Difference between revisions of "ICO - Monetary penalty to CRDNN"

From GDPRhub
Line 112: Line 112:
 
|EU_Law_Name_20=
 
|EU_Law_Name_20=
 
|EU_Law_Link_20=
 
|EU_Law_Link_20=
 
 
|National_Law_Name_1=Section 40 Data Protection Act 1998
 
|National_Law_Name_1=Section 40 Data Protection Act 1998
 
|National_Law_Link_1=https://uk.practicallaw.thomsonreuters.com/PLCCoreDocument/ViewDocument.html?comp=pluk&DocumentGuid=I9062f7c74e5c11e498db8b09b4f043e0&ViewType=FullText&HasDraftingNotes=False&ResearchReportViewMode=False&SessionScopeIsValid=True&IsCourtWireDocument=False&IsSuperPrivateDocument=False&IsPrivateDocument=False&ClientMatter=Cobalt.Website.Platform.Web.UserData.ClientMatter&AuthenticationStrength=0&IsMedLitStubDocument=False&IsOutOfPlanDocumentViewClicked=False&TransitionType=Default&ContextData=%28sc.Default%29&BillingContextData=%28sc.Default%29
 
|National_Law_Link_1=https://uk.practicallaw.thomsonreuters.com/PLCCoreDocument/ViewDocument.html?comp=pluk&DocumentGuid=I9062f7c74e5c11e498db8b09b4f043e0&ViewType=FullText&HasDraftingNotes=False&ResearchReportViewMode=False&SessionScopeIsValid=True&IsCourtWireDocument=False&IsSuperPrivateDocument=False&IsPrivateDocument=False&ClientMatter=Cobalt.Website.Platform.Web.UserData.ClientMatter&AuthenticationStrength=0&IsMedLitStubDocument=False&IsOutOfPlanDocumentViewClicked=False&TransitionType=Default&ContextData=%28sc.Default%29&BillingContextData=%28sc.Default%29
 +
 
|National_Law_Name_2=Regulations 19 and 24 Privacy and Electronic Communication Regulations 2003
 
|National_Law_Name_2=Regulations 19 and 24 Privacy and Electronic Communication Regulations 2003
 
|National_Law_Link_2=http://www.legislation.gov.uk/uksi/2003/2426/contents/made
 
|National_Law_Link_2=http://www.legislation.gov.uk/uksi/2003/2426/contents/made

Revision as of 14:57, 3 March 2020

ICO - Enforcement notice to CRDNN
LogoUK.png
Authority: ICO (UK)
Jurisdiction: United Kingdom
Relevant Law:
Section 40 Data Protection Act 1998
Regulations 19 and 24 Privacy and Electronic Communication Regulations 2003
Type: Investigation
Outcome: Violation found
Decided: 26. 2. 2020
Published: 2. 3. 2020
Fine: 500,000 £
Parties: n/a
National Case Number/Name: Enforcement notice to CRDNN
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): English
Original Source: ICO (in EN)
Initial Contributor: {{{Initial_Contributor}}}

Scottish company was fined £500,000 for making more than 193 million automated nuisance calls. The ICO found that people who received the calls had not given their consent, had not been provided with a valid opt-out option and couldn't identify who was making the calls. This way the company violated Section 40 of the Data Protection Act 1998 and Regulations 19 and 24 of Privacy and Electronic Communication Regulations 2003.

English Summary

Facts

CRDNN was raided by the ICO which after investigation found that the company had instigated 193.606.544 attempted automated calls for the purpose of direct marketing, of which 63.615.075 were connected. CRDNN came to the attention of the ICO when more than 3.000 complaints were made about the nuisance calls.

Dispute

Holding

The ICO found that there was no consent for these calls and in fact many of the complainants had sought to opt-out but CRDNN had not facilitated that. Thus, there was violation of regulation 19 PECR.

The ICO also found that the calls were carried out from spoofed CLIs while during the calls no company information or contact details were provided. In result, people who received the calls could not identify who was making them. Thus, there was violation of regulation 24 PECR.

Comment

Feel free to add your comment here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

Not applicable. Please see the English original.