Notice on OSL Financial Consultancy: Difference between revisions

From GDPRhub
(Created page with "{{DPAdecisionBOX |Jurisdiction=United Kingdom |DPA-BG-Color=background-color:#023868; |DPAlogo=LogoUK.png |DPA_Abbrevation=ICO |DPA_With_Country=ICO (UK) |Case_Number_Name=M...")
 
mNo edit summary
 
(4 intermediate revisions by the same user not shown)
Line 52: Line 52:
}}
}}


Information Commissioner’s Office (ICO) issued a €50,000 fine against OSL Financial Consultancy Limited  for  illegally sending nuisance marketing texts in breach of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).
Information Commissioner’s Office (ICO) issued a €50,000 fine against OSL Financial Consultancy Limited  for  illegally sending nuisance marketing texts, in breach of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).


== English Summary ==
==English Summary==


=== Facts ===
===Facts===
OSL operates as an independent broker providing mortgages and secured loans. OSL first came to the attention of the Commissioner during the course of an investigation into scams and exploitative marketing surrounding the COVID-19 crisis. The ICO investigation found 54,205 nuisance texts were sent during the pandemic, with 120,137 nuisance texts sent in the months earlier. . That OSL had reused personal data for marketing purposes that was previously obtained from individuals who had contacted it through its website to obtain a quote. Throughout the ICO’s enquiries, OSL relied on the previous consent it said it had obtained from its customers.
The ICO has the power under PECR to impose a monetary penalty on a data controller of up to £500,000.


=== Dispute ===
* OSL operates as an independent broker providing mortgages and secured loans.   
People were not offered the option to opt in or out of marketing, and the ICO concluded that valid consent had not been obtained. This is against electronic marketing law.
* OSL came to the attention of the Commissioner during the course of an investigation into scams and exploitative marketing surrounding the COVID-19 crisis. In total, 54,205 nuisance texts were sent during the pandemic, with 120,137 texts sent in the months earlier.  
The Commissioner finds that OSL contravened regulation 22 of PECR.
* OSL gathered personal data for marketing purposes when individuals contacted them via their website for a quote.  
29. The Commissioner finds that the contravention was as follows:
* '''When individuals entered their data, were they offered the option of either opting in or out of marketing -''' '''Consenting to marketing was a condition in order to obtain a quote.''' 
Between 18 June 2019 to 18 June 2020 OSL transmitted 174,342
direct marketing SMS without consent, contrary to regulation 22.
30. OSL, as the sender of the direct marketing, is required to ensure that it
is acting in compliance with the requirements of regulation 22 of PECR,
and to ensure that valid consent to send those messages had been
acquired. The ICO Direct Marketing Guidance1 explains that in order to


=== Holding ===
===Dispute===
The ICO held that OSL is in violation of Regulation 23 of the PECR and issued a fine of £50,000. In addition, GDPR which sit alongside the PECR, state that consent must be freely given, specific and informed and there must be an indication signifying agreement given ‘by a statement or by a clear affirmative action’. The GDPR is clear that consent should not be bundled up as a condition of service unless it is necessary for that service.  
The ICO had to find out if OSL acted in compliance with the requirements of the PECR - and more specifically -  whether people were given a simple opportunity to refuse or opt
out of the marketing.
<br />


===Holding===
The ICO held that OSL is in violation of Regulation 22 of the PECR and issued a fine of £50,000. '''The OSL had reused personal data for marketing purposes that was previously obtained from individuals who had contacted it through its website to obtain a quote'''. As ICO have found, in order to obtain a quote from OSL’s website, individuals had to complete their details and were not provided with any option to consent to marketing, and so OSL made consenting to marketing a condition to obtaining a quote - '''so valid consent was not obtained from them.''' In relations to that, Commissioner noted that consenting to marketing is not necessary for the provision of a quote and consent should have been sought separately. 


OSL, as the sender of the direct marketing, i'''s required to ensure that it is acting in compliance with the requirements of regulation 22 of PECR, and to ensure that valid consent to send those messages had been acquired.''' 


== Comment ==
In addition, GDPR which sit alongside the PECR, state that consent must be freely given, specific and informed and there must be an indication signifying agreement given ‘by a statement or by a clear affirmative action’.   
 
 
==Comment==
''Share your comments here!''
''Share your comments here!''


== Further Resources ==
==Further Resources==
''Share blogs or news articles here!''
''Share blogs or news articles here!''


== English Machine Translation of the Decision ==
==English Machine Translation of the Decision==
The decision below is a machine translation of the English original. Please refer to the English original for more details.
The decision below is a machine translation of the English original. Please refer to the English original for more details.


Latest revision as of 19:08, 9 December 2020

ICO - Monetary Penality Notice on OSL Financial Consultancy
LogoUK.png
Authority: ICO (UK)
Jurisdiction: United Kingdom
Relevant Law:
Regulation 22, The Privacy and Electronic Communications (EC Directive)
Regulation 23, The Privacy and Electronic Communications (EC Directive)
Section 11(3) of the DPA
Type: Investigation
Outcome: Violation Found
Started:
Decided:
Published:
Fine: 50000 GBP
Parties: OSL Financial Consultancy Limited
National Case Number/Name: Monetary Penality Notice on OSL Financial Consultancy
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): English
Original Source: ICO (in EN)
Initial Contributor: Mariam Tabatadze

Information Commissioner’s Office (ICO) issued a €50,000 fine against OSL Financial Consultancy Limited for illegally sending nuisance marketing texts, in breach of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

English Summary

Facts

  • OSL operates as an independent broker providing mortgages and secured loans.
  • OSL came to the attention of the Commissioner during the course of an investigation into scams and exploitative marketing surrounding the COVID-19 crisis. In total, 54,205 nuisance texts were sent during the pandemic, with 120,137 texts sent in the months earlier.
  • OSL gathered personal data for marketing purposes when individuals contacted them via their website for a quote.
  • When individuals entered their data, were they offered the option of either opting in or out of marketing - Consenting to marketing was a condition in order to obtain a quote.

Dispute

The ICO had to find out if OSL acted in compliance with the requirements of the PECR - and more specifically -  whether people were given a simple opportunity to refuse or opt
out of the marketing.


Holding

The ICO held that OSL is in violation of Regulation 22 of the PECR and issued a fine of £50,000. The OSL had reused personal data for marketing purposes that was previously obtained from individuals who had contacted it through its website to obtain a quote. As ICO have found, in order to obtain a quote from OSL’s website, individuals had to complete their details and were not provided with any option to consent to marketing, and so OSL made consenting to marketing a condition to obtaining a quote - so valid consent was not obtained from them. In relations to that, Commissioner noted that consenting to marketing is not necessary for the provision of a quote and consent should have been sought separately.

OSL, as the sender of the direct marketing, is required to ensure that it is acting in compliance with the requirements of regulation 22 of PECR, and to ensure that valid consent to send those messages had been acquired.

In addition, GDPR which sit alongside the PECR, state that consent must be freely given, specific and informed and there must be an indication signifying agreement given ‘by a statement or by a clear affirmative action’.


Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the English original. Please refer to the English original for more details.
Retrieved from "https://gdprhub.eu/index.php?title=ICO_-_Monetary_Penality_Notice_on_OSL_Financial_Consultancy&oldid=12845"
Creative Commons Attribution-NonCommercial-ShareAlike
Powered by MediaWiki