ICO - Monetary Penality Notice on OSL Financial Consultancy

From GDPRhub
Revision as of 18:09, 9 December 2020 by Marita (talk | contribs) (Created page with "{{DPAdecisionBOX |Jurisdiction=United Kingdom |DPA-BG-Color=background-color:#023868; |DPAlogo=LogoUK.png |DPA_Abbrevation=ICO |DPA_With_Country=ICO (UK) |Case_Number_Name=M...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
ICO - Monetary Penality Notice on OSL Financial Consultancy
LogoUK.png
Authority: ICO (UK)
Jurisdiction: United Kingdom
Relevant Law:
Regulation 22, The Privacy and Electronic Communications (EC Directive)
Regulation 23, The Privacy and Electronic Communications (EC Directive)
Section 11(3) of the DPA
Type: Investigation
Outcome: Violation Found
Started:
Decided:
Published:
Fine: 50000 GBP
Parties: OSL Financial Consultancy Limited
National Case Number/Name: Monetary Penality Notice on OSL Financial Consultancy
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): English
Original Source: ICO (in EN)
Initial Contributor: Mariam Tabatadze

Information Commissioner’s Office (ICO) issued a €50,000 fine against OSL Financial Consultancy Limited for illegally sending nuisance marketing texts in breach of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

English Summary

Facts

OSL operates as an independent broker providing mortgages and secured loans. OSL first came to the attention of the Commissioner during the course of an investigation into scams and exploitative marketing surrounding the COVID-19 crisis. The ICO investigation found 54,205 nuisance texts were sent during the pandemic, with 120,137 nuisance texts sent in the months earlier. . That OSL had reused personal data for marketing purposes that was previously obtained from individuals who had contacted it through its website to obtain a quote. Throughout the ICO’s enquiries, OSL relied on the previous consent it said it had obtained from its customers. The ICO has the power under PECR to impose a monetary penalty on a data controller of up to £500,000.

Dispute

People were not offered the option to opt in or out of marketing, and the ICO concluded that valid consent had not been obtained. This is against electronic marketing law.

The Commissioner finds that OSL contravened regulation 22 of PECR. 29. The Commissioner finds that the contravention was as follows: Between 18 June 2019 to 18 June 2020 OSL transmitted 174,342 direct marketing SMS without consent, contrary to regulation 22. 30. OSL, as the sender of the direct marketing, is required to ensure that it is acting in compliance with the requirements of regulation 22 of PECR, and to ensure that valid consent to send those messages had been acquired. The ICO Direct Marketing Guidance1 explains that in order to

Holding

The ICO held that OSL is in violation of Regulation 23 of the PECR and issued a fine of £50,000. In addition, GDPR which sit alongside the PECR, state that consent must be freely given, specific and informed and there must be an indication signifying agreement given ‘by a statement or by a clear affirmative action’. The GDPR is clear that consent should not be bundled up as a condition of service unless it is necessary for that service.


Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the English original. Please refer to the English original for more details.