Tag: Appeal

Experian to appeal ICO’s decision regarding handling of personal data

29. October 2020

On October 27th, 2020 the Information Commissioner’s Office (ICO) issued an enforcement notice against the credit reference agency Experian Limited, ordering it to make fundamental changes to how it handles personal data related to its direct marketing services in the United Kingdom.

An ICO investigation found that at the three largest credit reference agencies (CRAs) in the UK significant ‘invisible’ processing took place, likely affecting millions of adults in the UK. Experian, Equifax and TransUnion, were ‘trading, enriching and enhancing’ people’s personal data without their knowledge to provide direct marketing services. The data was used by commercial organisations, political parties for political campaigning, or charities for their fundraising campaigns. Some of the CRAs were also using profiling to generate new or previously unknown information about people.

While Equifax and TransUnion made adequate improvements to their marketing practices, the ICO found Experian’s efforts to be insufficient and the processing of personal data to remain non-compliant with the data protection law. As a result, Experian has been given an enforcement notice compelling it to make changes within nine months or it will face financial penalties under the GDPR.

Experian is going to appeal the decision by the ICO regarding the notice over data protection failures. In a statement, the Chief Executive Officer Brian Cassin said:

We disagree with the ICO’s decision today and we intend to appeal. At heart this is about the interpretation of GDPR and we believe the ICO’s view goes beyond the legal requirements. This interpretation also risks damaging the services that help consumers, thousands of small businesses and charities, particularly as they try to recover from the COVID-19 crisis.

We share the ICO’s goals on the need to provide transparency, maintain privacy and ensure consumers are in control of their data. The Experian Consumer Information Portal makes it very easy for consumers to fully understand the ways we work with data and to opt out of having their data processed if they wish.

 

 

Category: General Data Protection Regulation · Personal Data · UK
Tags: , , , , , , ,

Austrian Regional Court grants an Austrian man 800€ in GDPR compensation

20. December 2019

The Austrian Regional Court, Landesgericht Feldkirch, has ruled that the major Austrian postal service Österreichische Post (ÖPAG) has to pay an Austrian man 800 Euros in compensation because of violating the GDPR (LG Feldkirch, Beschl. v. 07.08.2019 – Az.: 57 Cg 30/19b – 15). It is one of the first rulings in Europe in which a civil court granted a data subject compensation based on a GDPR violation. Parallel to this court ruling, ÖPAG is facing an 18 Mio Euro fine from the Austrian Data Protection Authorities.

Based on people’s statements in anonymised surveys, ÖPAG had created marketing groups and used algorithms to calculate the probability of the political affinities that people with certain socioeconomic and regional backgrounds might have. ÖPAG then ascribed customers to these marketing groups and thus also stored data about their calculated political affinities. Among these customers was the plaintiff of this case.

The court ruled that this combination is “personal data revealing political opinions” according to Art. 9 GDPR. Since ÖPAG neither obtained the plaintiff’s consent to process his sensitive data on political opinions nor informed him about the processing itself, ÖPAG violated the plaintiff’s individual rights.

While the plaintiff demanded 2.500 Euros in compensation from ÖPAG, the court granted the plaintiff only a non-material damage compensation of 800 Euros after weighing up the circumstances of the individual case.

The case was appealed and will be tried at the Higher Regional Court Innsbruck.

Category: EU · European Data Protection · GDPR · General · Personal Data
Tags: , , , , , , ,